Not completely related to personal accounts being banned, but something that happened to me recently:
I started a side business with some friends during lockdown. We created an online store selling some hard-to-get long tail items, and almost instantly got some traction and growth thanks to Google Shopping. A month ago we received one of these generic automated mails that our account is banned and we were misrepresenting ourselves or a product with no details on what we did wrong. We went through the T&C's in some detail and we think we did everything they asked, and we have no idea what we didn't do well enough. We also checked in with every single client and we had near perfect scores on trust pilot, I can't recall a single incident with a client.
We've been contacting Google almost daily but almost never been able to find a human to talk to. Through unofficial channels we've found a few people in Goolge but whenever they gave us any advice on what to do it's always "off the record" or "you didn't hear it from me". Something is very rotten.
There are always replies on here about not betting your entire business on Google. Google shopping gives 2 orders of mag better conversion than any other channel we tried. For search-to-buy there really just aren't any alternatives and if Google decides to lock you out your business is basically dead. Lucky for us it was a side hustle. Here in Africa e-bay and Amazon aren't options.
More scary, since then we've found TONS of businesses in our country who have suffered the same fate in the last month, and many are well-established, popular businesses now facing existential threat.
It's incredibly scary that Google's moderation bots can be a single point of failure for a business employing 20+ people.
I had a great blog that started getting me over $2000 per month from Google Ads (several million views), then suddenly after 3 months it dropped to $300 with the same amount of views and never gone up. No matter how much promo I did I would never get past $300. It seems like Google somehow put restriction on my account without any explanation. Eventually my blog died (also because Facebook capped organic reach of my posts after I stopped buying ads. I had tens of thousands of followers but content they shared would never reach their friends after I was no longer a paying customer. Pretty shady stuff).
I decided to not contact neither Google nor Facebook about this, because I was worried they will ban me and I needed access to GMail and Facebook (to talk with family).
I really hope these companies get properly investigated, because they have unregulated power of altering the markets to their favour. This power should only be reserved to governments and if Google or Facebook are so big, they need to be divided and their business space heavily regulated.
My parents have a business selling low-carb cookbooks online. They used to do very well because of the organic reach they had on Facebook (they have 1 million likes on their page). Posts would routinely have reach in the millions. One day Facebook changed their algorithm and their reach (and revenue) dropped over 10x. They've been limping along since then, and are planning to retire. It's tough having a single point of failure like that.
Facebook's moderation rules have determined that Keto and Low Carb aren't scientifically supported, so now tend to suppress resources that proliferate those views.
I emphatically don't agree with this, but this seems to be the line of reasoning with a lot of things. The reality that much of science is never truly "settled" doesn't really matter.
On the one hand, I feel there are a lot of leeches to society that hop on trends to pull money from unsuspecting victims and under-delivering. On the other, I am very much opposed to corporations that half the population uses daily acting as broad censors of information.
What also probably happened is that Facebook changed their algorithm to reduce organic growth to push businesses like this to spend more on ad money. They've been doing this for a few years now, and have been aggressively doing the same on Instagram.
Love or hate TikTok, the reason it's become so big is that their algorithm actually promotes organic growth instead of hindering it.
That is also entirely possible... I have seen some specific statements regarding my assertion. It's entirely possible to be either, both or a mix.
In any case, I'm using FB and Twitter far less these days than even a couple years ago. I happen to like debate, and discussion of competing ideas. Now it's all ad hominem attacks and vitriol. While I do sometimes engage, I simply don't enjoy it and don't fit well into the echo chambers.
I can't stand the censoring by tech giants. It's applied unequally, there is no recourse, and it merely serves to enforce the orthodoxy and drive dissent underground. Honestly it's like the church in the middle ages. What a dystopian moment we're living through when monopoly corporations wield that power in society.
Facebook specifically can go to hell. They're making money by selling people's precious time to advertisers at pennies on the dollar. Jewel thieves pawning stolen goods at 10% of their value is less wasteful to society as a whole. I know they don't force anyone to use their services, but neither do the tobacco companies. They just get people addicted to their product. Just because it's legal doesn't make it ethical.
I used to work on adsense. There is no facility for an "earnings cap". Your revenue is the literal sum of earnings from every click on your property. While ads are showing and being clicked on, you will always be earning more.
If I were to guess, you failed to implement ads.txt and/or your content didn't meet the standards required by some big advertisers, so auction pressure was very low for your site.
So you're saying he was smart enough to grow this revenue to 2000/month, but, in the meantime forgetting something that basic - and the system caught up with him? If so where was the system before?
There have been big swings in advertiser behaviour in the last few years. One big advertiser changes their policy to "no longer include sites about LGBT issues", and suddenly a blog about that could see revenue drop 90%.
> In the past, the advertiser would likely to tell that to the people selling ad space.
Prior to ad networks that automatically match advertisers to display space, yes.
The thing is, though, prior to ad networks, there were a lot fewer advertisers who were interested in spending time and money on doing this song and dance with a slew of tiny web properties. Most of them wouldn't even bother.
You can have no ad networks, or you can have a long tail of low-prominence websites earn ad revenue. Pick one.
1. Low prominence newspapers made most of their money from classifieds. Craigslist ate that business.
2. A low prominence local newspaper has local businesses advertising in it. Your local auto mechanic on Walker Street will buy an ad in a local paper, but they aren't going to spend a penny to advertise directly on your website, even if it has the same readership #s as the paper. Because 99.9% of your website's visitors aren't within driving distance of their location.
The ad network [1] solves problem #2, by making it possible for geographically-constrained businesses to buy ad inventory on websites that only get a handful of clicks from their geographical area.
Yes, ad networks introduce plenty of problems, as people in this thread point out. [2]
No, nobody will advertise on your 1,000-50,000 reader/day website without going through an ad network. Small advertisers aren't going to pay anything for an untargeted impression, and large brand advertisers aren't going to waste their time [3] on so few impressions.
[1] I am speaking about the industry as a whole.
[2] I could mention a few other problems that people in this thread haven't pointed out, too, but that's neither here nor there.
[3] Not to mention that without going through an ad network, and by directly dealing with the website operators, making reports of your ad spend + ROI becomes a colossal pain in the ass. People who work for large advertisers are just trying to do their job, and their job consists of making their boss happy. Something that does not make their boss happy is being unable to quickly say how much money they spent, and what they got for that spend.
Should it also be a requirement for the government to posts what preferences you look for in a partner on dating websites, what gender you prefer when searching for doctors, what race you prefer when looking for cleaning or child care assistance?
I think it is more ghastly and inhumane to think that companies that choose not to market to those they disagree with are somehow doing them a disservice by not marketing to them. They are doing them a favor. It would be completely different if they were saying they couldn't shop there, just like if you intentionally look for women doctor's to tell them that you think they are inferior or if you look for dark skinned people on dating websites to tell them you don't like their race. I personally see no positive effects from advertising whatsoever, and am better off if a company thinks I'm too old or whatever to sell their product to.
While I agree, it's also possible that certain ideologies don't actually lead to revenue from advertising in practice. If I'm selling a line of Jewish labelled clothing, then it doesn't do me much good to include pro-Islam sites in advertising. And although the above is a rather specific strawman, there are many other areas of advertising, companies and products that don't have broad appeal in a given category.
As a potentially better example, if a higher than typical number of LGBTQIIAA+ are likely to be vetegarian/vegan, then excluding them from meat based product advertising might be better use of dollars spent.
Just because an advertiser doesn't want to advertise among contentious groups doesn't mean they are being bigoted about their targeting, it likely comes down to not being worth it due to limited response from those markets.
No, he was smart enough to do whatever he did but lucky enough to get that payout. Over time, someone will always optimize for SEO, AdSense & shareability better.
Perhaps their entire strategy was accidentally optimizing for a keyword that was highly valuable for a short while, who knows?
For a short while YouTubers would mention getting a mortgage in the middle of their video just to improve the rate by tricking the algorithm into showing expensive mortgage related ads.
I've had similar issues with AdSense. Running a site for 10 years, and it was earning $250/day for years, then suddenly it dropped. For a while I had the same traffic and instead of 500 clicks a day Google would say I had 3 or 4 clicks. I contacted them, waited a month, and they said to label them "Advertisements" so users are not confused.
Well, my site is mostly text based and I have at least 50px of space around any advertisement, so they stick out like a sore thumb and are not confusing. Eventually the daily clicks returned, but then in the last year Google started taking back 80% of my revenue at the end of the month saying it's "Invalid Traffic". This is after years of it being around 5%. I've made no changes to the site, all the traffic is organic from Google search or direct visitors. I've never once in my life paid for traffic.
I contacted Google again, but they refused to give any information because they can't share specifics for security reasons. So, I'm left losing 80% of my revenue this year and instead of making about 50k after my bills, I'll break even or make a loss.
Since then I tried switching to another company that's an AdSense partner. Of course they take a commission, but apparently they can actually show me the daily earnings with "Invalid Traffic" removed, and not give me a monthly heart attack and remove all my revenue as a surprise at once.
So, I can see how little I'm making on a daily basis now, but I'm no closer to resolving the issue because Google refuses to give any answers, so I'm completely on my own and taking shots in the dark.
The other week I tried building a database of 800 million IP addresses using lists of all IP addresses from datacenters, VPNs, proxies, TOR exit nodes, and IPs flagged as abusive. This obviously took some time to setup and I stopped showing ads to these IPs because maybe they're bad sources of traffic? That didn't seem to help.
Then I tried setting up some Javascript to not load ads until the mouse moved or a user scrolled. Maybe that would help to prevent any traffic where a user is not at the computer? Nope, didn't work.
So, I'm out of ideas. Yes, I have ads.txt configured. Yes, I have a consent manager configured.
> Your revenue is the literal sum of earnings from every click on your property. While ads are showing and being clicked on, you will always be earning more.
What you said sounds simple. However, like I said, Google can randomly drop my clicks from a consistent 500 a day to 3 and give no answers. Or, they can tell me I'm earning $250/day and then when it comes time to pay a month later, they say they can only pay $50/day and the traffic didn't meet their standards. That's a big problem when they just spent the entire month outbidding all my other advertisers.
Lastly, the site I run is filled with great people. It's a community based website with tens of millions of comments. Users on average spend 10 minutes per session, the bounce rate is incredibly low, the average user loads 30 pages a day. People like it, it's full of quality content and posts, and users are writing new comments every few seconds.
> The other week I tried building a database of 800 million IP addresses using lists of all IP addresses from datacenters, VPNs, proxies, TOR exit nodes, and IPs flagged as abusive.
This isn't going to work well... Both Google and many advertisers will send bots to your site to scan the content. If they see javascript shenanigans going on affecting ad presentation, they'll do something between not advertising (reducing revenue) or permabanning you...
"Invalid Traffic" is nearly always some dirty business going on - either by you, or by one of your users, or a competitor, or even someone totally random hoping to blend their fraud in with some legit sites like yours.
If I were you, I'd hunt your logs for botlike behaviour and close any associated user accounts.
But maybe you don't have to be logged in to see ads? If so, then maybe changing that feature could help. Or at least show a majority to only logged-in folks.
Did you have access to the entire source code and understanding of all services running the system? Capping could have been done by a service created by a team you wouldn't have access to and without knowledge something like that even exist (and rightfully so, as it would take one whistleblower to harm the business). So I am not surprised you would write that there was no such facility.
> Did you have access to the entire source code and understanding of all services running the system?
Near enough, yes. Sure, there are millions of lines of code, and I did not read every one, but I debugged enough issues that I'm sure I would have come across this capping effect if it existed and affected more than some dormant/test accounts.
It's possible to implement something like this and you wouldn't be able to find out, as a service sitting between the network and ad servers, it could even be embedded in an innocent looking load balancer.
Why would you think something like that wouldn't exist?
They could use that to suppress funding to websites that are not in line with Google world views and boost funding to websites aligning with their views. They could also use this to help website competitors who pay for ad words. My traffic also got down once I stopped paying for ad words, but the increase of traffic I was getting from ads, was nowhere near the size of the drop after I stopped using it. Then they capped the ad sense.
I get the sense that this was related to the content of OP's blog. The fact that he was concerned that he would get blocked from gmail and facebook sounds like a level of paranoia, from my perspective, related to the content of the site that's why they didn't push farther. I do see how if you were naturally a paranoid individually you might be concerned about losing those connections, though seems high unlikely they would cut access unless you were putting up shady content.
That seems like a bad faith assumption without more evidence. If your gmail is your main way of interacting with the web then any user is going to be a bit paranoid about protecting it even when doing nothing bad or wrong.
Likewise just having content Google deems unacceptable doesn't mean you aren't owed an explanation of the policy. "Hey, sorry, we've decided that blogs on breast feeding violate our policies on content and we won't be allowing you to run ads" is certainly better than silence.
Maybe it is a bad faith assumption on my part and I don't disagree with you that silence on the end of Google isn't right and I am in no way a large tech company booster.
That said, my point is that there is likely something specific to the OP blog that is the reason for Google turning off the ad dollars rather than the counter argument: some arbitrary nefarious business decision by a large corporation to the shut down the owner's blog revenue source to the point that OP is concerned that they will be removed from the platform as a result.
I get the sense that the content is missing part to the story.
I once created a location-based file sharing web app [0] to simplify sharing non-sensitive content with people nearby, e.g. sharing slides for a public presentation with a room full of people. Anyone nearby just had to go to http://quack.space -- no funny long URLs.
I never monetized it, but it got quite a few users and I definitely could have started a path to monetization. I had ideas, such as incorporating location-based ads.
Unfortunately Chrome decided at one point it was malware for some reason. I have no idea why. On the backend I had a 1-hour time limit on files and didn't store either files or location data beyond that. Chrome would throw up a malware warning whenever someone visited the page, and that was pretty much the end of the project.
It's frustrating that they play gatekeepers to the internet, and they don't even have a fair arbitration process. They should have at least made efforts to contact the owner of the website. This should be downright illegal.
How is blocking an application because of the actions of one user “legit”?
If their spider were treating sites fairly, it’d also block google search, and the chrome team wouldn’t budge on the decision even though the rest of the company collapsed.
I hope the anti trust investigators focus on these sorts of instead of some trivially-bypassed thing, like bundling.
After the botched MS antitrust suit, I’m not holding my breath.
Interesting. I blocked executable file types I knew of though. It's possible someone uploaded a MS Office file with a virus, a HTML file with a phishing scam or some such, though.
Still, I don't think it's right for Google to use their iron feet to stomp an entire website / product / small business / personal project just because of a small fraction of users abusing that service.
ALL services get abused at some point or another during their growth. Learning to deal with those abuses one at a time is a part of the growth of any product and nobody can be expected to have prevented all forms of abuse upfront. If the owners (e.g. me) were made aware of the specific piece of malware I would have definitely done something about it.
Exactly. The service was used to distribute malware and it got blocked by google and co.
There was a similar story last month about someone running a URL shortener. It started being used to obfuscate links to porn and scams. Then it got blocked by twitter/facebook and that's the end of the road for the service.
This, I think, is one of the most important things legislators need to look at going forward as they dig into the practices of companies like Google, Amazon, Facebook, etc.
The massive paradigm shift that occurred once these companies grabbed prominence in commerce is to go from a system where humans interacted with humans in business-to-business commerce to solve problems to a cold, hard, heartless and decidedly dangerous totalitarian algo-driven relationship.
In "the old days", if a publisher had a problem with an ad from advertiser they would contact them to discuss, let them know what the issue might have been and seek resolution for mutual benefit. I other words, adults doing business with adults.
Not so with these companies. They are brutal and cold and have no problem destroying any business at any time for any reason. I have seen this happen to acquaintances enough times on these platforms to be absolutely astounded that we haven't yet seen the mother of all class-action lawsuits. And it would be a big one.
I know people who have gone from having nice lifestyle businesses to loosing virtually all due to one of these platforms suspending their account with no explanation, no conversation and no recourse whatsoever. One day you are putting food on your table and taking care of your kids and the next Monday at 7:00 AM you are on your way to losing it all.
I've said this many times, I am definitely not for the government having their hands on everything. No way. However, this, to me, has become a situation where government needs to become involved ASAP. It isn't getting any better. We need legislators to exercise judicious control over some of these practices. These company have such command of the marketplace that if they suspend or ban someone they might as well not exist. That kind of power should not be allowed to be wielded as capriciously as these companies seem to have been doing for years.
I do understand that fraud and other issue are a reality of these businesses. Well, they need to figure out how to deal with that while, at the same time, being human and human in their treatment of those who depend on the access they provide for legitimate work.
Taking the meta-view: the cynical take is that you only care because you and people you know are in the crosshairs. If you feel that there's a role for government here, perhaps you should be more considerate of a role for government in areas you'd previously thought it unwarranted; clearly, it's impossible for any one person to have personal experience for all the ways people can be screwed over, and for which the only real recourse is intervention by the public-at-large (i.e., the government, at least in a representative democracy).
There's always a bigger fish, you just met yours. I'm all for serious reform (and even dissolution) at Google et al., but I also don't think everything will be hunky-dory just because America's entrepreurial upper middle class gets their satisfaction. While we're swinging the antitrust hammer, might want to take a look at retail and gig "employers" too.
I am not personally impacted, I just know of people who are.
Government isn’t the solution to every problem. Caring or not caring is irrelevant. Reaching for a government-level solution isn’t a good thing, just have a look at nations where government plays a much larger role.
The issue is that so many of the people who say "government isn't the solution to every problem," really mean, "government isn't the solution to any problems except the ones I personally can't buy myself out of." At some point we have to realize that issues that are substantially widespread or entrenched and mature/understood should probably be nationalized at their core, with the opportunity for innovation left to the margins. Trying to extract profit from healthcare or infrastructure in particular seems quite cynical and prone to unfortunate consequences in the name of chasing lower costs.
Sweden is far from a government-controlled society.
The problem with people in the US who have convinced themselves that more government is a good thing is simple: Ignorance.
I mean that as a statement of fact, not a pejorative.
Nobody who has ever lived under heavy government control supports these ideas. The only way they gain support is by pushing the fantasy of big government vs. the reality.
Context: I have lived under those conditions. The average American has no clue.
I wonder how vulnerable Google's practices are to corruption. Say you've got your new business on the up swing and one of your competitors has a friend at Google who they offer a bribe to shut down your entire business, at least for a few weeks under dubious or non existent reasons.
Seems like an extremely easy way to make copious amounts of shady cash if you've got that magic ban button at Google.
I'd imagine the average googler isn't going to be easily bribed compared to the alternative of finding some darknet service to figure out how to trigger an automatic ban by uploading malware to the site.
I don't think this is quite fair. I'm from South Africa, hardly a backwater. It's a problem anywhere where people mostly search to buy on Google. In the western world it is anywhere Amazon has local 3rd party sellers and relevant adopted user behaviour. Many places don't have that to the point where it's a real alternative to Google for search-to-buy(I don't know the real term to describe this behaviour) ads.
On youtube at least, competitors can flag videos as ‘ungood’ in a number of ways (copyright, hate speech, NSFW, etc.) to entangle their competitors in bureaucracy.
Not just YouTube. One of my competitors spent thousands of dollars on AdWords to send traffic to my site with an ad for something completely unrelated.
This of course led to bounce rates of 99%+ for all of this traffic, which dramatically increased my bounce rate overall.
As far as I can tell, Google used this as a signal that my site was a shady/scam site and removed me from the search pages I used to rank on entirely.
Took nearly 6 months to figure out the problem, and where all this phantom AdWords traffic was coming from.
A good business will ALWAYS try to diversify their acquisition channels. I've analyzed/interviewed 400+ founders and what channels they use to get to (paying) customers [1] and this is a pattern I've noticed across successful founders.
Google Shopping is just 1 channel through which you could get customers. Since you're in Africa, my guess is that SEO is WAY easier than US/Canada, so that's a viable channel. Lack of ebay/amazons in Africa is an opportunity, because you don't have them dominating the top 10 SERPs. I could go on and on and on...
Yes, we're doing all obvious advertising channels, and have some cash to put behind it. Dominating SERPS with very little effort since we're doing long tail. Our particular long tail means people are searching for very particular terms and buying the single item they are looking for, with this behaviour the business seems very viable(and exciting) by the growth google shopping gives. All other channels combined are very slow in comparison. We're continuing trying to optimise those in the meantime. But we've learnt the newish(around here, at least) advantage Google shopping (and amazon search, probably) gives in insane compared to the typical alternatives.
This is genuinely scary. Photos, Yale locks, Fi, WiFi and Nest thermostat can all be poof gone because I made a silly YouTube comment? How is this not regulated?
Google photos also 'helpfully' offers to delete your uploaded photos with 'some guarantee'!!!
If this isn't an indication of a giant shitty monopoly that doesn't care about its customers at all, I don't what is.
They have some AI ML fucking crap but can't figure basic user trust because that won't get anyone promoted nor grow some Director-level person's headcount.
Large promo-manufacturing teams that casually handle all your data. Pray to God that some L4 didn't get promoted doing some impactful work because they sure ain't gonna do maintenance work protecting your shit. Their motivations are not users, product nor team: manipulate some metrics to get promoted and move out. Horrible.
I got gmail accounts for my kids after they were born. My youngest, 12, attempted to sign in from a Windows PC in our house and was told that they could not verify that it was her.
Keep in mind, this is the same public IP address that we've had for ages. I am the recovery contact for the account since she is a minor, and have filled out the forms several times now, even giving the exact date and the "verification code" from when the account was created. We are now stuck in an endless loop.
She can still access her account from a macbook and from a linux desktop, but I fear once she is signed out that she will be locked out forever.
All of my important stuff (finance, etc) is in protonmail now, and I'm happy that I made that move.
The only thing worse than hanging your identity on @gmail.com is @comcast and the like.
If you can, your own domain backed by a fastmail or a proton is the sweet spot of easy and flexible, or at least an @fastmail, @proton or similar. With payment comes the possibility of human support, which I have received easily from fastmail.
I have my email going to my own domain, but can’t figure out how to ground it out in anything other than someone else’s tld.
So, now I’m in a situation where, if my gmail account gets banned, and the DNS provider decides to reset my password, then I’m permanently locked out of everything. I could point my DNS provider at my “real” email address, but that’s even worse, since needing to update the MX record could lock me out.
Does anyone have any creative solutions to this problem?
I would probably recommend two things: 1. Move away from Gmail as soon as possible, to a service like Fastmail or Proton Mail; 2. Have an email from that provider as the “last resort”, i.e. hedora@fastmail.com, while using your domain name based emails for most other things.
This doesn’t solve the “everything is in one basket” issue, but you don’t hear stories of these email providers just “closing” an account and causing immense trouble for the person, at least in part because they have actual support.
> I have my email going to my own domain, but can’t figure out how to ground it out in anything other than someone else’s tld.
What do you mean "ground it out"?
As a consumer, I suspect hosting a "holding" domain, and possibly email, with AWS Route53 DNS might be a sensible approach that wouldn't break the bank. AWS has policies on account and password recovery that even include a notarised affidavit.
It might help to further separate your AWS account from the Amazon account you use to shop with, since there's a chance Amazon might be trigger-happy with banning if you violate one of their shopping policies with too many returns.
> As a consumer, I suspect hosting a "holding" domain, and possibly email, with AWS Route53 DNS might be a sensible approach that wouldn't break the bank.
This is what I do.
Totally isolated AWS account that owns `my-account-recovery.com` in my country-code TLD (because I have legal rights and strong and easy access to appeals processes with that, so unlikely the domain could be wrestled from me and likely I could eventually regain ownership if lost).
I use Amazon SES for incoming email to simply drop all incoming messages as objects in a S3 bucket.
I have SNS notifications going out to my regular operational email whenever a new message comes in with the metadata (sender, subject, etc but not the body as that could contain actual reset/account recovery links) so I can keep an eye on what's coming in.
Haven't looked at my bills lately, but including domain renewal and stuff this is maybe $100/yr to establish this as a root of trust/access. Even if other accounts are breached/suspended/etc, I will still have access to this account and can recover my way down from there.
I'm putting all my eggs into the AWS basket here, but I've had a good experience with them in the past and I really can't find any examples of people being locked out of their accounts in the same way I can with Google. And I know from experience that it's not impossible to get in contact with a real live person when it's required to resolve an issue.
Shouldn't you still be able to prove your identity to your DNS provider through your name, address, birth date, security questions, past correspondence, bank statements etc.?
Without going to the step of moving photos, mail, contacts, etc. off of Google services. Are there automated tools available to periodically export that data?
You can use the "download your data" feature of Google to download a copy. However you have to manually trigger the export. Also no incremental download so it can be a lot of data being transferred.
Unfortunately, you still need to manually download the data each time. There's no way to automate this. There's also no way I know of to directly upload a takeout zip to another service and continue. There's also a (generally long enough, except when you forget) time limit on downloads, as well as a download limit (have a crappy internet connection, and lost access to a file? Start a new takeout, wait for it to be available, and try again)
If takeouts could be configured to download automatically through Google drive, that would be amazing.
I love protonmail! I made the switch a couple years back and haven't looked back, with one exception- my city's utilities company blacklists protonmail, so in the handful of times I've emailed them (specifically there were three times they've shut off my water because someone with a very similar looking address didn't pay their bill) with proof of something-or-other, it supposedly doesn't make it to their communal or "personal" inboxes. This is the only time I've had this kind of problem though- protonmail has served me well.
If they’re incorrectly shutting off your water, read up on your legal rights, and then send a polite letter to their legal department and the local utility regulatory board.
Public utilities are highly regulated, and do not have the right to interrupt your service.
> with one exception- my city's utilities company blacklists protonmail
Why do they do this? Did you contact them about it? I would say it seems, at face value, that your city's utilities company did not serve you while Protonmail did.
> that your city's utilities company did not serve you while Protonmail did.
That's fair- that's a better way of saying it. Every time I've had to email them (which admittedly has only been a handful of times) with proof of something, I always end up calling them up and they'll say "but protonmail isn't on the blacklist that IT posted, so you're lying or you sent it to the wrong place," then I'll send screenshots from a different email provider proving that I sent the protonmail email(s) to the right place, then they'll say "oh, I promise to talk to IT to get this straightened out."
There are a few things that protonmail is not good at, but I guess I've learned to live with them.
1. You can't search message content. gmail is very good at this, so I've had to become more organized to make sure that I can find a particular message in protonmail.
2. Notifications on mobile do not clear if I've read the message on another device. I have to open up the app and sync to stop them from popping up with outdated information.
3. I wish that there was a way to mark a message as archived and read from the mobile notification.
all these issues sound more like client issues than protonmail service issues. why not just use a different email client to connect to protonmail, such as Spark?
The only issue I've ever encountered with Protonmail was Digital Ocean. For some reason receiving a password reset email through Protonmail took forever. I thought I'd entered my email incorrectly, but nope. Eventually came through, but from what I could find, it was a known problem.
Of course not -- Family Link was introduced in 2017 and this account was created in 2008. I don't remember the specifics, but I do recall having to provide my information since she was under 13.
edit: Family Link is also for android devices and chromebooks. She doesn't have a phone / android device or a chomebook.
I did sign mine up using fake birthdates well over ten years ago, my children are 13 and 16 now.
Long story but fairly serious legal issues issues with their mother making false claims of care/activities etc and needed things like calander and location tracking services and this was just by far the easies way at the time. For safety reasons I put a forward to my gmail of all their incoming emails, once again best known option at the time.
I sense a problem possibly looming, but not seeing that coming clean and engaging with Google likely to be a happy experience.
Anyone got any advice, other than abandon current accounts?
God, the dreaded endless loops. I've had it in Music, Play and several others. More fun is when a human enters the "loop." Yes, I've cleared cache and cookies, yes I've rebooted. In fact, with Music I'd even bought a new computer in the meanwhile, since the loop happened for literally years.
Cue the "businesses can choose who they do business with!" and "if you don't like it, build your own!" people.
We signed up for many of those things individually and they've connected them more and more. Now we have a single point of failure that can take down everything across all your sytems.
And it's not just those. Don't forget about Google Voice, Android, and every service where you used "sign in with Google"
Business should be allowed to choose who they do business with, they already choose to do business with these people. The problem here is they want to unilaterally have the power to termination the business relationship
This is a problem with one sided none negotiable terms of service being considered valid contracts under the law
They should not be.
We need to change data ownership laws, and force companies to do vetting on Account Creation, and put in provisions on how accounts can be terminated once a company accepts a user owned data. i.e Accounts must have a human reviewed appeal process, with full and articulated reporting as to exactly which rules were violated, and exactly what activity was the violation. And have a View Only data Take-Out period
Exactly. This isn't so much an issue of "Companies have the right to do what they want (within reason)". It's a typical issue of monopolies and dealing with a large, faceless corporation. Anyone who's ever dealt with any corporation of any significant size can tell you similar stories to this.
One of the big problems is that if you have all of your eggs in one basket, there are much more chances to fuck up and get banned. If I post some shit on YouTube, that is unconnected to my Fastmail account. However, it is connected to my Gmail account. If I get Zucked from Facebook for posting dumb shit, and dependent on Messenger to communicate with people, I'm fucked. By diversifying your compartmentalise your risk.
This raises a question. If you're well marinated in Google services, like me, what do you do? Is there a comprehensive, simple, and easy way to port everything?
Perhaps there's some authoritative site about what exactly you need to do?
My two cents would be don't worry about a comprehensive degoogling plan. Just chip away at stuff until you feel like the risk level is acceptable to you.
For me, that started with email. Email is a root for a lot of your digital identity.
I can't guarantee access to @gmail addresses going forward, but I can at least _start_ fixing that problem. I picked up a new domain, hosted the email with someone else, and set all my other accounts to forward to it. I updated a few really critical things right away, but for the most part it's just as I go log into various accounts with the old email address, I update it.
I didn't really bother trying to migrate the email out of my gmail account. Instead I did a bulk download from Google Takeout so I know I _can_ access that old email if I really need to find something.
Six months or so in, the bulk of my identity is now tied to a domain that _I_ own, and email hosted with someone I can trust more than Google.
It's not perfect, but already the impact if Google were to suspend my account has dropped immensely.
Cutting Google completely is something you do on principle. Instead, just look at what the impact of losing access to various services would be and address those specifically. (E.g., losing drive? Switch to NextCloud if availability is a concern; or set up a regular Takeout download if data loss only is a concern but an interruption in availability is okay, etc)
I've never actually used it for editing documents, I just use it more as a Dropbox replacement for backing up / syncing files.
In that case, depending what your actual acceptable risk/goal is... continue using Google Docs and set up a regular backup? Your worst case is that Google Docs goes away tomorrow, and you still have all your data you just need to spend a bit of time restoring to a different account / setting up alternative software / etc and move forward from there. For most people I expect that's more than enough.
You can export a lot of your content at takeout.google.com. Debundling these into other services is the main challenge, you have to shop around.
If nothing else you should set up your own email address, even if it is just a simple forward to your gmail. Google blocking access to your mailbox would be pretty bad, having control of your MX record gives you an out.
I'm not sure there's an easy way to port everything (few services integrate across so many fields as seamlessly as Google does), but this Reddit post has a huge thread of alternatives to common Google services: https://www.reddit.com/r/degoogle/comments/g1yu01/google_alt...
For me, I've switched to DDG full-time for search and I'm veeery gradually swapping over to Protonmail for email (using Thunderbird as the client to ease the transition). Once email's over, I'll be able to rest a lot easier.
However, if you're a heavy Docs user, NextCloud is a Google-like suite with a few hosting options (self-hosted, third-party host, or enterprise).
One key point is that you do not want a single all-encompassing alternative, at least one that is a remote corporate-run service, as this simply replicates the risk elsewhere.
The principle options are:
- Integrated replacement services. Don't do this.
- Multiple independent free services. At least you've diversified risk. Mind that these may (and likely will) consolidate with time. Skype, WebMeeting, Instagram, YouTube, GitHub, and Blogger were once freestanding companies. They no longer are.
- Self-hosted solutions. NextCloud, FreedomBox, etc., or DIY service bundles on your home, office, and/or a hosted service can avoid the problem entirely at least for highly stateful services (email, contacts, files, documents)
It doesn't need to be (and shouldn't be). Just use an email provider that respects you as a customer and don't put all your eggs into one corporate basket (especially not one that treats you as nothing more than data cattle). Horror stories like this one will, over time, educate people that this behavior pattern is dangerous.
IMO self-hosting is the ideal because that aligns responsibility with incentive (and it can be done extremely cheaply), but if not, there are paid email services that actually treat the user as a customer.
This victim-blaming needs to stop before the tech industry backlash hits. This is exactly why we need regulation. I swear, if "just go somewhere else" were good advice (and it's not), we wouldn't be having this conversation. How many years has it been, though, that Google and other consumer-ignorant companies have been able to get away with this, helped along by people who tell victims to just "go somewhere else"?
Normal people will only put up with this for so long. Either regulate it intelligently now, or expect actually scary regulation a decade or two from now.
There's nothing wrong with a law that says: "You cannot close a customer's account with no remediation, no recourse, and no explanation." What is Silicon Valley so afraid of there? How is that unreasonable?
How do you change people's mindsets from 'free is good' to 'free is bad' though? They're not planning on being customers of Google.
>This victim-blaming needs to stop before the tech industry backlash hits. This is exactly why we need regulation.
Google will simply dilute the language of the regulation, to the point where they will simply add a "your account can be deleted at any time for any reason, proceed at your own risk" popup during sign-up, and people will happily hit continue/next.
Systemic reform can't exclusively happen top-down or bottom-up. There needs to be some of both. We need to stop giving Google free good-will on HN. Stop up-voting Google product launches, stop promoting Chrome, etc, etc.
I think it is reasonable to have the position that Google is big and powerful enough that it cannot and will not be regulated by, say, the US government. Or rather, that it has enough permanent influence such that any regulations will be watered down to be de-facto meaningless, or in most cases, strategically beneficial to Google themselves (substitute chosen megacorp here).
For real. If we don't do this ourselves, then the hammer is gonna come down much harsher and with much more reckless abandon in the future. It'll look closer to SOPA than anything reasonable. I don't want 80 year-old dinosaurs in Congress making these decisions 10-15 years from now because we couldn't get our shit together.
What do we expect to change between now and 10-15 years from now that will make regulation harsher? Assuming bad behavior from tech giants continues (and, crucially, continues to be publicized), I would assume by then a competitor will have come along to take the bad-behaver's business.
After all, 15 years ago we still thought Google was "not evil". A lot can change in that time.
> Normal people will only put up with this for so long.
Agreed. Then they will learn that Google is not to be trusted with email and move to a provider that is (sort of like how kids migrated away from Facebook when their parents showed up, even though Facebook remains a dominant brand). Disruption occurs when an incumbent is bad at something which the disruptor beats them at. In this case, there is an opportunity for an email provider to disrupt Google by providing actual customer service. Protonmail is already making waves in this space (in addition to the encryption).
The reason I'm anti-regulation is that every law is a headache waiting to happen (and one more barrier to entry) where to me -the- beauty of the internet is that there's almost no barrier to entry once you have an internet-capable device. The more we regulate the internet, the more difficult doing something as simple as running a personal discussion forum becomes. Regulation is, at its best, a necessary evil, to be avoided until no other solution has proven viable. And there are plenty of other solutions for this particular problem.
And to clarify, I'm anti-Silicon Valley (IMO venture capital's expectation of high returns is the direct cause of many of the "evils of tech"). But I do tend to agree with the anti-regulation stance. IMO the problems people want to solve with regulation (even including GDPR) are better solved by better tech and organizations that align their incentives with those of their users.
If you are a “customer”. How many people pay for google services? I know it’s kind of jerky but I still agree that if you aren’t paying for the service, you have no leg to complain about it.
Google isn't doing this out of the goodness of their heart. They're expecting to make money off of every signup in some way. Directly or indirectly. If they want to continue their dominant status, then they should be responsive in some way to their users.
Sure, they have the right to cut off users any time they like. But it's ultimately self-destructive. Once trust is lost, it's difficult to regain it. I've moved away from my Google dependencies as much as I can, and have urged friends and family to do so as well. I'm only influential with around two dozen people, but once you start multiplying people like me by the millions, then Google has a problem.
And I'd argue it's at least a little immoral. Their services, especially Gmail, were set up in a way to make users highly dependent upon them. Google wanted that dependency for their path to near-monopoly status. To suddenly cut them off without the option of support or a clean exit creates real world chaos as the users try to pick up the pieces. Your email address might not be used much socially these days, but it's crucial for business contacts. For logins and customer interactions. The loss of it can cause serious damage. Google may not be legally responsible for the damage caused by a user's loss of their free services, but they're arguably morally responsible. Maybe they should pop up a warning to everyone using Gmail: "Don't rely on us. We're not going to do anything to help you if you can't use it one day."
Or more precisely: Why do you think any outsider could understand Google's rational?
History is littered with the corpses of successful companies that lost their way.
Today's Google reminds me of General Motors. Utterly dominant, untouchable. But needed to keep making more money. So they bring auto loan financing in house, GMAC. Woot, more money. But they forgot how to make money making cars. So upstarts ate their lunch.
It's a rough analog. Maybe IBM is closer.
The point is Google's rolling in cash despite their antipathy towards their end users (note that I did not say "customers"). Which will continue to be fine, until it isn't. And then it'll be too late.
We do not pay for a home address, and yet people can still reach us there. Email is just as important as physical mail -- the problem is that the economic model changed. This means there is no incentive to maintain service, even though (in my mind) in the modern era an email address is possibly more important to a person for day-to-day communication.
I mean we do not pay the USPS or FedEx or UPS, etc. to agree to send mail to our address. I was making a comparison between mail and email services. Hopefully this clarifies what I meant.
Still makes no sense. We do not pay mail-providers for the address alone, but mainly for running the servers which deliver and store the mails. Which is the same for which USPS/Fedex/UPS/etc. are paid for.
You want a mail-address? Grab your own domain (thus pay "tax"), put a server there (build a "house") and you are there. Getting an address, be it physical or digital never comes for free, and there is not human right for having one.
Alright, then I take back what I said in my parent comment about how "we don't pay for a home address". I'll concede that we do pay for a home address.
However, that doesn't change the fact that the economic model has changed when it comes to email. We no longer pay with money, but we pay in other ways when we use Google. So it's actually worse than with mail, because there used to be a clear exchange of goods but it is now obfuscated. And thus, there is nothing mandating good service, which is why people can be randomly banned from using it.
Why should people have to pay money for a product to expect fair treatment? Is an exchange of services without money not subject to rules and regulations? Google chooses not to charge people because they've found it more beneficial to offer many of them for free. It's a model many tech companies have followed to great success. That doesn't mean they should have free reign to do whatever they please.
> Is an exchange of services without money not subject to rules and regulations?
A contract without consideration is not a valid contract. There are a few laws in some places that require companies to provide service outside of a contractual service agreement, but those are typically limited to public utilities, emergency services, etc.
GP said without money, not without consideration. Google derives a great deal of value by having your attention and data in its various products. The fact that users exchange attention and data rather than dollars doesn't give Google the right to stomp all over them.
People pay with their data. It suits Google very well. If they were able to make billions, lest they could do is to have a proper customer service. I see them now as a company exploiting their customers in every way possible and then giving them a middle finger if there is any problem they experience.
It should not be legal to respond to customer issues with bots or people not trained to deal with specific requests. If this means customers would have to pay extra, I am fine with that.
Also, there is no comprehensive opt-out. I cannot tell their ad networks to stop tracking all the devices I own.
(They have a page for stopping tracking of things I use my Google account for. That doesn’t count: They track me even when I am not logged into Google, and even on devices that cannot log into Google.)
Also, I can’t delete my gmail accounts. They were issued by third parties that decided to outsource email to Google.
There is nothing consensual about my use of Google services. I shouldn’t be bound by their EULA. I’m sure the courts would disagree.
The thing is - google makes more per user than users are willing to pay for google services. Also, their totaling vertical integration makes things hard to disentangle. If Google were to introduce paying subscription tomorrow (just shooting, 60 USD per month), what what I would be paying? Youtube? Search? Everything? What if I were willing to drop youtube and just pay for search?
Everyone pays with their data and the ads they and others are seeing. Just because you pay no cash, does not mean ther is no payment at all.
Addtionally, it's used to be quite hard to even pay in cash for googles services. Though, this changde in the last years, as there is now youtube premium and google one. But still not possible for all their services.
More than enough ,Please check average revenue per user figurs of Google at such a large scale. They are one of the most profitable companies. We are paying by our data, actual money using value added services (google one etc.) It is very bad to say that we have no leg to complain.
I'm trying to not make this sound harsh; but you really don't need a government regulator to tell you that centralising all your data with Google, who are providing largely free services, is risky.
It is like building a house on the edge of a cliff then falling off the cliff one day. It was always a real possibility. Being locked out of your stuff is quite a likely end of the story with Google.
You need a government regulator to stop large companies from buying up lots of small companies and adding them to this risk pool.
I bought 3 Nest thermostats long before Google bought them. I wouldn’t have done so after the buyout.
If google bricks my thermostats because my kid does something dumb on YouTube (through the linked tv accounts) that will suck.
I suppose regulators could also prevent companies from bundling lockouts in that shutting down gmail for YouTube problems. Or shutting down Nest for gmail problems, etc.
The phone company can’t just randomly cut off service and ghost me. Regulators are the reason for that, as I’m sure they’d love to if they could.
Nest sold you a poorly designed product. If they had sold you something that could be plugged into any network then you could reuse it. From the start the product had a big fault google buying it just highlights that design flaw.
For the record, there have been cases of companies (IIRC Cisco wifi routers) that attempted to do this retroactively - pushing a firmware update that "helpfully" made the hardware cloud managed only.
So indeed, buying open API stuff only is a good start, unfortunately one still needs to be vigilant.
> but you really don't need a government regulator to tell you that centralising all your data with Google, who are providing largely free services, is risky.
>You need a government regulator to stop large companies from buying up lots of small companies and adding them to this risk pool.
These two statements are not even close to arguing the same thing.
The previous commenter is saying that it's common sense that "centralizing all your data with Google" may not be a great idea, especially if you don't have any backup of that data and keep all of it in Google.
They are being downvoted, wrongly, by people who knee-jerk about the "don't need a government regulator" bit. But they only used that phrase as a kind illustration of the common sense that people should have about not having a backup of their data.
Yes, Google does need some government regulation. And yes, people shouldn't need a government regulator to tell them not to keep all their data in the cloud without any local backup at all.
The people on HN with ability to downvote are some the biggest assholes on the internet. Seriously worse than reddit. I guess I shouldn't be surprised.
>The phone company can’t just randomly cut off service and ghost me. Regulators are the reason for that, as I’m sure they’d love to if they could.
If you're paying your bill, why would they care?
Regulation is part of the answer, but it's also part of the problem. If a YouTube comment wasn't at risk of "being mean" or breaking arbitrary rules (pushed by regulators, Google isn't doing it on their own), you couldn't be locked out. Corporations don't gain by cancelling their customers.
> Corporations don't gain by cancelling their customers.
Sure they do. If a certain customer's behaviour is alienating or obstructing other customers, then that customer gets cancelled, because they are having a negative impact (on the business - not the users!) that is larger than the benefit they provide.
That's a net positive result.
Ignoring your whole concept of "mean", it is 100% up to the company to decide what the negative behaviour is, which is part of the problem.
Sure some of it might be "mean behaviour" and so we look at it as Google doing a good thing perhaps.
But what if you went around Google's services and informed people of better alternatives to their services, and you started to actual gain traction and cause people to stop using Google?
There's nothing mean about that, in fact you're providing a good service to those people. But in Google's eyes your actions are negative, and they could just cancel your account at their discretion because they don't like what you're saying.
That is the kind of thing that regulation protects from, when dealing with essential services - and I think there's a stronger and stronger case to be made that these large providers are in fact essential services.
p.s. Devil's advocate: the theoretical actions I described above (recommending alternatives) could so easily cross the line into spam. But who decides where that line is, if Google was to be regulated?
I was specifically addressing the other rather broad statement that I actually quoted.
To address your point too though, there are definitely customers that the phone company is required to serve that they would rather not serve, because the costs are higher than the revenue.
Remote rural customers, customers who need accessibility-related support, certain outdated services that people are grandfathered into and don't want to cancel, etc...
And again that's where regulation protects the customer from the corporation that doesn't care about the customer's needs, unless they align with their own needs or are forced to via regulation.
The blurring of and overlap/cooperation between corporation and gov't also shifts incentives. For example, you can skirt fiduciary responsibility by appealing to regulation.
There are a lot of stories of people paying for Google Services getting locked out too.
Personal experience, once I created an Adword ad using one of the image that Google Ad creator had suggested. It was nothing, just a woman in bikini. It was approved and then rejected with warning that I violated their guidelines. I wanted protest but thought probably not worth it. This could have perma banned me from Google, I stopped using AdWords.
Do you think Google really cares about this, or do they get pressure from "outside" forces to impose such rules?
I seriously doubt Google cares one wink about people posting bikini photos. These rules exist because activists put pressure on the company to enforce such rules, for better or worse.
Google is huge and they run a vast portion of the internet now. If they were to suddenly decide that all FastMail accounts should go to spam tomorrow, any users of FastMail would be SoL—they would be unable to communicate with a huge majority of the internet.
They could decide to randomly throw every 5th email that is not a gmail into spam and blame it on other providers having low reliability. Make it random enough to gently encourage you to get a gmail account again.
These are extreme examples, but Google could easily do these kinds of things and there is nothing any of us could do whether we use Gmail or not; it will affect us because they control so much.
Fear of leaks to the press from insiders discourage ideas that would leave a document trail -- plausible deniability is required. More likely then would be ever-tightening, subtly biased, anti-spam criteria.
> That would backfire spectacularly, and would probably kill gmail.
How would that kill gmail? It's not like they're going to lose any real part of their user base. Short of a press release from google confirming the behavior, the average user is not going to go through the hassle of finding a replacement provider and then changing every email address associated with every service they use (if it's even possible for the service) all for some nebulous and impossible-to-confirm conspiracy theory put forth by tech experts and security experts that don't get listened to even when there is proof. And it's not like other companies and services would take a stand by ceasing to offer service to customers with gmail accounts- that's an incredible way to lose a vast portion of your customer base.
I wish it weren't this way, but I just can't see that bringing down gmail. Especially not when every google service requires a gmail account- probably the same one most people have had for years.
A ton of online services, customer support services, government services, airlines, etc. etc. use e-mail but don't use gmail to send it.
They can't afford to let 20% of that go to spam without a backlash. And if they kept doing it despite the backlash, who knows what would have happened to gmail.
Lose a few thousand dollars or an entire vacation by google regularly blackholing messages from important and expensive services like airlines, when they send you email telling you your flight departure was changed, and you'll be looking for a better email service in no time.
Now imagine this happens to 1/5 of the customers of said airline, just because of google's 1/5 non-google mail go to spam policy. It would be a scandal.
If Google only locked you out of the functionality you seem to have violated somehow, it would still be a viable strategy to use their services.
Imagine losing the ability to comment or upload videos on YouTube because you wrote something offensive or published a video with copyrighted materials.
Potentially bad for YouTube creators, but definitely not dangerous for normal users which also use other services.
Reports like this were the reason why I removed almost all Google services from my life a few years ago, but I wouldn't have done it if the bans had been granular.
Global bans "seem" to be new. I've read many stories of shell scripts randomly permanently banning android developers for life from their platform, but those stories always involved being banned from the play console and so forth, not being banned from search / maps / gmail / youtube / etc.
It seems to be news that if you tell people in public youtube comments that you vote for Trump, or whatever it is they're enforcing today, google will fight back by disabling your thermostat or whatever.
I used to work at Google on stuff related to account bans.
Global bans are not new. They were standard a decade ago. The reason is due to the structure of the various spam/abuse industries that plague any service that allows user generated content. What happens is this:
1. Accounts get harder to create as signup security improves
2. Black/grey-market account sellers come in and start creating accounts that get bought by spammers/fraudsters.
3. Spammer/fraudster abuses an account on service X, it gets locked for service X. They sell the accounts _back_ to the seller, who then resells the account once again with a note that it can't be used for YouTube or whatever.
4. Different spammer/fraudster buys the account, abuses it on a different service, goto step 3.
Their systems have some notion of why accounts were suspended or blocked, and the tech does support individual service level blocks. But they weren't used much back then because the pattern of a user being bad on one service and then being bad on every other service was too strong.
The problem of false positives was well known a long time ago, and the noise:FP rate is very good - if a script accidentally disabled good users with even quite low volume the people in question would be on Twitter or HN within hours making articles like this one, which did get noticed. So false account blocks were pretty rare.
Back then and still now, I think Google need to make it easier to handle this situation. Strong end-user support in these situations is hard because genuine fraudsters will happily file support tickets and socially engineer support to get their accounts back - I even witnessed auto-generated pleas to support once. They were quite convincing individually, only when you saw a few thousand of them with re-arranged sentences all begging for help with identical language was it clear they were spam. However they could still make it a lot easier, and in particular, could improve Google Takeout to be easier to use (e.g. automatically uploading the backups to various non-Google services).
Why are accounts suspected of TOS violations not simply put into read-only mode instead of shutting out users completely? If the identity/authorisation of the user is not in doubt it makes zero sense to not let people download their data before closing the account.
This simple change would fix all the consumer related horror stories with zero cost to Google. In fact it would become cheaper for Google because people would stop pleading with them.
Also, why is there no one-off paid support option that covers the cost of a human checking evidence and is expensive enough to deter mass abuse by fraudsters? Why is there no option to provide a photo ID upfront so that there is always a last resort to check whether a user is who they say they are?
A lot of abuse is things like posted comments. The locks are retroactive and "account disabled" is a signal to each service to hide content generated by that user.
Read only mode would make sense for content that's truly private, or which can be made private. Nothing stops them allowing Google Takeout for disabled accounts, heck maybe they do these days.
Paid support:
1. the optics of false positives being held to ransom to get their account back is terrible. Giving the money back isn't always easy (credit cards support this sometimes but many users don't have them). And this is made worse by:
2. many accounts aren't easily verifiable. People imagine that every Google/FB user puts their entire life on these accounts. A very small number do. For those, expensive ad-hoc processes could maybe increase the account verification rate by a little bit. But most accounts that get disabled are accounts with fake names, that use exclusively one service, etc. It's extraordinarily difficult to come up with reliable ways to verify the identity of the holder of accounts that required no identity to sign up.
> Back then and still now, I think Google need to make it easier to handle this situation. Strong end-user support in these situations is hard because genuine fraudsters will happily file support tickets and socially engineer support to get their accounts back - I even witnessed auto-generated pleas to support once.
How much are accounts currently worth on the market? It seems that making the recovery procedure more expensive than the worth of the account should resolve that issue. At the same time legitimate users are probably willing to invest some money in order to recover their account.
For example offer a $20 option to send a registered letter to an address provided by the user. Then Google can check if: 1) The name on the credit card matches the name on the account, 2) a given address hasn't been used too often, 3) the identity check done by the postal service (checking if the recipient actually has a given name) succeeded.
This won't be a perfect solution and there are definitely edge cases for which it won't work (in countries without registered mail, if someone doesn't have a credit card, etc.). But it should be able to cover the majority of cases where legitimate accounts have been locked.
Most users don't have a credit card - they're not all in the USA. A big chunk don't even have bank accounts at all.
However that's basically what phone verification does. In case of suspicion someone has to provide their mobile phone number. It's texted with a code and a counter increased. The same number can't be used over and over. Unlike credit cards, the assumption of universal mobile phone access (amongst people who have internet access) is very strong. It works very well. In this case, the account was shut down without this being possible, which is only used normally for very clear cut cases. Don't assume the full story is public.
Then what you do is set up some sort of monetary charge, to verify that the person you are dealing with is real. Someone willing to pay for support is highly likely to be an actual customer, not a fraudster; and you can even have their local bank or notary to verify their identity, if you are worried about identity theft.
This is a problem that is largely solved at government scale, which is what Google is now, and there's no reason not to take advantage of existing infrastructure to do so.
The vast majority of Google accounts have no real identity associated with them. Also, this doesn't help if an account was NOT a false positive. You're assuming this guy is truly innocent of all problems, but from past experience, unfortunately I can say that sometimes when obviously non-spammy accounts go poof overnight and nobody is willing to explain why, it's because it's related to a criminal investigation.
I'm confused. The goal of my proposal was that someone who was wrongly flagged (a false positive) could identify themselves as such by being willing to put up a (cash) bounty, or identify themselves with a financial/government institution that is set to handle such things at scale. Someone who is committing fraud, or trying to steal anonymously, or is involved in other criminal activities, is extremely unlikely to do such things. Legitimate people, however would have a route out of this kafkaesque maze. That system could even be automated, and it would work better than what's going on now. At a certain point, some problems just cannot be solved with just code.
Google+ banned accounts globally if they discovered a fake name. Fun way to roll out a facebook killer. Kind of killed Google+ but that's a story for another day.
At some point companies are large enough that not having an account is an handicap. IIRC, the supreme court of Canada mentioned in a ruling that Facebook terms are unenforceable because they can't be negotiated and because not having an account in too consequential. In essence, it's not a agreement you freely enter in. It was about forced arbitration.
My point is there are limits that what private companies can do. Stretching the boundaries like that is sure to cause a strong regulatory reaction at some point.
When you have governments using Google logins or schools communicating with parents via Facebook groups, or state broadcasters reporting on Twitter as news, then the line between private company and public utility has been crossed.
That's not theft in the least. They kept the data that you gave them while using their service. Should banks throw out records for people who close accounts?
Why should a customer be punished for buying products that are not banned by the government and for tripping up on an invisible tripwire within said product?
If there were a definition for "set up to fail" it would be that customer... Or are we to assume google is a potentially hostile force, whenever it feels like being one.
We used to ban the sales of products that harmed customers.
What do you expect your average person to do? Set up their own mail provider?
A tiny number of companies set out to have an unbreakable joint monopoly over the Internet, and succeeded. Now you're blaming the average person for this - like the average person has the skills or the time to do anything about it.
Happened to me too after 10 years of Gmail use. Exactly the same story. No explanation. As I remember at that time I checked Google servers data as to uptime—the data was public, not sure about now—and it appeared that there was a serious problem with servers right before I was blocked. It looked like Google just completely lost data in some server cluster. Anyway, there was no way to get any response from Google or at least my gmail address reactivated even with data lost for me to be able to access other services that I used the email to access. I think it was Google's fault. The company lost data, but didn't want to admit it and blamed me for breaking some policy without any further details to explain absence of access to my data.
Since then I use my own domain for email, could easily switch email provider while keeping the address in case there is a problem, and I'd still control access via the email to other services. Also I never rely on Google as to files, photos, or videos. I mean yeah I use Google, YouTube etc., but everything is first of all backed up on MS OneDrive. Even on my Android phone there is automatic upload of all new photos to OneDrive. Google Photos is more like for easy viewing, sharing and presentation. Not backup. Not to mention that MS Office + OneDrive storage subscription provides much more value that Google G Suite.
It would be nice if in these cases the “lock” allowed read only (as in, can still receive email, just not send it) gmail access so one could at least move whatever account they were using gmail as contact for. I think it should not be that hard for google to add this and would help with a lot of cases where losing gmail access means severe disruption to one’s life.
My wife and I each have "partner sharing" setup in our Google Photos accounts so that we both have all of the photos in our own accounts. One could probably make a second account just for backups and setup partner sharing for this purpose. You can only have one account configured this way though, so choose your real partner or a backup account.
We also back up to Amazon Photos as well, just for extra peace of mind.
I pull my phone photos via rsync and I backup my gmail and my wife's gphoto via an api key backup script.
This way i don't lose any data. I have a grandfathered custom domain, that my kids and other family members use; so it would suck. I could however move the domain anywhere. It would just be a bit more expensive.
Because MS Office is a different business than giving away free accounts to collect user data. It provides cloud services for money. I guess MS has much better redundancy mechanisms and pretty much committed to not lose your data.
Well, shit happens sometimes even with people having the best intentions to do the right thing. Though I didn't hear about a single case of MS losing people's data. But I'm sure MS would handle such situations differently than blaming it on a user and just terminating accounts.
Value = proper Office suite online and offline with proper document formatting and files + more storage. Altogether cheaper than G Suite. Also it's really great value to have Office installed locally as a proper software. Not a crappy dumbed down browser web-site.
I pay for Gsuite which is $6/mo and extra 100gb of storage, for $8 total. The part that drives me nuts about 0365 is that they don't allow custom email domains below Business 0365 which is $12 a month.
Personal plan doesn't allow you to use custom domain for the email address EXCEPT for 1 domain that is registered with GoDaddy. And you can't share that domain with another account.
well yeah my case is that Excel and word are the best option. They integrate nicely with onedrive and you can plugin the documents into sharepoint and several other platforms within microsoft ecosystem
i might be biased due the fact am an azure power user and have several other tools that work together
At least in Germany some sites/blogs reported in the last few month that many users lost their Microsoft accounts without reason, so i wouldn't be too sure about this.
How are you doing full android backups? I recently discovered this is basically impossible without either using Google's cloud or rooting (which has it's own inconveniences..)
It should be illegal. Companies that provide public utility type services should be obliged to follow certain laws, one of them being that they are not allowed to shut people out from their own data. They could provide the service as read-only on alleged breach of terms (allowing the user to migrate) for example.
An interesting point here actually - number porting was viewed to be core to a telecoms service operator. They have to provide it free of charge as a cost of doing business.
Perhaps we need similar for email forwarding - it's clear that the major email platforms (Google, Microsoft) can already handle mail that is simply deferred to another mail server (see partial cloud email transitions).
Perhaps we need the same for email? So a user can have a Gmail address, but receive their email elsewhere. Would still require an authenticated backend to let the user control the end destination email server, but that's the same for number portability. Telecoms operators handle that part, and each provider is regulated. For email it could be a basic login ability for the old account to enable picking the destination mail server.
Absolutely. Perhaps an angle for the current ongoing antitrust/anticompetitive behaviour investigations going on in the House?
Incumbent telcos fought portability, but in the end it has become a "given". There's no reason OTT services can't also have the same - email is already federated. I could see issues around whether people should be able to "port" their email and still send using their old "From" address (not least SPF/DKIM technical aspects), but the ability to receive seems an obvious one that could be handled.
The challenge for OTT services is that absent regulation to force it, if an email provider goes down, there's nobody to step up and continue to provide the relay service.
> Companies that provide public utility type services
The only "public utility type services" Google provides is phone service through Fi. Nothing else counts as a utility. Even then I'm not sure if being an MVNO counts.
> The only "public utility type services" Google provides is phone service
I guess my implicit suggestion that email services be regarded as a type of public utility was a bit convoluted. But gmail is surely a close enough parallel to postal services of old (traditionally a public utility) to be regarded as such. Legislation has simply not caught up with technological developments.
An interesting perspective, but GDPR also requires them to delete data according to policy. If, by their policies, the data should still be held, then you have the right to access it. If they deleted it contrary to policy, that would itself be a breach of GDPR, and you would likely have strong grounds to sue and seek relief. If the data was to be held pending court action and they deleted it, that could get even more serious for them, and into the contempt-of-court territory.
I don't think that's correct. The GDPR retention policy sets out maximum retention time.
The guiding principle is that data should only be retained as long as is required to serve the purposes for which it was collected. So if your account is permanently terminated, there is probably an argument that GDPR requires the deletion of all data as soon as possible.
GDPR sets out a maximum retention time as you point out, but it also regards the act of "erasure or destruction" as a processing operation (Art 4(2)).
Recital 83 highlights the importance of preventing "accidental or unlawful destruction, loss, alteration" of data, and Art 5(1) says "Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)"
I wouldn't want to be in Google's shoes in such a situation, as the principle of fairness and transparency would come to light, and I think it would be quite hard for them to argue against this.
You are also right that GDPR sets out principles of not retaining data for longer than is required (data protection by default), although all of these rights have to be balanced. If you could argue the deletion was not lawful, fair, or transparent, you would have a breach under Art 5(1).
The Art 20 right to portability would also be relevant here, around people's right to port a copy of their own data. Given the existence of these rights, a blanket "we nuked all your stuff" would deprive a person of reasonably exercising their rights, and I could envisage consequences for this.
It would be really interesting to see some of this get put to the test though - GDPR could become a way to force "human intervention" in some of these situations on the basis of not wanting exposure to unwanted legal risk.
Many commentators mention e-mail here: I'm a conservative oldtimer with my own domain (since the Ninetees) and associated e-mail, of course.
The problem is that it happens to me more and more often that especially with my business contacts in larger companies my e-mail is filtered out / ends up in their junk folders / disappears for other, unspecified reasons. Simple public black lists do not show anything. I am more the developer and not the infrastructure type, but the company policies seem to contain more and more features of downgrading private domains. And in my opinion this is supported by some kind of dirty game of global IT players at technical and other levels.
I have been managing my own mail server for 6 years now, and enabling and configuring all the mail security features (DKIM, SPF, etc), and keeping up with them, is indeed the most difficult part. I regularly check my mail server against tools like this: https://mxtoolbox.com/diagnostic.aspx. If you just do one thing wrong, you will end up on some black list from which it is very difficult to get off. So far, I did not have any major problems, but after the initial default installation of Postfix in 2014, all my test mails to Google Mail went straight to Junk.
My server is at Hetzner, and there are some blacklists which block Hetzner IPs by default. You have to contact them, explain that your server is not a spam server, and hope to get whitelisted. In my case, it worked. T-Online in Germany also blocked my IP as well, but they were amazingly quick to whitelist it after I send them an email. They apologized and explained that they also block mail from Hetzner IPs by default.
This. So many people don't take the 10 minutes to configure DMARC, DKIM and SPF. I've been hosting my own domains since 1996 and I haven't ever had a problem with any of them sending mail to any of the big hosters. If your DMARC passes and you actually have a policy set to REJECT you're almost guaranteed to not have a problem as long as your domain isn't a few days old. The first thing I do for any new domain I plan to use is get all of those items configured ASAP and start sending mail into Google and O365 to test and thereby end up in their domain analysis.
Given all the horror stories I've moved all but one domain off of Gmail (mainly to preserve my grandfathered G-Suite. I don't use `@ gmail dot com` for anything other than Google services. And if you are using GMail back it up! MailArchiva [0] is free for less than 10 mailboxes and works well. In this regard at least you still have access to your mail and can possibly prove something if those emails contain any identifying information (hopefully not, but you never know what will help).
If your email is that important to you then don't run it for free. Pay for someone to host it - I've been more than happy with Fastmail for many years and also use paid for ProtonMail accounts with custom domains.
At the end of the day if you don't control the domain and don't pay for the service I don't feel like I can trust the provider to do the right thing or expect any level of support. Bring email back from the monopolized "free" tier!
> So many people don't take the 10 minutes to configure DMARC, DKIM and SPF.
Having just done this recently, it's more than 10 minutes, especially if it's your first time. But yes, everyone should be doing it, as well as doing their best to get off of blacklists[0]. Still doesn't stop incompetents like MS mail admins (so, @hotmail.com, @msn.com, @live.com and @outlook.com) from keeping their own internal blocklists, that you can't get off of, no matter how many times you fill out their form[1].
> So many people don't take the 10 minutes to configure DMARC, DKIM and SPF.
Another commentator here mentioned this and the hint was worth gold. In the meantime, I changed/adjusted this in the interface of my website provider (I am also using his SMTP server) and solved an actual problem of this kind immediately (maybe also explaining the shortcomings in the past).
In general, I would admit that it is not a compelling excuse not to know something. The problem is, that I was not even aware of these keywords and after looking them up, I seemingly solved things quickly and - hopefully - permanently. People just don't constantly check all things. Especially with long term reliable services with rare, subtle and not obvious (in this case without any hint) errors.
> So many people don't take the 10 minutes to configure DMARC, DKIM and SPF.
Considering I've actually never heard of any of those things despite multiple people telling me to set up a mail server. I'm not sure why you're surprised.
The bias against major player-hosted email was probably rooted in spam prevention, but there's little doubt in my mind that they (the few big players) recognize the value of attempting to force users to use their service, and then to trap them.
I doubt they really care that much. Everyone migrated to GMail from a world with Hotmail and Yahoo email accounts. They truly don't need to lose sleep over other competitors with far less capitalization.
This is something that should be regulated — E-mail being the equivalent of a public utility, large providers should not be able to just refuse it or hide it in junk folders.
Yes, I know spam is a problem, but it's a solvable problem, especially with a small percentage of those providers' revenue.
I do all three for all of my domains (hosted on another provider). It's actually very little effort. It does help immensely if your provider has systems in place to facilitate this.
Not necessarily. Static IP and PTR records improve the "credibility" factor, but it's not required. I'm running mine on the dynamic IP provided by the ISP, without PTR. Despite the warnings I get from the mail scanning tools, I can send mail to Gmail, Yahoo and the other major providers.
Not if you are on hetzner or one of the other major spam hosting ISP ranges. You will blocked in a lot of places.
Folks talk about these places and the "unlimited" bandwidth and the "friendly" abuse teams. Ergo - you can't talk to as many other places via email. The big players will crunch you down quick.
Use your smtp server for inbound only. I much prefer to let people with deeper pockets to maintain the outbound mess. Your domain provider probably provides just such an email server for its customers.
Tip: Get your own domain from a non-google registrar, then connect to Gmail if you prefer. If you ever are locked out, you can just move the address to another email-provider.
Another trick is to use always have forwarding enabled in Gmail, to Outlook.com or another provider. All email will be forwarded despite your account being locked, so you will not miss out on important info.
And use Google Takeout for backing up your data, at least once a year.
I've used a custom domain + gmail for the last decade. Earier this year I got sufficiently spooked and decided to switch email.
The migration to fastmail.fm , including a decade of old mail messages, was flawless (if slow, but it's a lot of data!). I highly recommend this route.
The funny (er, scary) thing is I was actually thinking of switching to Google registrar for my domain after namecheap messed up their CNAME records and dropped a few days of emails (I already use GSuite). Google reliability, the promise of fair pricing and a free WHOIS protection was very attractive to me.
After this, fuck that.
Google has so many services that you could lead a reasonably diverse online life without going to another provider, without the accountability that typically comes with that sort of power. They really need to be checked.
Would forwarding continue to work if your account is disabled or terminated? That doesn't seem likely?
I wish there was a way to pay for Google (such as Google One) and it meant Google wouldn't ban your Gmail account. Period. However from reading HN anecdotes, it seems like they don't care about you (even if you're a paying customer). I realize this could feel like extortion, but it would be well worth the peace of mind.
> Would forwarding continue to work if your account is disabled or terminated? That doesn't seem likely?
No, but the idea is that you can point the domain at a new host and at least keep receiving future email, so that you don't lose the ability to password reset accounts, etc.
As for
> I wish there was a way to pay for Google (such as Google One) and it meant Google wouldn't ban your Gmail account
There's a reason I pay, like, €50 a year for my email hosting instead of gmail's free mail. I want to be able to actually reach a human when it comes to problems with my email instead of Google's customer service void.
That's why you need to own your domain. When they lock you out, you setup a new mailbox elsewhere and point your domain to it. That covers new mail. And the archives are still accessible because you've been forwarding mail all along.
Yes, and (for example) Fastmail allows you to do that very easily. So does Google if you prefer to keep the Gmail interface & are willing to pay for G Suite.
And, if your mail client’s UI allows, you can even send from <whatever>@yourdoma.in to avoid disclosing your “real” address when you reply.
My favorite use-case: you sign up for foo.com with foo@yourdomain.com. Then foo sells their contact database, and now you’re getting viagra spam all day. Ok, just add a filter to auto-trash anything addressed to foo@, and the problem is solved.
Not op, but what you described is called a catchall address. Easily done with custom domain. Basically a regex for *@domain.tld, every mail sent to (anything)@domain.tld will arrive at a preconfigured mailbox, say admin@domain.tld etc
I do this but there are pros and cons to every solution. I once forgot to renew a domain and let it expire completely. It wasn't one that I used very often but a few accounts used it and someone else registered the domain. Now they could very easily gain access to my accounts if they wanted to before I get around to fixing it.
Another problem is that for many years, a user will have been signing up to accounts with their gmail email address. If this address is locked, password resets become impossible. I'm hoping that address reuse never becomes a thing.
> I'm hoping that address reuse never becomes a thing.
FYI, it already is for yahoo. I got lucky that they _only_ deleted all my emails after I didn’t log in for a while, and nobody else managed to hijack the account while I was gone and password-reset all my services...
Just wondering if there are any trade-offs to consider if I were to use Google Workspace (G Suite) instead of a provider like ProtonMail.
Using a custom domain with Google's paid service seems like the least drastic change and you get to keep using all their services. Maybe the support won't be as good, but the products and integrations are probably better than any other provider.
And as long as you do regular backups of your Google data, I think this seems like a good solution.
I had a commercial GSuite for an organization I was running. A Google bug wiped my domain and all my data. Support was automated systems all the way down.
I think the downside of Google is this happens about 100x as often as other organizations.
Google security also cares about Google's security, not your security. Your odds of account compromise go way up dealing with Google.
I have always used a custom domain for this exact reason. I ran my own mailserver for over a decade but that got increasingly harder with DKIM, SPF, etc and the big boys (MS, Google) blocking more and more aggressively. I moved everything over to Soverin.net last year and I'm very happy wwi them.
I’ve used Namecheap for many years without issue. My favorite feature is catch-all email forwarding for domains so you can use any number of email addresses for logins.
Being locked out from google account is one of my biggest fears in practical computer usage. Over the years I can't even tell how much I'm sunk into using tiny pieces of google's services, even though for most crucial things I tend to omit google and look for alternatives that are easier to handle in problematic situation.
> Mail is one of the things I'm most worried about.
Use an IMAP client. It would keep all your mail on your device, so at least you don't have to rely on having uninterrupted access to your account for your old conversations.
Actually, I'm surprised just how many people use email through web interfaces for some reason.
Backups of emails are OK, got a few of them. It's the constant need to receive emails as others have noted below is my fear.
If I'll get locked out will I be able to reset my password to the other bank account I almost forgot about? How long will it take for my old recruters to figure out not to mail me there? etc.
I run Thunderbird sometimes on desktop to cache all emails locally. I also have a NAS wich is downloading emails 24/7 and I can browse all locally from backup. This also gets backed up to 2 other locations :)
Search and find old emails.. that's where gmail works. I guess that's why I keep using it. For work I use Thunderbird (the best of the bad alternatives), and search is horrible and extremely slow (and usually never find what I want to find). If I had something which was as easy as gmail for handling tens of thousands of emails I would switch.
People constantly bash on thunderbird search, when it is actually the opposite.
Gmail will often fail on exact-match searches. Unbelievable frustrating and next to useless.
Thunderbird is a bit clunky but does what you ask of it and has much better+simpler filtering options.
Which makes sense, gmail is in the cloud so it can't perform intensive search queries because that would cost way to much.
Thunderbird has a dedicated machine for it, no matter how old and slow it is it will have way more resources at hand than google will ever allocate to you, even if you pay.
I use Thunderbird but I only do so as it's the best of a bad lot (before that I used Eudora before Qualcomm dropped it - Eudora users know everything else is a letdown).
Thunderbird has forks but they too need much work. The trouble with email started when free email was included in Windows thus taking the incentive away from development. Same goes for Thunderbird nowadays with free Gmail being available.
I was working in a College's IT Dept when they were migrating everyone from Eudora. Lots of the professors were of the "You can pry it from my cold, dead hands" opinion. They often had 10s of gigabytes of email dating back to the early 90s, some even earlier.
Yeah, and converting old mail wasn't easy even when Thunderbird had an importer. 10s of GB were a problem as the importer often broke at about 2GB. Even TB's own native boxes broke when about that size.
So could Eudora's for that matter. Crashes were a particular problem with large boxes (.MBX files) as they often had crosslinks from users shutting down too quickly. Trouble was that when the mailer reindexed/compressed the box it would often stop at the crosslink and the remaining mail lost (I used to advise everybody never to reindex unless they'd backed up immediately beforehand). No doubt if you were in the IT at the time then I'm preaching to the converted. ;-)
I often use this example to illustrate bad design and the need for data hardening. If the time you're mentioning was before Qualcomm announced an end of Eudora then this may have been one of the reasons to move away. That said, mail clients haven't progressed much since. The MBOX is simple and still predominates but that's a mixed blessing when we need separate index files. Essentially, those who've many GBs of mail still have a problem. Little wonder many have turned from POP/IMAP to web mail.
Search and find old emails, that's where a CLI shows its merits. I can use grep or agrep (approximate grep, to search for spelling variations) on mailboxes, or mutt to have a tool which handles the base64-encoded stuff.
I have to use Thunderbird at work too, but every so often I'm glad that mutt handles IMAP as well and helps me find stuff that Thunderbird will not.
You can use an imap client as “backup” and continue using the gmail web interface for day-to-day usage. Or the other way round, depending on how much you rely on gmaial search. There’s also a few mail backup tools that effectively let you create a local copy of your mails.
As one who's never trusted my data to Google I really am curious why so many actually do so.
Is the convenience truly that great that people are even prepared to gamble the loss of their data? Alternatively, why is it that some of us have always been mistrustful of Big Tech and most others not?
> As one who's never trusted my data to Google I really am curious why so many actually do so.
I expect that most users think on the same level as they do with metadata: "I have nothing to hide so can't be a possible target." And if an algorithm suddenly marks them as a target (for whatever I transparent reason) they do not understand that they might just be "collateral damage" …
My IT world view was formed in the 90s when various proprietary file formats became more or less inaccessible due to "software obsolescence"). Which told me that only more or less plain text (mark-up is fine, as it is text too) will guarantee that I can access my data years later. People who started their live with Big Tech (so-called digital natives -- or is that naives? ;-) might have to learn this sooner or later.
Right, having managed IT I understand the proprietary formats problem well. My two axioms are - use plaintext wherever possible, and second, before you commit to a new program always check its export features to ensue you don't get locked in.
There was a time, maybe up until 10 years ago, when Google was cool. Everyone wanted a GMail address, it started out as invite only, like Facebook. "Do no evil" was the motto. And they ramped it up slowly like boiling a frog. The evil, I mean. And here we are today.
I remember when I first got my Gmail address, what... 18? 19? years ago. Google was hot shit and everyone was like "Well if Google makes it it's got to be good!"
I don't think people actually believe that anymore they just feel they have no other alternative. Google had this wellspring of good will that they have simply burned over the last 10 years or so.
It was developers who originally made Google what it was - first to search, first to Chrome.
We can unmake it as well and I think it's about time we do.
I think they started off at a good spot. Then realized they wanted more control of the data going through them. Then they realized they wanted to control the way the data flowed in an ideological way. It is a natural reaction to someone who gets a decent amount of wealth. They think 'how can I make the world a better place'. But the mistake many make is not realizing that their way is not the best way for others. Sometimes the best way is just to kick the actual trolls and just let everyone be they way they are. They are no longer satisfied with that. Doing what they are doing is going to 'dismantle' their people network. In 10 years people may be saying 'oh yeah remember google'. It can happen. At one point a lot of people were on AOL now it is a ghosttown of what it was.
Absolutely, with AOL the paradigm shifted and it couldn't change quickly enough. Google will likely predominate until another shift of similar magnitude occurs.
Seems it's impossible to make predictions in this area with any certainty.
Remember, Bill Gates was paranoid about this and about Microsoft getting caught out for similar reasons especially so around the time Windows 95 came out. Even so, MS missed the boat with search, smartphones and Android.
Yes. The convenience is truly that great and the ratio of users to locked out users is large enough that I am prepared to gamble like that. We gamble all the time with any service we use or retailer we buy from.
OK, that's fine. But as I said elsewhere you should always be entitled to get your data back if you are locked out and the law should guarantee that entitlement.
Absolutely. If we bring the law into it, one should also know why they are being locked out and have a valid human-lead channel to contest it. I'm in no way condoning what's going on sometimes. It's terrible.
Fully agree. The law should also enforce an arbitration process onto Big Tech at it's expense (it can afford it as it's selling user's info). Moreover, those arbitrators ought to be independent of Big Tech.
It grows and compounds. I started using gmail an google a long time ago, when I was not enough of an expert and a big tech enthusiast. The Google cloud ecosystem has been ahead of its time for a long time. Now that alternatives are available and I understand the lock in risk, I am way too entrenched into the ecosystem to consider getting out as an easy and painless option.
Most people don't see these articles, or know how to buy and manage their own domain. Most people want email that is easy enough to use and generally functional and stops them having to see spam. We're all in a bit of a bubble where we've seen enough to be wary, but most people haven't.
The idea of losing all of my email access, etc, is terrifying, much like the idea of getting in a car accident, or getting cancer, or one of a million bad things that can happen to a person.
But what are the actual odds that a bad thing is going to happen to me?
1.8 billion people are currently using GMail. If 1000 "real" (ie, not bots) accounts were closed every day for the next 80 years, there's a 98% chance that I (or any other individual user) would never have a problem.
Obviously, if some number of people are having problems that's, well, a problem, but as an individual user I mostly assume that it's not going to happen to me, much like I largely don't think about the 1-in-103 chance that I'll die in a car accident.
I switched to gmail in the early '00s when I was a kid after previously having an email on a friend's private server that he decided to take down. That was back when Google only offered POP email. That was back when Google was only an email service and search site. Luckily I was an Apple user however and haven't migrated my personal photos, data storage, and many other things to Google.
Do a google takeout ASAP if you haven’t done so already. This mitigates against data loss through being banned. You then just need to change your email in myriad places!
ebay's stupid about this. you can reset your password but then they'll still send you an SMS(!) to verify it's you when you try to use your successfully reset password.
I no longer have access to that old number, i ditched that particular account cos it didn't mean much to me and opened a new one, wasn't worth the hassle.
I went through this recently and... It's not actually as many as I thought. I've got 454 entries in bitwarden, but anything past 20 or so most common entries, I can completely ignore / wouldn't care if they disappeared.
You can keep an offline copy of all your mail by using a mail client like Outlook or Thunderbird and leave it running while it downloads all mail through IMAP.
There's surprisingly little you truly need a google account for. Gmail was one of the last things I hadn't moved before I was locked out of my Gmail account because of their bad password reset heuristic. Thankfully I had it set up to forward to my own domain.
Just to add to the giant pile of anecdotal stories here, Google has been on Gmail labeling all links to the 350,000 Neocities sites as "potentially malware" for a while now, despite the fact that we don't allow uploads of executable files so that's basically impossible. We've only had one valid malware report in our 7 years of operation (zip embedded in a gif file, which I now know how to detect so it's fixed).
There's nobody at Google to contact, so I have no idea how to fix it. I used to have a friend at google I could ask for special help from (this made me feel awful), but they no longer work there, so I guess I'm just screwed until they actually get some sort of official support channel, or somebody at the company that sees this message (hi!) fixes it somehow (thanks!).
Everyone saying "I would lose all my e-mail" apparently doesn't know about fetchmail, getmail or even Thunderbird. Just download your mail using IMAP or POP3 and archive it locally.
I recently deleted my last Gmail account (that I had since 2001). Before doing it, I tried Google's Checkout to get the data, but it was adking me for "verification" (i.e. more info about me) to finish the download.
I just fired up Thunderbird, configured a IMAP account and... done. Almost 20 years of e-mais are now backed up at home and on a Nextcloud instance I keep on a Linode VPS.
Web is not the only way to read e-mails, friends. Use a proper client and back it up.
You can also schedule Google Takeout, which gives you a nice .zip or .tgz with mbox files, in addition to all of your other Google information. I have it set to deliver one of these backups every two months automatically.
How would you do google checkout once they have banned your account with no access ? Even if you have done it majority of people suffering from this fate will not have google checkout data or access to it !
True. But I was replying to a comment which mentioned using IMAP sync as a backup; both that solution and Google Takeout require access to your account.
does this include absolutely everything from your Google account, like all emails with attachments, google photos with album data, youtube videos from your channel, etc? If not, does someone know of a guide out there on how to export all of one's data from Google?
Yes. I can verify that it contains email attachments, Google Photos files (along with metadata in JSON format), and YouTube videos. There is quite a bit of other information included as well, some of which I didn't even know I had created.
That's actually amazing. thanks for your response! I've been slowly working on detaching from google this year due to stories like this, but the thought of manually downloading all my data was rather overwhelming. Glad to know they at least offer this feature
> ...backed up at home and on a Nextcloud instance I keep on a Linode VPS.
> Web is not the only way to read e-mails, friends. Use a proper client and back it up.
I think your advice is good for you and, perhaps, for some of us who are willing to do the work.
But the vast majority of people aren't going to be able to casually fire up, for example, a Nextcloud instance and linode VPS. Not even close.
The long-term management of a DIY personal/household computing infrastructure for email, important files, and online services just isn't in the skill-set of most people who aren't computing professionals. It's not really even in the skill-set of most computing professionals.
I just used Google Checkout to get my music files after Google shutdown the play music service and transferred it to youtube music. I now have ~60GB of zips containing mp3's and meta-data in csv files (admittedly, it was all badly curated by me with garbage id3's and bad filenames). I'm now trying to properly tag and curate these media files and host it in some way that I can use it remotely. It's not a trivial job. Especially because I've decided I don't want surveillance capitalism coming between my music collection and me anymore (eg no spotify/pandora/apple-music for me). I'm sure it's trivial work for some of you but for me to manage a collection of music, it's a challenging project with lots of trial and error (tbh, I kind of enjoy it). Can everyone do this? Definitely not. It's a massive DIY undertaking.
If we're now talking about email and files which are more important that one's cool music collection, it's a whole other ball game. I don't think there's a good solution for those of us who don't want to roll-our-own infrastructure.
> I'm now trying to properly tag and curate these media files and host it in some way that I can use it remotely. It's not a trivial job.
Foobar2000 with discogs addon will help you with organization; musicbrainz picard will hello you with actually identifying your files if necessary. Airsonic is quite nice for actual hosting, and allows you to create multiple accounts with limited access and time-limited shares for playlists/albums/etc. I personally use fb2k with a dozen or so addons to organize my media library and playlists (the auto-playlists feature is nice). I use airsonic for hosting; on computers I use the web interface (or fb2k) for playback; on mobile I use dsub for playback. Bubbleupnp server is also installed locally so I can share/cast to receivers that don't support subsonic protocol, though I have yet to use this since I started using airsonic.
Airsonic is a fork(?) of subsonic, and has several forks available with different feature-sets and focuses (one for japanese media, one for audiobooks, etc). The one I use is airsonic-advanced, linked below. It integrates with last.fm and listenbrainz for scrobbling, and (I think) with last.fm for artist info and similar artists (I'd like to see similar artists replaced by gnod, personally).
I feel silly for not having thought of this. Thanks for the suggestion. Just setup Thunderbird and i'm downloading my emails now using the offline sync feature. Appreciate the advice!
Moved to Fastmail years ago, because my spider sensors were telling me for years that I need to fear companies where I can’t reach a human to resolve conflicts / problems. - They have an excellent Email service, calendar and contacts management. Most important: At fastmail I get a very quick response from a human who will always help me very quickly. Also I use my own domain name so that I can move my Emails to a new service provider whenever I want.
And while I was at it, I replaced Chrome with Firefox on my Mac and never looked back.
Finally I moved all my photos to iCloud, replaced my Android phone with an iPhone, got a paid account at Dropbox, started doing backups like there won‘t be cloud services tomorrow (Carbon Copy Cloner ftw!)
I have a google account, only for using Youtube (paid). And I like their search results. Even that is too much google for my taste.
Edit: Ahh, Gsuite. I migrated to office365 (microsoft). But I use it mostly offline (Word, Excel). Actually for legacy stuff. Because I started writing my documents with Emacs + Org and export to whatever format my recipient needs, doc, html, markdown (using pandoc extensively).
I had a bit of an argument with a good guy who just couldn't understand why I wasn't willing to put all our new company's documents on Google. I convinced him (grudgingly) to use a setup much like this (we ended up with Box instead of Dropbox because I got sick of Dropbox trying to grab all my data).
Seeing things from his perspective, I was amazed at how successful Google has been in convincing other businesses to take on Gmail, Google Docs, etc. When I think about the enterprise focus of Google, as well as the continuous rebranding, product EOLs, and crappy user interfaces, it's hard for me not to see Google as the new Microsoft. As a former Linux desktop user who lived through the whole MS antitrust thing, I find it absolutely bizarre that today, I'm much happier with Office 365 on the web, than I was with Google Docs.
I still worry about all my photos being in iCloud, but it seems like less of a risk since I'm a customer of Apple, rather than a product of Google.
"As a former Linux desktop user who lived through the whole MS antitrust thing, I find it absolutely bizarre that today, I'm much happier with Office 365 on the web, than I was with Google Docs."
Identially the same with me. Damn terrible turn up for the books, isn't it. It just illustrates how messy things have gotten and how we need to bring major change to the internet.
That said, for me Office 365 is a step too far. On Windows I still ocassionally use the 2003 version along with LibreOffice and the latter on all my Linux machines.
It was a minor issue with Outlook.com web mail a few years ago. I contacted support, they asked to see the problem through remote access. My problem was escalated and fixed. Maybe their spam filter is not as good as Gmail, but customer support is another league.
It makes me think that it wouldn't be unreasonable to have regulation around blocking access to email. Google provides a number of services and seemingly, if you break the T&Cs on one of them, your entire account is disabled and you no longer have access to other Google services (including email).
I can't imagine not having access to my email - at this point I'm kind of locked in. Google keeps a lot of my passwords and I register all of my important accounts to my main gmail account. If Google were to close my account suddenly, it would certainly disrupt my life quite a bit.
Email grew into an essential part of modern life. Taking away access willy-nilly would distress most people. I understand that this is a free service and we're the product, but I believe companies should only offer email accounts knowing that access can be denied only in exceptional circumstances (e.g. abusing the email service directly).
If this investigation moves forward -- unlikely under a democratic government as we'll probably have -- one of the potential outcomes are better corporate firewalls.
If Google were broken up, a la baby bells, unusual activity on Youtube might no longer result in loss of email and phone service.
More like denying an identity. Online account services provide identity and freezing account for "abuse" is destroying part of it, with real world consequences.
It is true that horrible abusive people exist in real world, and maybe it is justifiable to flat out deny them, but account ban coming up on news stories aren't like that.
"I can't imagine not having access to my email - at this point I'm kind of locked in. Google keeps a lot of my passwords..."
That would worry me beyond belief. This is one of the reasons why I don't understand why people actually do it. To me, it's such an obvious problem and it's easily avoided.
(I use many of these services but they're outside Big Tech and I've no problem. For example, I use POP and IMAP email that's been around since the beginning of the internet.)
All of the advice after fact would not help a person who actually lost his account. Nor if you are among 99.9 % of population who don’t know how to setup your own mailserver etc. Lots of advice here seems like victim blaming. If you have lost your google account then somehow it’s your fault. For me it seems a nightmare if it does happen to me as well. Can we discuss solutions that can help general public in these situations.
Even if you don't know how to setup your own mailserver, you can still decide to pay for your email (protonmail, fastmail, etc.) to have it managed by a smaller company who makes money directly from their users hence have an incentive to treat them well.
Also not putting all your eggs in one bag is a good idea.
The real problem is that most users don't understand why they should pay for a service that Google provides them for free.
It seems more like a reminder that watch-out - it may happen to you too. I use personal domain that I prepay for 5 years in advance. I recently started using gmail account more and more, but this is another reminder that I may lose access to important business emails if I continue to rely on Google.
It's not victim blaming to recommend that people who know how ought to switch to more self-managed solutions, but I agree with you that doing so is not an option for the vast majority of people. I've always promoted the idea that anti-monopoly laws should be upgraded to be especially sensitive to network effects, now that so much of the economy is becoming networked. The bigger a tech company gets, the less power they should have to decide whose account gets suspended, what you can say, what videos you can show, etc.
"We're a private company" is no defense against traditional anti-monopoly enforcement. New powers that make Big Tech so big should be explicitly added to the dangers anti-monopoly regulation was created to defend against.
If Google wants to lure you in, they should end up being as stuck with you as you are with them.
The absence of reason makes me wonder a lot of possibilities. Maybe google bans people who use ad-blockers, maybe they didn't explicitly set that way but some of their algorithms must have figured out these users should go. I know, it is extremely unlikely but we're free to come up with reasons if google doesn't give one. Don't sit there thinking it won't happen to you(I was like that up until recently), get a domain name and transfer all important accounts to it. And do a Google takeout.
I imagine a "social dilemma" scene with the little guys inside the computers:
> His actions over the past 15 years lead to a 76.9% chance that he will break our ToS. Furthermore,he has clicked only on 0.000001% of the ads. Terminating him now will increase the average profit per user by 0.00000000000000000291%.
My twitter account was banned in March without warning (the reason they provided was "due to multiple or severe violations of our platform manipulation rules). Frankly, I'm way too boring on the site for me to be guilty of this so I appealed 5 times over ~4 months.
I must have gotten through to a person eventually because I was unsuspended with the message:
> We’re writing to let you know that we've unsuspended your account. We’re sorry for the inconvenience and hope to see you back on Twitter soon.
> A little background: we have systems that find and remove multiple automated spam accounts in bulk, and yours was flagged as spam by mistake. Please note that it may take an hour or so for your follower and following numbers to return to normal.
This article finally prompted me to do what I should've done a long time ago, which is to create a Fastmail account and begin importing my Gmail into it. I've seen this story far too many times, and no longer will I say "yeah but it'll never happen to me".
Setting up the import was insanely easy, and my Fastmail account is now configured to enable me to send using my Gmail address from directly within Fastmail. Plus after the import is finished, it will still periodically bring over any new emails received to the Gmail account.
That is why I want something like Time Capsule for our Smartphone ( iOS or Android ).
>Roughley lost data including emails, photos, documents and diagrams that he had developed for his work. "My account and all its data is gone," he said.
Imagine all your photos were in Google Photos and you cant get it any more because you have somehow violated their policy? All the beautiful memories of your boy or daughter when they were young or as a baby.
Imagine the song you make, the video you took.
The Cloud, should be used as an OffSite backup. I should always have the option to have my Data, stored in a box in my house, in my own property. Those who want the convenience of cloud ( iCloud, Google's X ) can do so. But there should always be an option to have your backup not in the cloud. ( And no, iTunes Backup is not that option, it is ridiculously complicated for any average user )
You can do it with python - https://pypi.org/project/gphotos-sync. They have docker image too. I have a cron job that starts the docker container periodically to fetch any new photos.
I have a quarterly reminder set up in my iphone reminders app.
Whenever it goes off, I login to Google Takeout and trigger a full download of my data. I then download the file and put it on the hard drive of my computer, which is itself backed up to multiple hard drives via apple time machine (I have one drive i leave always plugged in, and one I plug in during the quarterly sync and then unplug for protection against ransomware or other attacks against my personal computer).
Simple, effective, and I could only ever lose up to a maximum of 3 months of data if banned from google.
Thanks, I've set it up myself. Most of my Google data isn't really important, but my gmail is super important and it's the backup address for dozens if not hundreds of services.
I did the same, but I never got to like Fastmail so I switched back to Gmail after a year. This time I'm on my own domain though so they can close my account all they want, I'd just setup email with another domain on the same address . Would lose my emails in the process, but that's secondary concern.
I've used a secondary Protonmail account lately and it seems decent. I haven't used it enough to make a fair comparison but if you only gave me 5 seconds to choose I'd instantly choose Protonmail over Fastmail. Same pricing (with custom domain) IIRC.
Edit: Then again as a paying customer I might not be as easily locked out compared to a regular Gmail account? No idea.
I love the experience on Fastmail personally, but you have checked all the boxes to protect yourself if A. You have recent Takeouts or sync of your inbox and B. People know to reach you via the address on your own domain, which you can repoint to a new service if necessary.
If you're doing these two things, you're effectively protected from this issue, even if you use Gmail. Of course, it won't necessarily help you with losses from other Google services you might be cut out of. For an Android user, for instance, there's no real way around potentially losing every app you've ever bought on Google Play.
I migrated to Fastmail a few weeks ago. I'm really happy with it and I wish I had done it years ago. Many features. The web interface and apps feel a lot faster than Gmail.
Pro-tip: use a custom domain so that you can easily switch e-mail providers in the future without vendor lock-in. It's also very easy to add aliases in Fastmail.
> Plus after the import is finished, it will still periodically bring over any new emails received to the Gmail account.
Another option is to let Gmail forward your email to the new address.
Another protip: fastmail lets you alias yourname@yourdomain.com as anything@yourname.yourdomain.com. You can use this feature to create a unique email address for every service you sign up for. This is really handy for filtering to folders, or blocking marketing spam.
Still on the G-Train. While I am thinking about migration back to my own hosted versions, I currently do this with Google Groups. I have many groups (amazon@..., newsletter@..., spam@...) for many different use cases. Though I have not yet created a catch all...
This thread prompted me to dig into it and I found a blog posting describing the process [1]. Will try this - while still digging deeper into the migration topic.
Suggestion/what I have been practising for the past 20 years:
Get your own domain "lastname.com" or "somethig.com", get it from someone who will give you 1GB catch-all mailbox.
My setup is:
Windows, MS Outlook. The emails go to the 1GB mailbox, I can access them over my phone. Once I fire up Outlook, they are siphoned down and live on my Outlook forever. My emails are around 5-6GB of .pst file(s). I backup my whole disk in two manners: selected files and folders of my C and D drives on Carbonite, and one massive (80GB) Acronis .tib file (clone of my C: - SDD) again on Carbonite. My Carbonite "footprint" is well over 1.5TB.
So my backup is 3-2-1.
3 places: local disk, external drive, Carbonite (not affiliated)(I just love their unlimited storage and ability to encrypt pre-transmit)
2 different physical locations: home/on the move & Carbonite cloud
1 online: Carbonite (nice and encrypted).
I keep some gmail accounts handy, a couple of hotmail accounts, but EVERYTHING forwards to my mail mailbox. These accounts are used for things I don't want to have a real name-surname (like a silly game or other 'stuffs'). I won't cry if I lose them.
I have been operating like this for 20 years. I do have the cost of the domain name and mailbox service, but the cost is nothing to the pain one gets of losing access to ALL the stuff from the "free service".
I do NOT use any of the Google/MS-Hotmail ecosystem, no "online drives". This setup works for me. Perhaps it may work for you/your lifestyle, perhaps not. Just putting it out there to show that one can have a perfect IT lifestyle without using any of the "free" stuff.
Edit: I am not affiliated to any of the companies mentioned above (MS, Carbonite, Google). I just made the decision 20 years ago to stay away from them (incl. Dropbox, Microsoft free or paid storage), and keep everything offline/on me, and of course accepting the risks that come with it (house burning down, burning a CD/DVD as backup method back-in-the-day), etc.
I recently wrote a step by step article about this, for people who might not know how, such as family members, et al. I chose ProtonMail (despite also being a FastMail customer) because I’m a bit concerned about the new Australian encryption key escrow mandate (which I assume affects FastMail) and I like ProtonMail’s “don’t store plaintext” approach, even if it does need special client software.
If you’re emailing other people on ProtonMail, it fetches their keys from the (presumed trustworthy) server, and does end-to-end encryption.
In that mode it’d at least as secure as iMessage (before Apple backdoored it by adding automatic key and plaintext escrow).
Most emails use TLS, so they’re encrypted on the wire between servers.
ProtonMail then encrypts the plaintext as soon as they receive it, for storage. It stays encrypted from that point until it reaches the client.
For most mail it’s not e2e, but it does cut down on the opportunities for the mail to get seized by anyone who can compel the provider to turn over their records.
That’s what I do, along with running my own services. But either you run your own mail server, and the cost and complexity is prohibitive to most users. Either you outsource, and then all your data is still held hostage by a third party provider (though granted, any of the smaller players is likely to have some form of customer service).
If you use Thunderbird as your email client, you have all your data in an sqlite database on your computer, conveniently updated regularly throughout the day.
That's honestly nobody's problem but your own. Set it to autorenew or buy it for a longer period of time. I bought 10 years up-front for my own domain.
Namecheap is quite a popular place to buy domains, isn't it?
(myname).xyz - 10 years - £85.29 / $110.15
(myname).com - 10 years - £69.87 / $90.24
(myname).net - 10 years - £98.40 / $127.08
In a world where many people are not able to afford food for themselves[0][1], this is hardly an alternative. At minimum wage ($7.25[2]), a single domain name would take about half a month to earn, assuming you have no other outgoings, which is very likely not the case.
This. One tip I might have learnt from here is to renew a domain for the maximum allowed period (usually 10 years), and then make it a habit to renew it once a year, back to the full ~10 years.
I'm like you - it's been on my todo list for about 8 years... the thing that keeps my exit velocity insanely high is:
1. Entire family on @gmail
2. All Android phones setup to send photos to a shared family@google account so no one needs to 'send me those pictures from Anon's birthday' - it's all getting sent into the same account.
I'm not sure how to seamlessly pull off #2 without trying to lift and move the entire family over to iPhone's or something like that.
But even then you have to trust FastMail not to lock you out. Sure it's a paid service so less likely and I'm sure their customer service is better. But it doesn't fix the root issue of being dependent on one party.
Google is pretty unique here. You can have a dedicated support team at Google with a multimillion dollar account, and still be wack-a-moled by Google's automated systems.
The root issue is Google. This doesn't happen with most companies. This is specific to Google's culture, which treats customers as statistics. That comes out of how Google thought about search and ads, and doesn't work for anything else.
The secondary issue is being dependent on one party.
I would say that this applies to most of the companies with hundreds of millions of users. The account flagging needs to be automated and there is still some fraction of false positives. The appeal process is not easy because the false positive users are intermixed with bad actors. The human time dealing with the appeals is limited due to the sheer numbers of users.
For me the solution is to use a paid service or a free service at smaller business where employee/user ratio is better.
To be fair, I don't think other providers like Microsoft are much better, but also note that the service is equally bad if you pay for ads or cloud.
I'm generally against too much regulation, but given how important e-mails are (access to all sorts of accounts, important messages from clients, tax, etc.), this is a case where a certain service level needs to be mandatory, e.g., unlocking within few hours.
Every time I needed support for my office365 account I got it and it was resolved quickly and professionally. The account size is very small. Microsoft is in another universe compared to google.
Fair point, I was referring to the unpaid version.
With the office 365 support I did have a minor accounting issue that they didn’t intend to fix and support tried some standard responses (I needed the billing company name to be different from the Domain/account name, which isn’t possible and the support didn’t know and asked me to do a bunch of things before I figured out through a post that it’s not possible - an edge case that isn’t too much of an issue unlike being locked out)
The bigger problem here even if you want to maintain your anti regulation stance is that a Google lockout prevents the user from acquiring the data that is rightfully theirs. If a lockout included something like a 90 or 120 day sunset period where you had read only export, even a harsh termination could at least be defensible.
That you should be able to obtain through GDPR in Europe at least, though it might be an issue to prove ownership if you didn’t provide your real name.
What doesn’t work that easily is resetting passwords without account access, especially since more services are switching to magic links instead of passwords (and the issues of managing multiple accounts in a standard browser password manager with things like slack having different sub domains and accounts for different projects)
Yeah that's just not correct. If you're paying Microsoft for an Office subscription, they will offer you support because that's your gateway into becoming a lucrative business whale of a customer. It's been that way for decades.
If you combine it with a paid domain, then you can transfer your email provider even when locked out. Of course you risk loosing your emails, but you can setup a desktop client to always download all your emails or do periodic backups.
I don't have these issues with Fastmail + custom domain, but you need to make sure that DKIM and SPF is set up correctly. Fastmail helps you to check and fix this.
My issues were with Zoho, with DKIM and SPF set up correctly. Would be interesting to see if the domain (or top-level-domain) or the e-mail provider is at fault. It's difficult to test given the number of signals that are involved in flagging a message.
That seems very odd. There's no reason why mail from any domain with good mail servers should just land in spam folders. You should investigate. Perhaps someone is sending spam using your domain?
The single time I needed support from them, I was replied by a person that understood my problem and while they didn't fix it (it was a feature request) it was added to their backlog.
The suggestion appeared live like a year after and was contacted saying it was available in case I still wanted to use it.
From Google, on the other hand, I never got a human reply to any issue. The one that pissed me off the most was that my location history pre-2015 disappeared for some reason and I was using it to geotag old photos. No response, no acknowledging of the issue, nothing.
I found a UI regression a few months back with the way threaded messages were working. Notified FM, they replied within a few hours acknowledging it was a bug and they would fix it asap. Fix was out within a few days, and they followed back to with me to confirm it was fixed for me.
You can integrate with Thunderbird for local backup, and anyway Fastmail customer service is capable and responsive.
The critique on the earlier post is a little like saying it's still a problem that you need to trust your local supermarket for food. Which is true, but still much better than relying to avoid starvation exclusively on just-in-time shipments from an automated unstaffed ACME Growers Warehouse in Nowhere, USA.
This. It is very comfortable to use Google OAuth sign in, even if you have a custom domain, but I've run into a few services that will not let you log on with user/password if you created the account via Single Sign On with Google, regardless if you use the same email.
A good start would be to require by law from Google and similar other companies to actually give a reason for an account suspension, having to potentially put a real human on the line ought to bring them pause and ensure there are less frivolous suspensions.
That said, the real answer is, of course, to migrate to a domain name you do own and a provider that's not known for suspending accounts willy-nilly, I'd stop just short of being your own provider, given how difficult it may be to get things right.
What do you do when you already have history with Google?
I use their OAuth whenever I can, all my accounts on the internet use the gmail address, most of my life is in gmail.
Losing emails is not a bug deal, I can back them up, but losing Oauth accounts and ability to reset passwords for accounts I don't have a password saved in my manager is a bigger concern.
The only way to get around your dependence on OAuth connections is to migrate off of them, one at a time.
My suggestion would be to get your own domain, get an email service that supports wildcard email addresses, and get a password manager. Start migrating your accounts one by one, until you no longer depend on your gmail account for OAuth.
It will be tedious, but for most websites you can update your email address in under a minute. Put a movie on and knock them out in an afternoon.
I'm really struggling with this one. I'm increasingly unhappy with Apple's bullying and the only other option I have is a company that may brick my device at any moment because "machine learning".
There's seriously got to be a better way. I want to get a Pine Phone but they don't sell them with service where I live yet..
Lots and lots of shame needed to fix this situation. Bother your Google employee friends, send this to them, upvote it and keep discussing.
YouTube doesn’t really listen to the content creators or fans but they will make policy changes within a week of a hyper critical article in traditional media.
BI isn’t big enough probably, need this to get picked up by a bigger paper for a major Gmail policy fix.
This is the post I needed to start cutting out Google as much as possible. Not because I want to go 100% Google free but having too many Google services means that you are more likely to inadvertently violate one of their terms.
1. Remove Google Analytics and Adsense. Especially Adsense seems high risk.
2. Remove free apps from Play Store
3. Stop uploading public videos on YouTube
4. Stop sharing files through Google Drive
5. Use only my own domain for emails that are forwarded to Gmail.
6 Stop storing passwords in Chrome.
Only reason I want to keep Google is for Gmail, calendar, Nest Thermostats, Nest Doorbell.
Photos are already backed up in Apple Photos in addition to Google Photos.
There has to be regulation with regards to account closure in this day and age.
I'm sure large companies don't want to screw their users over and have to shut down accounts to follow some other regulation but at their scale Google does not care enough about any individual account.
That's why there has to be some set of laws ensuring people can always take their data out with them. IANAL but exporting and importing all your data to/from Google must be just a button click away even after account closure unless there's a court order.
Self-hosted email seems to elicit conflicting reports of experiences - I think the takeaway I've seen cited most often is that it is incredibly difficult to get your emails delivered to users because you will be randomly blocked one day.
I feel like there ought to be some kind of "let's encrypt for email" type solution to create trust but I'm not sure how it could be done.
Google filters their own email sometimes. I’ve seen them filter facebookmail.com too. Microsoft is just as bad. It’s incompetence. The only difference with using a huge provider is they can probably contact someone to get it resolved. As the little guy you can’t.
Imagine if it were somehow possible to require a company (G in this case) to expliticly tell you which part of their terms of service you broke and provide the evidence or justification to prove you did break the ToS...
I frankly cannot fathom how it's legal to say someone has broken an agreement without justifying what they did which broke the agreement.
When I was working at Google, I got locked out of an account, luckily one I had used for a band that wasn't active anymore.
I had barely used the account for months, and all of it was, "Thanks for your interest, here's our music, we don't play anymore."
Even working there, I wasn't able to get it turned back on or get any explanation as to what had happened.
I didn't really care. If it had been my prime email account, I would have cared.
I see this as theft. It's not like Google ever throws anything away, so if they cancel your account, they are literally stealing your data from you.
We can't force Google to give service to people they don't want to, but they should be transparent about it, and at the very, very least, there needs to be a way for you to retrieve all of your information if they close your account.
In a government of laws that tried to protect the average person, this would have been a given. Unfortunately, America has never had that.
This terrifies me. I recently signed up for Google One just to mitigate the lack of support if I were to lose access to my account. Perhaps the other thing to do is not comment using my account, which feels very wrong.
All of the other options have drawbacks too. With Fastmail or another provider, you're trusting another corp. Setting up your own involves a bunch of work and difficult to solve drawbacks like spam filtering. I'm also not sure that it's harder to compromise in the grand scheme of things. There are horror stories of people losing domains too.
I think this is a prime case of out of touch governments failing to keep up with regulations. My email is part of my identity at this point and more valuable than any of the plastic that has been assigned to me by the govt. I can't think of much in my life that would be more painful to lose than that email address. Yet, we are all so powerless...
> With Fastmail or another provider, you're trusting another corp.
You're trusting a corp that offers customer support, a service you pay them for. With Gmail you're completely on your own because you're only a small cog in the massive data mining machine. That's a pretty big difference.
That said, it's a good idea to set up a custom domain with a trusted registrar.
> With Fastmail or another provider, you're trusting another corp.
You're trusting another corp that only handles your email. Not your photos, videos, notes, phones, thermostats, doorbells(?), security cameras, speakers, TVs, youtube income/career...
China has a state issued social credit score. We have a social credit score via megacorps.
I'm not sure that drawing a parallel here is actually helping the discussion.
Anyhow yeah: megacorps control is dangerous and frustrating. Unfortunately, splitting all services across several different providers is something that requires lots of conscious effort from all users. And even after you split out everything that you use, you might suddenly realize that there is now a new service provided by one of these megacorps, which you started to use without realizing that it's linked to your main account.
The email address itself is what's irreplaceable for me because it's tied into my identity at this point.
The other soft stuff is fairly trivially backed up and not locked in to any vendor. The devices would need to be replaced, which would be annoying mainly due to cost but would have no long term impact beyond that.
I get your point, but losing my email address would be orders of magnitude more painful for me than those other things.
Only use Google SSO for things you don't care about.
While in would be a pain if I lost my google account, I can still access Twitter, Discord, GitHub, Bitbucket, stack overflow etc as they aren't bound to Google.
My emails/hangouts chats however would be lost unless I took a backup (I haven't but I might one day when I decide to go ad-free)
No, they're not describing New Zealand. NZ doesn't have a national ID card. Also, they have their own system for SSO to government portals that doesn't use Google.
Most WINZ/StudyLink and IRD interactions are online now, and I got my passport 100% online using RealMe. I can't remember the last time I posted anything to government in NZ.
I've had a ton of paperwork done in recent years (voting, child passport, visas). Most of the conveniences stops when you don't have NZ's drivers licence...
Good lord, it's stories like this that make me absolutely afraid to take their cloud offerings seriously. Yes I know it's a separate business arm, but it's the same people calling the shots and trying to stick an algorithm in where Customer Service should be.
A lot of comments about setting up your own domain but the cost is prohibitive to a lot a people:
- 1 to $5 a month, sometimes per address. It does pile up.
- no office suite of the level of google docs/office365
- need some basic know-how to do it
- price could go down but then you have to learn about dkim, spf, etc. not your regular customers/consumers thing. Not even your regular HN reader/participant thing.
edit:
- gmail to gmail works, no brainer and the UX is the same for everyone ; your own UX/provider will introduce hiccups
You are not wrong on some of your comments...which is why some time ago i set up a single-person account (with my own test domain) with zoho...to see if they're a viable replacement. I had used (and abandoned) a free zoho account like almost 10 year ago...but then read the following post, which re-interested me in zoho (though now via a paid account): https://kevq.uk/reasons-why-zoho-mail-is-better-than-gmail/
So far, a few months into my experiment, zoho is really working great! For a single-person approach, zoho's cost is really difficult to compete with; you're looking at $1/month, plus the annual cost of a domain name...which of course is not free, and to your point could add up if need more accounts (for family members, etc.)...But considering other options, it could be something worth considering.
Looks like .cyou is currently the cheapest TLD at $0.65 per year for renewals. There are a lot of other options for just a little bit more. If you can afford it, pay for 10 years in advance.
One domain can be used by an unlimited amount of mailboxes.
Regarding DKIM etc, most email providers will help you with that.
GMail is only a "no brainer" if you don't care about privacy or until Google locks you out.
I've bounced around Google, Microsoft, and Fastmail for the last 4-5 years trying to find a sort of "holy grail" solution but I've learned there really isn't one. Google comes closest (for me personally), but the privacy implications and vendor lock-in always end up scaring me away.
Fastmail has really outstanding mail support, but their calendar service definitely leaves a lot to be desired (i.e. if you want to share a calendar with a spouse with any sort of authentication, spouse needs an account too), and their file support is minimal.
I think the answer is diversification and make sure you're a paying customer for whatever service you use. Use your own domain, spread your data around, use standard formats (text, etc.), and keep backups. Otherwise, you're just asking for trouble.
I recently tried to sign up for Google AdSense and received an automatic reply that I already have an account They even sent me an email address of that account.
That email address and account is not mine, it belongs to my brother. We connect to the accounts from the same location, have the same surname but we are different people.
Google sucks big time and I will definitely try to avoid building a business on Google products.
Currently I'm using namesilo as a registrar, and my own domain for email, albeit with G Suite.
I hope that with G Suite you won't get kicked out arbitrarily, but I think I could still recover from that. Hopefully the registrar will never need email confirmation to log in (assuming my DNS setup is there).
Still, I'm worried that could get me kicked out of my registrar illegitimately.
Is there anything that can be done to mitigate this aside from using something super expensive like MarkMonitor?
Earlier my account at namesilo got disabled silently when they decided by themselves that my corporate credit card was somehow fraudulently used by me. I got it resolved eventually, but I fear something similar could eventually lock me out completely.
This happened to me. I tried for years to contact Google including via back channels. I received no responses. They contacted me recently only to notify me that my data was purged from their archives.
I bought into the dream of the cloud early as a GMail beta user. I used Drive extensively and imported other email accounts into GMail. Now I don’t have decades of important messages and records.
Don’t trust centralization. Hold backups on storage you fully control.
Under GDPR right to access your own data (in Europe), you could sue over Google's refusal to honour your data rights. Your request to use data rights can be made through any means, including social media message funnily enough!
You can privately litigate breaches of GDPR, and I imagine the court would be keen to award you costs when the judge discovers the kafka-esque situation going down. Oh, and ensuring you receive your takeout as they are legally required to give.
Not sure if there's grounds for loss, as the terms and conditions are pretty tightly wrapped to say they can block you at any time and you're fine with that... Not to say that should be allowed either!
GDPR article 22 (Automated decision-making and profiling) may also apply here - I would think for many people this kind of situation has the kind of ‘similarly significant effect‘ which would trigger a right for human intervention.
Absolutely. I suspect if this hit a court, Google would decline to say why the account was banned. A judge would then struggle to see this as not being an automated unaccountable decision.
I was thinking the exact same thing, but Google isn't stupid either. So far all of these lockouts have happening to US folks, but this one is from UK.
I'm not sure if Google made a misstep in this case or they found a loophole and no longer care about GDPR.
The UK's Data Protection Act (2018) is pretty much a copy-paste of the GDPR, and it is to remain in effect - the UK had a fair hand in writing the GDPR itself, and has passed it as its own implementing law. So while it's not "the GDPR", the rights it gives are almost word-for-word identical.
This is the issue with this giants, say you get banned because something weird happened on your console now your entire life is destroyed. I own a PlayStation and I am concerned that if my kid does something stupid I will lose access to all the games now imagine if you ownede a Google or Microsoft console , you could lose not only the games but access to everything else.
I may not be the greatest advice for the general public, but for readers of this website, if you’re not owning the domain for your email and hosting it with a customer-oriented service provider (fastmail, protonmail etc), you’re not only exposing yourself to the whims of Google et al, you’re also contributing to email monoculture, which is bad all around.
Why don’t Google and the others give an option to at least download user data once they identify the account to have violated some obscure TOS by some equally obscure algorithm?
Like a one time download option for the user to take his data and manage it outside Google property (gmail in this case).
I think this should be mandatory and perhaps it’s high time that it’s put in some regulation.
Getting locked out of Google is a legit risk that I have: I'll loose most of my personal & professional data because of it: Emails (Gmail), Files & Photos (Drive), Contacts, Calendar...
Google already offer a way to download backups from
Google Takeout. But this isn't enough because:
1- I have to remember to download an up-to-date backup myself.
2- I have to store the backup somewhere.
3- Retrieving the data is cumbersome: e.g. if I need to access my emails after a lock down I'll have to first get a recent backup that I stored somewhere then try to find a program that work on my machine that'll read the email format then import it.
This approach is open to flaws that is why I'm working on the side on a product that address these pain-points: you'll be able to automatically get backups to the service servers and it'll do all the parsing so that you can have a similar services UI (read-only) to the ones from Google.
That actually worked for me. I couldn't get it to work last year. It was still a PITA to download the bucket it makes, but at least it's one big bulk operation.
> The music he purchased through Google Music has also disappeared. "The app took it upon itself to delete all the downloaded music I had on my phone."
If they are selling access to stuff via the account, surely revoking access without reason will have legal consequences. Couldn't it be viewed as consumer discrimination?
You didn't buy the music. You bought a license to use it and they revoked the license. At least that's how I've been made to understand how "buying" digital content works.
If you need to migrate out of Google Apps or for that matter from any IMAP server I highly recommend IMAPSync.
It has a number of features built in when having to go in/out of Google.
I accept that big tech services will occasionally have to ban people for rules violations. But to be banned and not told why is absolutely inexcusable.
Welcome to vendor locked-in world where you have willing-fully decided to become prisoners in exchange for few sweets that you dont really need.
I hope you dont also own some google router or even better, "home security" device. This would make it a real pain. I am explaining this to people since the birth of gmail, but no one listens.
Let me think for a moment, what would happen if google does this to me...
[x] No google email (I have my own mail server - it is just a $90 motherboard with onboard cpu with disks)
[x] Modified ROM, no google on android
[x] No google cloud (Nextcloud is just fine, for virtualization I have bhyve. They are both just great)
[x] No applications bought from google play (If application doesnt provide "off google" licensing, I am not buying it - voting with my money)
[x] No content served by google (If I want to share video, I just upload it to my server. No annoyances about copyrights or anything else. It just works.)
[x] No data whatsoever stored in google ecosystem (actually actively fighting against them storing any information about me)
You don't have to run your server at home. You can also rent VPS from a large number of providers that have much better customer service than Google. And if you don't like your current provider, it's easy to switch.
Or just upload backups of your home server's disk to the VPS.
I know that it is possible, but think that ensuring correct backups can be difficult and that a VPS is actually quite pricy. (Especially if I want my data outside of a place which the NSA can touch, that is, no DigitalOcean or Azure.) Do you have tips for that?
We are talking about alternatives to Google services. They are very likely infiltrated by the NSA already. So using Google over small VPS providers will give your data to them far more likely. I doubt that the NSA has "everyone surveillance" contracts with every VPS provider out there, even ones in the US... they might only just send letters about individuals they are interested about. Every additional person who has to keep the secret makes exposure more risky.
Anyways, if you do distrust your VPS provider, you can just use it for encrypted backups, and then you'll only have to manage the key.
As for suggested alternatives to DO, there are plenty VPS providers in Europe. 1&1 or Hetzner come to mind. Maye they don't have DDoS protection, but you aren't trying to build a public website anyways.
I created that data, so it's mine by law. Or it is data that was never mine in the first place. Plus, my google data is stored in 3 places: Google, Dropbox and local system. If 2 of them fail, I still have the other.
As to who can access that data, well, that's a question for everybody isn't it? If I would run my own server on the internet that would also be the same question.
So yes, I'm pretty sure it's MY data. I'm also protected by EU laws.
Let me explain what happens when you buy a new smartphone (or use a new, cookie-less, browser profile) and connect it to Google because your old phone doesn't work anymore:
- Google detects the new phone as a suspicious device and locks your account until you can authenticate using your old phone.
- You can't authenticate using your old phone because it doesn't work anymore.
- You lose all your Google-connected data.
You don't need a house fire to fall victim to Google; merely dropping your phone will be more than enough.
There’s no need for lock-in though. I have almost all those benefits without google, the only difference is, that I need to install TitaniumBackup first before I can restore everything on my phone.
But unlike you, I don’t care if google locks me out.
Have you actually tried connecting a new phone to your google account without access to any old "burned down" device?
You might want to try this before you feel secure enough. My mother's phone got stolen and I had a lot of trouble trying to get into here Google account for her. I was lucky enough to have logged into it once in Safari of all things on my personal laptop. Google seemed to have placed a cookie to 'remember' the device. Otherwise her google account would have been gone forever.
I now disabled all the trusted device related settings. Sure it is less secure versus hackers, but getting completely locked out isn't a great prospect either.
> Have you actually tried connecting a new phone to your google account without access to any old "burned down" device?
Yes
> My mother's phone got stolen and I had a lot of trouble trying to get into here Google account for her
The first time, my phone bricked itself (you get what you pay for. Don't buy $30 smartphones). I have 2fa. I use both Authy (syncing) and WinAuth (local, with encrypted backups) to manage my secrets. Entering the code is enough to sign in.
The second time, I was moving from an old phone to a new phone; I turned off the old phone to remove the SD card before turning on the new one, and it worked fine without turning on the old one until after signing into accounts, when I needed to transfer data for some FOSS apps (termux, Fdroid, etc).
You can also benefit from the cloud while still avoid putting all your eggs in one basket.
A few years ago I was happy to have all my life on Google because it's was so integrated, but recently because of (1) privacy issues are (2) risks of being banned arbitrarily, I decided to reduce my exposure to Google.
So my email is Protonmail, my browser is Firefox and my search engine is Duckduckgo. I'm still looking for alternative for my calendar and files hosting. I might shell out a pro Dropbox account.
What might be harder is Android and Play Services. I don't like the iPhone, and I don't want to bother with de-googlized custom ROMs either.
You could compromise by using Auroa Store. At least you'd then have access to all the free Play store apps. Paid ones would still be a problem of course.
I am also self-hosting using the excellent yunohost.org it allows me to painlessly maintain my email and nextcloud instance.
To solve the issue you mentioned (disaster recovery), I am using rsync.net borg service.
Another 'trick' I do which considerably help is to use my gandi.net free email accounts as secondary MX and relay for my emails:
- I bought my domain through gandi, I get 5 free emails account
- I put gandi mail as secondary mx and I mirror the important email account as gandi mail accounts. For example, if my email is abc@example.com, I create a gandi mail account for this address
- I run fetchmail on my server to fetch mails from gandi
- I setup a specific email account for relay (eg. postmaster@example.com), and I configure my postfix to relay emails through gandi using this account
That way, if my server is unreachable, all emails are delivered to gandi and I can access them through gandi webmail. When everything works fine, most emails (99+% in my experience) go through the primary MX (my server). In case some are delivered to gandi or when my server is back up, fetchmail will just get them back locally.
This 'trick' helped me in numerous occasions, esp. when moving from a location to another, but it should also helped in case my house burns down.
The relay part alleviates most delivery issues: I used to have a lot of rejection (ISP MX rejecting residential IPs) or spam classification (gmail I hate you). I no longer does.
TOTP being an open standard doesn't really help, though, if the only place you have the key for a given site is Google's authenticator.
You need to actively take advantage of it being an open standard.
There are a few ways you can do this.
1. When you set up TOTP for a site, scan that QR code or enter the text version of the code in two different TOTP authenticator apps.
You might even consider scanning the code on different devices, too.
2. You can save the QR code or text version of the code, so that you can set up another authenticator app later if you lose access to the one(s) you scanned the code in originally.
Only consider this approach if you are confident you can protect the saves code, such as with strong encryption.
3. Many sites will give you one or more one-time codes that can be used to bypass TOTP. These are meant to allow you to get in so you can set up a new TOTP authenticator if you lose access to your current authenticator.
As with #2, you need to be confident that you can securely store these codes if you want to safely use this approach.
For #2, I recommend both saving both the QR code and the text version of the code. You can get command line tools that do TOTP, such as oathtool [1]. Having the text version of the code will make it easier to use such tools, which might come in handy if your phone gets lost or destroyed and you need to generate TOTP codes before you can get a new phone.
Use Authy if you're into online synced services, use WinAuth otherwise (local, encrypted. No longer in development, but still works, and depends on windows for encryption; supports encrypted backups)
> I hope you dont also own some google router or even better, "home security" device. This would make it a real pain. I am explaining this to people since the birth of gmail, but no one listens.
> Let me think for a moment, what would happen if google does this to me...
> {lots of stuff that is impossible for the average person}
If you're making the same comments to those who "don't listen" then I can see why. Honestly this comes off more as a gloat post than pragmatic suggestions. And this is coming from someone who used to run all of the above.
The problem is, hosting your own email is actually really hard. Not only much harder to set up than it should be Particularly so considering how old the technology is -- you'd think there would be a GitLab-like solution that is a single package for all the components but no, the end user is left working out what MTA to select, then there is choices between the DB backend, user authentication, POP3 vs IMAP, and possible a web server and web site code itself (if you want web mail as well as POP / IMAP). And that's before you get as far as SSL, login attacks (eg fail2ban), spam protection, setting up your DNS records in the exact combination to protect yourself from being identified as spam and then finally creating your user accounts. And even after all of that, you're still likely to find that Google and Microsoft just assume you to be spam because you're not running on a known trusted service. It's ridiculously hard to get right and that's before you've concerned yourself with the weekly upkeep (security updates, application updates, back ups, etc). There's a reason a great many skilled sysadmins -- including myself -- have given up bothering to run their own mail server. It's easier to trust $COMPANY and make regular backups in case of emergency than it is to run the process in reverse.
...and that's just email. Running your own cloud is also problematic -- not as difficult as email but it is still a considerable hassle and still out of the question for the average Joe.
About the first part of your post, actually there is a single package for all the components: mailu does that in the form of a set of docker images. I've also heard about iRedMail but I don't know it. For the rest of your comment you're right, after launching mailu you still have to configure the DNS and deal with some providers still thinking you're a spammer. But at least you can avoid the painful traditional setup which requires to install multiple pieces of software and configure them to make them talk each other, and mailu also helps you with DNS by telling you which value you should put to have dkim working (and maybe also something else that I'm not recalling right now). Personally the problem that stopped me from having my own mail server was the difficulty to have a reverse PTR record configured for your vps. I was trying to get it with an Oracle Cloud server, but after a rather time consuming process of trying to gather information about this, I found out that Oracle didn't offer the option to have a reverse PTR record.
"The problem is, hosting your own email is actually really hard. Not only much harder to set up than it should be... "
This is the very crux of the problem. We need newer protocols so this is dead easy for anyone to do but I don't see it happening anytime soon. As Google and other Big Tech are on internet standards bodies they'd almost certainty oppose it as a more distributed internet would be bad if not ultimately devastating for their businesses.
Unfortunately, we naively let the Trojan horse into the internet years ago now we're paying a terrible penalty for our foolhardiness.
I'm in the process of Degoogling my life so I have installed GrapheneOS on my phone and use FDroid as an app store.
It works but I have the impression of living in the dark ages:
- I had to ask my contacts to install Signal on their phones, some just didn't follow up (we were having long conversations on WhatsApp the week before), some don't even see my messages. I receive much less messages than before, I'm left out of the cool conversations happening in WhatsApp groups).
- I thought Google's keyboard could use some improvements, but the AOSP one is much worse.
- I can't use my banking app, and their mobile web app doesn't work with KeepassDX so I have to manually enter my account infos each time.
- notifications are hit and miss. The reminder app that I found on FDroid didn't fire a reminder this morning. I had to get another Clock app, the AOSP one insisted to make an audible notification 1.5h before any alarm (it was silent on Google's).
- email clients: FairEmail is good but lacks ergonomy.K-9 mail is a joke. (I like to separate my email accounts in separate clients).
- the icons are ugly and I didn't find any way to change them.
All in all I'm not exactly living the dream right now. I don't use social medias (except YouTube on my desktop where I can block ads) I think I would have a much harder time if I had to use web apps to connect to social medias.
tbh not all people can run their own infrastructure (let alone manage/maintain it). I'm not sure about you but most non-techie people I know rely on online services to keep their data safe. some (maybe) have a USB drive to keep a copy.
talking about the setup I'm a bit more flexible in some regards to save bandwidth
Cloud/data storage/services
XCP-NG + NextCloud + 3TB NAS (24/7) -local
mail server+ Dynamic DNS on VPS (for mail - local sync)-online
a few small VM's for various services-local
Archiving/Backup:
40TB archive NAS for daily backups of all stuff that I keep online+offline including phones,tablets, etc
Video/Audio content:
local private copies + shared though youtube (as alternatives for content blocked on youtube I use RuTube or Youku)
Edit: Forgot about the off-site backup (different country 40TB NAS as offsite mirror)
I noticed a lots of people are doing this after they got a NAS. I think there is a business opportunity: NAS vendors can turn their NAS service to a platform that allows it's users to rent "apps" from the platform by paying a small amount of money every month or year. Most of the money goes to the app developers to support their development. When the developer updates the app, the NAS will then automatically download and apply the update.
There is no vendor lock-in as long as the user has the root control of the NAS device (Or at least get their data out of the machine). If the user decided to switch to another NAS vendor, they can simply migrate the data to the new machine.
Not the person you are responding to but for the HTML5 video tag to work how does server have to be set up? What are you serving the video over? What protocol are you using? New to this so curious about your implementation.
Not the person you were asking, but you can host it the same way you host the HTML file containing the <video> tag. Both files are served as static content by any web server you choose (eg nginx, Apache). You also get "streaming" for free because the browser will request the video file in portions instead of "the whole thing at the same time." Web servers support this out of the box.
I've saw quite a few similar stories over the past years and this left me very scared. I've been a heavy user of google services for more than 15 years.
For some months now (maybe a year?) I've been trying to reduce dependency on google services and apps. It is a slow process, but I hope to get it done in the next year or so. Meanwhile I try to use google takeout as much as possible to keep up to date backups of my data.
My next step will be moving away from Gmail. Will probably register a domain so that I can have an address that is not tied to a specific cloud provider domain. Does anyone have a suggestion of an email provider I can use with custom domain?
After a bit of a scare a few weeks ago, I've started doing regular Google Takeout data downloads of email in addition to my normal backup procedures. I also verify that I can load the resulting mbox files into Thunderbird or another client.
I don't use Google Photos, I have my own local storage, backed up in triplicate by three different processes.
Finally, I'm a heavy user of Google Drive, but that is synced locally on several machines, and backed up in triplicate using the same processes as the photos.
Never rely solely on a 3rd party for your critical data. Always have an exit plan. And test it regularly.
You are not helpless as an individual. If the company wrongly disables your account and leaves you no other option, you are well within your power to fill out some paperwork and file a lawsuit. It should cost you <$1k but will cost a big company >$10k just to respond.
When you have a trillion dollars stashed away. Then you wouldn't care about lawyer costs. That's the main reason big corps get away with doing what they are doing.
You would if laws demanded you always had to hand back users' data if you locked them out. That's the problem we don't have a proper legal framework to manage Google and other Big Tech.
In Europe there's no provision for GDPR rights to access to data to be removed on these non-grounds, so users would have the right to get access to their takeout.
Since Google's processes don't seem to give access to that, you might have to sue them. If they failed to show though, you should be able to get a default judgement eventually.
(note - GDPR is in some cases privately litigable, so you don't need to wait around for a snail's pace regulator - you can indeed sue for relief and get your legal costs back in the award. I'd expect a lawyer would take this case on a contingent basis given how clear-cut the GDPR is about your right to access your own data).
Europe has been really slow giving out fines. And even those fines are often less than a slap on the wrist. In France Google got fined $57mln for breach of GDPR. That's what Google makes in 3 hours.
That is why it is important to note that certain GDPR rights can be enforced yourself, without waiting on a regulator. Waiting on a regulator to bring the case is not your only option, since these are data subject rights, and the data subject (i.e. you) an sue directly.
Certain approved consumer groups are also able to do this as well - the regulators are too slow right now, but others are gearing up to start taking cases themselves.
You don't remember that checkbox you clicked when registering for your account affirming that you definitely 100% read, understood, and agreed to be bound by Google's Terms and Conditions and Privacy Policy?
I'd really like to see the law changed so that companies that keep your personal data have a legal requirement to make that data available for a period of time if they disconnect you.
I'd also like to see long term users have to be presented with exact details of what wrongdoing got them banned and some reasonable way to contest it. This would only apply to the big boys, not to the average website out there.
Separate your gmail, photos, youtube, play and adscense account.
For me, I use a dedicated account for photo backups, and no interactions with any other google service. One gmail for interweb, one for IRL activities, one youtube acount for raging and one for my android with G Play.
I don't have an adscense account yet but I've read many articles how linked adscense violations destroys your personal gmails.
Do you really think that they have no way to tell that it's you between all those accounts? I mean, there's no really a concept of account linking between Google Accounts, but between your IP being on all the accounts, and browser or device fingerprinting, I'm not sure this is really a reliable fail safe. It should be, but I doubt it.
My gut feeling is that I feel Microsoft is more trustworthy than Google at this point. Is it just me?
Also isn't it funny how we are willing to pay $100+ a month for an iPhone or premium Android with service, yet many balk at the idea of $5/month for a more trustworthy email option? (not saying MSFT is it necessary; there's multiple paid alternatives to Gmail)
I think Microsoft is better too. I subscribe to M365 (family plan) so I've been switching everything over to them. Email was easy (used outlook desktop app), but photos is hard. That and I have no alternative to Google voice
Its just you. Also there is no such thing as paying for a more trustworthy email option. If people send mass emails or spam that violates the ToS you'll get blocked no matter who your provider is.
Who is getting permabanned without doing those things? I think you'd be surprised how many people play dumb and act upset knowing exactly why they got their account suspended, but rather than tell you they play the victim card thinking it'll somehow help them.
No, no, no, no, no, let's not go there. Small independent hosters is a more compelling solution.
Yes, our culture is perfectly capable of delivering essential (and nonessential but nonetheless everyday) services through regulated private independent companies. Typically some sort of exclusive license is granted, yet to maintain that license certain standards must be adhered to. You can see a dozen examples of this on any high street, any business handling food for example.
Don't do that. Do almost anything other than that.
If you make them public utilities, they'll get even worse, become more politically tangled, become even more entrenched, impossible to remove and impossible to compete with. You'll put the government directly into the business of preventing competition against them via intense regulation and government-lobby protection.
There are a lot of ways to restrain big tech before you get to the public uiltity option.
If you make them public utilities, they'll get even worse, become more politically tangled, become even more entrenched, impossible to remove and impossible to compete with. You'll put the government directly into the business of preventing competition against them via intense regulation and government-lobby protection.
I think your fears are overblown, when was the last time the power company, the phone company, the sewer company, the train operator, the postal service decided on a whim to un-person someone? Sure those organisations aren't perfect by a long shot but by and large they are trustworthy and accountable.
Yeah but it's a short step from that to being forced to exclusively use the state-mandated email provider in order to be able to communicate with the government or big businesses... at a cost.
That's already true. Look at how Google is banning accounts without recourse. Or how Twitter and Facebook are censoring personal and public discourse to push their political agenda. Why are they able to do so? Because it is already impossible to compete with them.
I second the idea of declaring them as public utilities.
I'm starting to wonder if the random Google account lockouts are caused by account hacks, where the account proceeds to be used by spammers and other nefarious people. Has anyone here that has been randomly locked out of their Google account like this been using 2FA?
It still sucks that Google has no real appeal process for this.
I've had a similar thing occur to me with Doordash. Went to Vancouver for a holiday, tried to order, got locked out of my account.
Multiple calls/chats to customer service said I violated their terms or service and would not tell me which term and the account remains unrecoverable.
Contrary to most comments here, I don't think self hosting is the solution, but only regular backup to your device can help with the problem. I can bet that all the hosting providers have more algorithm based lock of account than gmail has. I have myself been locked out of digitalocean once and the support won't tell me the reason. I know one other person at least who has been locked out of AWS. Almost everyone I know uses Google account and I don't know anyone who has been locked out.
So I think unless you own all the data in a server you physically control(not feasible for most), you are more safe with Google than hosting it with another provider. Also Google's server is more secure than you can ever achieve.
I have the best of two worlds - I think. My own domain (since 2000), and hosted on GSuite (the last 8-10 years). So I get the benefit of a robust email service but without the risk that I will get locked out. I access it using a desktop IMAP client and keep a copy of everything locally. And the icing is that I was an early user of GSuite when they used to offer free accounts. They no longer do that, but haven't (yet) killed off the ones that were created earlier, like mine. The primary data that's on Google without a copy are the photos backed up from my Android phone. Need to figure out a better solution there.
Antitrust lawsuit seems like a joke. We're going after google for search? Which has literally the lowest switching costs out there and is offered for free - and this is what the govt is calling consumer harm?
Meanwhile, I can think of a BUNCH of things that result in actual consumer harm by google - this included. And no, I don't give to craps about other businesses making money or not - so that whole part of the anti-trust thing seems dumb to me - yes, spammers and auto-review websites are downranked I'm sure, and I don't care.
How is stuff like this at least a bit higher on the things to think about from a govt regulation standpoint.
One of the issues with Google, is that it's a "one-stop shop." There's a lot more than just email. A Google account ties together Web services (like their various APIs and analytics), data storage, and also applications.
Some are "business-ending" serious, while others may be relatively frivolous and replaceable (like Calendar).
That said, some of the linkages can make "frivolous" services more important (like using Calendar to link business appointments, documents, and emails).
So, when a Google account gets nuked for a problem in one of the services, they all go into the toilet.
When you can't just "go across the street" from Google that means this is now essentially public infrastructure under private control.
Analogy: Railway ticket vending machine won't charge your card with a ride, gives a generic message saying you're banned due to violations of the ridership agreement.
So, you can maybe take a bus that arrives once a day and takes thrice as much time due to detours, and that's if you're lucky. But if the railway operator is just a private business, then you're basically out of luck.
accept sell you a ticket, say you banned for some obscure reason,
I always wonder if a paid Google One account is also under the risk of arbitrary deletion. Even though the prices are pretty cheap, I suspect the liability of Google is different once I pay for their service.
I had my entire Google ads account shut off with zero explanation after getting what had been a healthy influx of traffic to a new project. Months of contact, even hired a lawyer at one point, and still could not get Google to say anything, and hell I used to work for Google as a SWE!
It's gotten ridiculous enough to the point that we should all be filing class action against them, and Washington should break them apart in such a way as to separate search and ads. It's stifling competition.
Well, since whenever free speech is discussed, the discourse in HN tends to be towards arguing in favor of large corporations and telling the people defending the idea that "free speech is only from the government and the corporations are not forced to do business with you", I'll echo that sentiment and say that google is free to do this since they shouldn't be forced to do business with anyone.
That said, I'll be careful to have backups of all my stuff outside google services.
I wonder what happens if this occurs when you're a regular paying customer for one of the few Google products that has actual customer support? The example that comes to mind is Project Fi, their google-as-a-phone-carrier product. If my Google account was ever banned, what happens when I call up Project Fi, to whom I regularly pay $80 / month? Would they tell me to create a new Google account? Would my phone service automatically stop working?
Are we sure this isn’t just a username someone wanted and knew someone with power at Google to hand it over? 15 years ago the author may have had a hard to get Google name. I have one that’s constantly being spammed by people who want it. Wasn’t there a story posted here a couple of months ago where FB or IG employees were stealing usernames for friends and FB/IG refused to respond to use demands ?
In every single case, if you are not paying for a service, be aware you'll eventually get screwed.
In every single case, if you put too many eggs in one basket -- one computer, one hard drive, one vendor -- you'll eventually get screwed.
Google has made it very very very easy to get deeply enmeshed with their ecosystem of "free" offerings, and those offerings can become very very important to people. That's a TRAP.
Again, there's no evidence that paying for service results in better customer service. There are many, many stories of Google arbitrarily killing paid and/or B2B accounts, including Gsuite, Adsense, Play Store consumer (paid apps), Play Store publisher accounts, and so on. If you use Google accounts at all, you're putting yourself at undue risk of getting screwed and paying for the privilege.
Are there cases where users have taken Google to court to get their data back in this case?
I've had my Gmail account since 2004 and I am also terrified about this. I ended up re-registering my custom domain and putting it on M365 but still... it feels like, as another commenter suggested, there should be laws to allow any customers that were banned or terminated from at least getting their data via Takeout
"They are a private company so they can do whatever they want!"
- HN every single time someone banned for political reasons on Twitter, Facebook, Youtube etc.
Most likely something like that happened here too.
Considering Reddit now bans people for upvoting the "wrong political ideas" I can see Google banning people for a Youtube like or comment. But they are a private company and they can do whatever they want!
A string of such stories have me concerned. What happens after you are locked out? Can one have access to the data? I have a lot of important personal and business related stuff in GMail and GDrive - do they revoke read access too?
EDIT: I know about email clients setup to backup data, but there are other reasons I do not like to use those - unless of course that is the only way to protect data
Unfortunately I've tried to find replacements for Google services. It's not easy or cheap. Sure I can pay and have my own replacements but most cannot afford this. Google is a landmine. You don't know what will get you locked out.
The worst is when your card payment fails and they lock you. Now you can't pay and nobody can help you till you pay.
If you don't use Google then you can't get locked out. I don't.
I've never understood why people would actually trust their data to Google or any Big Tech company when there's no guarantee one will always have access to it.
That said, we need laws to guarantee people can always reclaim their data even if their account is closed or the company goes bust.
I think it's a matter of convenience - running your own gsuite like application (eg nextcloud) safely and securely is out of reach for most users, either for want of education or time
LOL, that is enormously out of the reach of most users...
What you mean to say is that it isn't out of the reach for anyone visiting YCombinator.
Most "users" have less understanding now, many of them having lived with this technology their entire lives, than I did at 14 when I got my first computer... A Pentium 75 with 8 MB of RAM and a 540 MB hard drive.
I have a paid Microsoft office 365 account with all my email and a lot of data on it. I backup my OneDrive regularly using an rsync-style tool. But the email is more difficult now that it's all in exchange format. I could use IMAP die the backup but Microsoft is going to block basic authentication soon.
At least Microsoft has an infinitely better reputation for customer service and product retention. I mean , when was the last time they shut down a major product?
I do the same (well, I don't use OneDrive all that much).
I use my e-mail with Outlook exclusively and what I did was creating a new local Outlook account, in which I move all my e-mails from time to time. That way, there's an offline mailbox you cannot loose in case of a ban or anything like that. Just make sure you set your Outlook to download everything, not just last year or so.
My motivation was a bit different, I didn't like the idea that someone could make it to my account and see literally all my e-mails sent and received in last 15 years. I mean I do have 2FA setup, but I don't trust MS over my offline backup stored on an encrypted device.
I think VEEAM has a community edition of their MS365 backup product that can do up to 10 accounts for free. The software is pretty bloated, but it’s reliable and gives you a PST file to work with.
Well, only if you set aside the cost of the education you went through in order to be able to do all that stuff... while your advice is fine for the HN crowd, unfortunately this problem affects everybody.
Better advice IMO is to tell people to use a smaller provider, like Fastmail.
I had this happen to me once, though at a smaller scale.
I solved it by signing up to one of the bigger paid Google services (just a free trial) and using the phone contact they gave me to have my account restored.
I don't know if they would work if you're completely shut down like in this case, or if things have changed over the last years.
Thanks for the reminder to finish switching my accounts over to Fastmail. There are too many of these stories to trust google. There’s also something nice about having a financial relationship with a company providing you a service, rather than having them mining your data to sell things to you or about you.
An article a few years ago triggered me to do this. I switched to Migadu based on a recommendation I found here on HN.
It works reasonably well and my only complaint is that the spam filter is overzealous at times. Another pain point has been services where I cannot switch my email and those are stuck on gmail for now.
Maybe those are just PR banns?
What if they push bad code to production and compromise the data of some users? I wouldn't be surprised if they do not have "classical" backups at that scale
So they end up with the choice of "google lost data" or "customer did something wrong"
Cloud is giving a service provider all of the benefits of a utility with none of the responsabilities. If Compute was really a utility, then like water, sewer, and internet, it'd be highly regulated.
BTW, Mailstore free can backup your google e-mails handidly and is the best such client for doing so.
The only Google service I still depend on is gdocs. I am not aware yet of any collaborative document/spreadsheet tool of similar quality. Even without the collaboration benefits, google docs or sheets is just so much faster than native Office apps on my otherwise fast Macbook Pro.
this is reason why I want to own everything. Silicon valley wants everything to be subscription based which many people are fine . But the day they lose the account they realized the problem created due to subscription model. Own More Rent Less should be encouraged.
As soon as the internet came along out came that damn let's rent everything mentality. The internet allowed vendors to lock users in to renal agreements as they're a much more profitable business models. Never mind the fact that the rental model doesn't guarantee you better software - in value for money terms, you'd be better off having stuck with traditional upgrades.
Remember, this model has been around for yonks. Go away on holidays and you've turned the power and gas off beforehand and you still have to pay a connection fee even though you've used nothing - and despite the fact that the wires and pipes to you house were fully amortized many decades ago. Same goes for phone and internet services.
Right, it's a ripoff, that's why I use open software whenever and wherever possible.
We had something similar happen with our corporate twitter account that we’ve had for eight years. Our news site, agfundernews.com is the sites of record for foodtech and agtech innovation/investment and Twitter inexplicably locked us out with no recourse.
I really want to hedge against the loss of my Gmail account and numerous Google Apss/Suite/Whatever setups. But what if my custom backup script to download all the data actually will be what triggers Google's algorithms for suspicious activity?
I'd like to know how often other email services like iCloud and Yahoo Mail close accounts, since I have accounts on those as well. In the meantime I'm slowly moving off of Gmail, even though I give them money each year for additional storage.
I always use cloud services as a secondary fallback in case of data backup. The more you entrust your operations to external agents, the more you are at risk when they fail to deliver. I hope to eventually shift away from their e-mail services too.
Does anyone know if getting the $10 a month subscription to Google One helps with getting locked out? Is there a way of recourse through the "Premium support" or do you get locked out of that too?
This feels like a push by Google to make people start using Google One. Google One has a feature "access to experts/support". Google is trying to create a problem while selling a solution.
I'm one of the early Gmail testers who registered for the beta program and got invitation from Gmail directly. Unluckily or maybe luckily from the first date after registration, I started to receive spams which I have no idea why. Contacted their support team quite a few times asking for sender blocking feature and the answer was always some arrogant bs like "Nah, we have the best spam filter and thus sender blocking is unnecessary... blah blah...". As a result, I felt it might be a mistake to use Gmail as my primary email account. So I narrowly avoided Gmail but again, I've no confidence that other providers will not do something similar to this. Maybe it's time to do self-hosting now.
I've said and I will say it again: email providers should be treated as public utility services, like telephone services and you should be able to port your e-mail address to another provider, if you'd like: https://viorel.me/2020/2020-09-25-you-should-be-able-to-lega...
I've started this process a few months ago after 14 years of gmail and it's incredibly tedious and I'm not half done yet. I am trying to move my accounts on my new e-mail address. I'm lucky I have a password manager that lists most of my accounts
Not fitting very well with their old don't be evil motto. They could always have a paid service (maybe $20?) to have someone look up the problem and tell you what it was perhaps?
I see that it's time to start using my domain email more consistently, and change existing accounts into using it too. I don't have a lot, but still, better safe than sorry.
Any usable suggestions on (1) what to do to get out of a Gmail account with many years of history unscathed and (2) how to prepare for disaster with an Android phone?
1. There are several alternatives, but usually not free. One example is protonmail, that I use with a custom domain so I can still switch provider without having to get everyone to change the address they use to contact me.
- You can import your emails, but it might not be realistic to import all your history. It's going to take ages and fill up your new account quota. So what I did is first do a cleanup of my gmail history (remove things like mailing lists, promotion emails, etc) then export only the last year. I can still log to gmail if I need to access an older email.
- You can't expect everyone who has your old gmail address to know your new email address, so you need to accept to live with a forward from gmail potentially forever
- Most services will let you change your login email address, some won't. In this case you can either create a new account or accept to keep the gmail account as login.
"You can't expect everyone who has your old gmail address to know your new email address, so you need to accept to live with a forward from gmail potentially forever"
You wouldn't if there were an international telephone-like directory. We seem to have forgotten that this was the actual function of old fashioned paper based telephone books.
As I see it, it's imperative that something like this be established as it's the first step in unshackling ourselves from being permanently locked in to Big Tech. Similarly, we need portable email addresses and
portable IDs that we can use anywhere and with any service. As this HN news story illustrates, we need these more than ever and we need them soon.
These won't be easy to implement as Big Tech will oppose them every inch of the way. For starters, we'd need legislation that would enforce Big Tech to compulsorily use these IDs. As Big Tech is in the pocket of governments, this won't be easy.
Thank you! I'm aware most alternatives are paid, also aware that I'm paying Google in other ways for their free service. I became honestly a bit vary about any provider - including ProtonMail - but I guess I can only choose from what is being offered :)
I’ve started to look for alternatives to gmail. It seems that most people recommend using ProtonMail. What about outlook. Is it a viable alternative to gmail?
The second person lives in Britain. I wonder if he tried submitting a GDPR request, and if Google has any obligation to keep the data, or if they delete it immediately?
If they want a full access to the EU market they will have to use the EU regulations like Norway does. However they may prefer a hard brexit for some reasons.
The GDPR regulation is implemented into British law as the Data Protection Act 2018 [1]. It must remain until the end of the year. If there's "no deal" then, next year, the UK Parliament may repeal or modify it as it wishes.
However, there were data protection acts in 1998 and 1984, and it seems unlikely the general principle of access to personal data -- which was there before GDPR -- would be removed.
this would be easily solved if google was disallowed to provide email service for $0. as is, the gap between $0 and even $1/yr is so large that you really need to know how to price risk correctly (most people don't know or don't care).
There should also be legislation that mandates that companies like Google (or Apple) that hold critical amounts of user data, need to have a reasonable process for customers to restore their accounts, or take out their data.
At the very least, Google should allow him to take his data out of their system.
> He received a response the next day: Google had determined he had broken their terms of service, though they didn't explain exactly what had happened, and his account wouldn't be reinstated.
This is such a shitty behaviour, it makes me angry. I hope he'll follow up with a court case.
If you had a Chromebook, and Google locked your account.
Does the scenario described in the article imply that you can no longer can log into your own laptop?
A Chromebook isn't your own laptop. It's a lease from Google for 0-6 years, after which they effectively disable it. You can look up when your lease ends here:
The AC700 does have a developer mode. That doesn't mean there's any Linux distribution which will install on it.
For a while, there were, but they disappeared, and now it's a web of 404s and obsolete documents. Most recommended chrubuntu, but (1) that relies on obsolete ChromeOS components, which introduce security issues (2) someone said that's now dead too.
I'll see if Chromium builds for it. Thanks for the pointer. There's a lot of AC700's out there.
Then you paid a fixed quantity for a lease of unknown duration.
Congratulations!
If the model number doesn't have a typo, it might be expired. Most of the ones not listed tend to be expired, and many vendors sell expired ones.
Oh ohs!
If so, you're in good company. Many less affluent, less educated families find themselves there. Some find they wasted $150 on a Chromebook which has a few months left, and some keep using it, and find their data held for a few grand in bitcoin.
Thanks Google!
But I suspect you have the CB514, not CB154, which IS listed, and which expires in 2024. If so, you've got almost four years left. Congratulations!
It's not disabled, but if you keep using it, but you get a scary warning from Google. If you do keep using it, it will be 0w3nd, and your data will be held ransom for bitcoin.
I guess it beats Android, where the same happens, only without the warning.
You could possibly log in as a guest (or "browse as a guest" at it says on the login screen) but there isn't much you can do by browse the web as a guest. Go figure.
As much as I like Apple, you wouldn't gain much by switching.
In case you do get locked out, it will be the same faceless corporation as Google.
Your best bet is own domain and bigger provider with a human support. Fastmail, protonmail or even 365 would work.
Companies like Google, Facebook, Twitter, and Reddit are becoming the gatekeepers of the internet but I think that's a byproduct of the endless list of people who keep trying to fit moralistic arguments ("the way things should be" that is specific to their community) onto a platform where "one size also fits all".
This platform is in constant competition with it's own capitalistic and identity-less values. I say they're identity-less because let's face it, it's almost guaranteed that Google/Facebook/Twitter/Reddit don't have enough people that are like you and your community on every team that touches stuff that you and your community interact with to give a proper shit about your values or how you will perceive something. I might even take this a step further and say they've developed their own culture for the internet and you either adhere or die. You can swap in and extrapolate any group that has some measure of depth to it in that statement and it'll still be true. That's why, in my mind, there's this desperate race for diversity and to reflect all things at all times. Don't get me wrong, I love to have a diverse workforce, and in my experience the teams that weren't all predominately one characteristic have always been more productive and fun. I'm just extrapolating why these things suddenly matter, almost ten fold, to companies that run platforms.
I've seen people here suggest that developing more tools will help suppression, faulty-auto-moderation, deplatforming, etc... but let's be real. It won't. Maybe you'll more accurately identify people who are violating your terms of service and can vomit up some reason as to why with explainable AI. I don't really view that as a win though and here's why:
Americans ran from King Henry because he was willing to chop peoples heads off and imprison them without having to answer to the public that he ruled over. We created The Boston Tea Party because of a relatively small tax. Some people laugh at that event, but it goes to show you that when you have the haunting memory of a tyrant in your past, the latest cut feels like open heart surgery without anesthesia.
In the end Americans decided that if even one person were sent to the guillotine without a fair trial it was one too many. Our laws have reflected that since, but
we have also stripped many of those ideals away in favor of racist ones or convenient ones (at times). Now Mega Corporations are your new King Henry, and all the smaller corporations who buy services from them are their Dukes. They'll either do as the King says or as the saying goes, "Off with their heads!".
Move to paid accounts like iCloud email or fastmail, protonmail for critical use cases. iCloud email is free for all ios users and fastmail and protonmail cost pennies per day. Primary email has become something akin to having a phone number these days. Lots of consumer services use email for authorization.
But they are a private company and can do whatever they want! This is always the reply when someone gets deplatformed for political reasons, why not when its for completely arbitray and unknown reasons too?
I got locked out of one of my Google account because Google didnt recognize the device I was login in with (I had the correct password and I never enabled 2FA). I almost wasn't able to recover it.
A few comments in this thread rub me the wrong way. E.g.:
> It should be illegal.
> How is this not regulated?
No one forces you to use these services. They're voluntary.
Imagine you're looking for storage for some stuff.
One company advertises a storage service, which is free, but there's a clause in the contract that says, "We can take your stuff at any time, for any reason, no backsies."
Would you trust your stuff to that storage company?
No, you wouldn't. That's insane.
But somehow you rub a computer on it and everybody loses their common sense.
- - - -
Folks are naive (in re: computers) so you can either: 1) educate them, or 2) exploit them. FAANG et. al. choose to exploit their users, quite ruthlessly too IMO. A few companies actually try to educate their users (a very few. Adafruit, Wolfram, ... who else? I'm sure there are more but I'm drawing a blank right now. Basically any company that's built around teaching people what computers are and how to use computers, rather than farming "lusers".)
- - - -
To me the weird thing is how many people choose to be exploited peasants rather than educated Users.
It's extra-weird to me when the peasants start jumping up and down shouting "Rabble rabble!" instead of just using some other non-exploitative system.
(But then most folks' behaviour has never made sense to me, come to think of it. So what do I know? "Nationalize FAANG!" "Rabble rabble!")
Your storage service isn't used for your primary identity/access management to your house, bank account, or utilities, and this is where your argument breaks down.
Much like internet should be a regulated utility (in the US at least) due to how integrated with modern day society it is, the right to an unalterable email address should also be considered, especially due to the fact that it is used for identity management across numerous services.
The vast majority of users out in the world use these free services because they don't know anything else, and nor would I expect them to. As pioneers we the technical community herded them at these push button solutions decades ago, and now it's up to us to realize we've somehow failed them at this point by locking them into monopolistic companies that don't have their best interests at heart.
1. We educate them and start promoting services which won't pull the carpet out from under them on a whim
2. We start advocating for regulation on the existing services and force them to comply
> Your storage service isn't used for your primary identity/access management to your house, bank account, or utilities, and this is where your argument breaks down.
If anything that strengthens my argument.
> The vast majority of users out in the world use these free services because they don't know anything else, and nor would I expect them to. As pioneers we the technical community herded them at these push button solutions decades ago, and now it's up to us to realize we've somehow failed them at this point by locking them into monopolistic companies that don't have their best interests at heart.
To me this just sounds like the worst sort of techno-elitism. You're describing a world of Morlocks and Eloi and campaigning for veganism.
> 1. We educate them and start promoting services which won't pull the carpet out from under them on a whim
Yes. I agree.
> 2. We start advocating for regulation on the existing services and force them to comply.
No. I disagree. I have come to believe that it's just simple hubris to think that we (the technical community) have any clue what's going on in re: normals using computers. Did you predict Twitter? I sure didn't.
I predicted a lot, like coin vending machines for raccoons, and mesh networking. But no one cares about those things. Half the world thinks Facebook IS the Internet.
Google-- FAANG and the other corps, are already AIs that merely farm human beings. The sick (IMO) thing is that most people are hunky-dorey with it. Amazon is one of the most trusted entities according to polls.
Sovereignty is jealous: either these mechanical gods with humans for cells will become the new de facto governments of the world, or we nationalize them, which I don't even know what that would mean...
Er, um, I got a little ranty there at the end, eh? Sorry. What I'm saying is, if they are private corporations then grabbing their services by legal theft is bad pool. If you really want to wrest control, go whole hog and nationalize the suckers.
I guess I'm basically saying that those folks bear at least some responsibility for their own ignorance. It's not like people haven't been trying to reach them and help them, eh?
> Anyways, I think in a way we are saying the same thing. Keep fighting the good fight.
> No one forces you to use these services. They're voluntary
The problem is that they are a lot less voluntary then you think in certain segments.
* Running ads against a blog without using Google Adsense puts you at a disadvantage.
* Running an online store without Google Shopping puts you at a big disadvantage.
* Bootstrapping an online video show without YouTube is effectively impossible.
So if you are, say, an independent videographer, YouTube is not voluntary. The alternative is to not be an independent videographer, or to kludge together 5 other services that will get you 10% of the viewership and 10% of the revenue.
My objection is to popular legal theft. The folks I'm calling out want those nice things you describe but not on the terms Google is (evidently) willing to offer them for and are therefore calling for laws to take them by force.
In other words, what I hear you saying is that their excuse for (what I'm calling) theft is that the thing they're stealing is really good.
> nobody is arguing that people are "being forced" to use google services
My point is that they entered into the [contractual] relationship voluntarily and now that they have become dependent on their provider some folks here are saying that they want to alter the deal by legal end-run as opposed to just using some other service or trying to renegotiate en mass ("Google users' union", "Boycott Google", whatever) or creating or promoting alternatives.
If you want to be a lemming and jump off the cliff, I don't like it but it's your life. The specific thing I'm on about here today is, don't jump off the cliff and then shout for the government to give you a parachute.
I started a side business with some friends during lockdown. We created an online store selling some hard-to-get long tail items, and almost instantly got some traction and growth thanks to Google Shopping. A month ago we received one of these generic automated mails that our account is banned and we were misrepresenting ourselves or a product with no details on what we did wrong. We went through the T&C's in some detail and we think we did everything they asked, and we have no idea what we didn't do well enough. We also checked in with every single client and we had near perfect scores on trust pilot, I can't recall a single incident with a client.
We've been contacting Google almost daily but almost never been able to find a human to talk to. Through unofficial channels we've found a few people in Goolge but whenever they gave us any advice on what to do it's always "off the record" or "you didn't hear it from me". Something is very rotten.
There are always replies on here about not betting your entire business on Google. Google shopping gives 2 orders of mag better conversion than any other channel we tried. For search-to-buy there really just aren't any alternatives and if Google decides to lock you out your business is basically dead. Lucky for us it was a side hustle. Here in Africa e-bay and Amazon aren't options.
More scary, since then we've found TONS of businesses in our country who have suffered the same fate in the last month, and many are well-established, popular businesses now facing existential threat.
It's incredibly scary that Google's moderation bots can be a single point of failure for a business employing 20+ people.