I'd say I'm surprised that Google would lock you out of your own data despite their claims that you still own your own data, but Google has repeatedly demonstrated that this is not the case. I would be surprised if any of these users get their data or their accounts back without involving a lawyer, based on prior examples. The author says they've contacted the EFF, and hopefully the EFF will offer assistance.
This is one of the biggest problems with these vertically-integrated ecosystems, your entire online life becomes managed by a single company, which can revoke your access at will, effectively deleting your existence from the Internet. Don't be the sort of person who falls for this. Get a domain you control, direct mail from it to a mail service controlled by a different company than the domain. Make sure you have a contingency for issues with either one. Ideally make sure neither of those services are run by Google.
Much like a landowner owning all of the land around your property cannot reasonably deny you the right to cross their property to get to yours, I'd argue if Google does not own your data on their service, they must grant you access to that data at bare minimum.
TL;DR: At least 200 people participated in a scheme in which they purchased (multiple) Pixel phones and had them shipped to a dealer in NH for resale to others, in contravention of the Google ToS.
In response, Google suspended all their accounts, without the option to download any their stuff, including email and drive data, etc.
Is a ToS rule like that even legal? This comes a bit more from copyright law, but the US has the "right of first sale"[0] which guarantees individuals the right to sell works they purchased to someone else. I can't imagine this protection would be weaker on physical purchases.
Additionally, Google's Terms of Service also says you own your data, including IP rights: "You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours."[1] I would question if refusal to grant users access to download their own data could be considered theft.
Of course, IANAL, but if I were any of these people, I would seek the opinion a real one immediately.
The "right of first sale" means that you can't be sued (well, you can be sued but they would lose) if you sell a book you own. It doesn't say that the publisher of that book must continue to sell you additional copies or that the author won't give you a dirty look if you pass in the street or that someone may take steps that don't involve suing you for copyright infringement to discourage your activity.
This is, by the way, the same trick that powers RHEL – the binaries are all GPL, so you can totally redistribute them to anyone. If you do though, RHEL will cancel your account.
You own your data but not the servers on which that data is stored, so you can't compel Google to give you access to it, any more than you can compel me to produce your comment from my browser cache if you lose it. Refusing to give you access to their servers definitely isn't theft.
Very legal. Arguably unethical, but that's a different question.
As a quick aside, Google EU is based in Ireland, and under Ireland's data protection legislation you _are_ entitled to data the Google stores (including whatever tracking they're doing that you don't normally have access to).
> Under Section 4 of the Data Protection Acts, 1988 and 2003,
> you have a right to obtain a copy, clearly explained, of any
> information relating to you kept on computer or in a structured
> manual filing system or intended for such a system by any entity or organisation
If anyone banned bothers to file a small claims case against Google, they could likely win. I've successfully won cases with significantly more grey area against well informed people in small claims, and Google would be compelled to send a company representative who is wholly unfamiliar with the law and what the case is about due to the way small claims court works.
The most likely outcome is Google will settle well before trial since they know the odds are against them, and the cost to fight it (just in labor) is much more than the cost of any Pixel phone.
I'm sure it varies wildly from state-to-state and country-to-country but I believe where they are required to send a representative that's an employee they can send a lawyer that that they have on staff since they meet the requirement. That said I'm not sure what advantage they'd have since small claims is a very different beast. Not to mention the costs to do so would almost certainly exceed the judgement. Might even be cheaper to simply default than deal with the back-and-forth of settling the matter outside of court.
My response to Google deleting peoples email accounts.
Google deletes artist’s blog, a decade of his work:
This makes me laugh my ass off. This is a bit of a pet peeve I have with people and modern technology. They believe they have a right to use a service even though they're not paying for the usage of the service. Then they turn around shocked and angry when the free service is removed. `Why! why did they do this to me, this is the biggest injustice! How un-professional of them!`.
Kind of like the dicussion I have with my collegues that `shouldn't you know.... support the open source frameworks we use to make money with?`... `Why would we do that?` ... Kind of leaves me speachless.
The guy you're laughing at is about 65 years old. I know nothing about Dennis Cooper, but people of that age are sometimes just not tech savvy. And based on what I've seen of his response to the situation, he never responded in the way you mischaracterized him above. Why is your first response to "laugh your ass off" when something unfortunate happens to someone else, even if that misfortune was brought about by their own ignorance?
Take a look here, his response is actually very thoughtful:
Sure, people should pay & support the tools they use, but there are a lot of clueless, inept people out there who have been trained by Google, Facebook, etc that everything is free.
Whatsapp with the $1 a year charge was a step in the right direction, but Facebook idiotically killed that (decent) business model. That could have made over $80 mil a month in revenue, while being a nominal amount for the average user to pay.
And the open source frameworks.... well it's up to you but I think it should be tackled from the other end. Guys keep your stuff proprietary and sell it. Or at least make the open source version less features. There I said it.
But e-mail is more than that. It's how many services authentication/re-authenticate you. You can't even connect a new computer to your Steam account without 2-factor. And if all you have is an e-mail account, then you loose access.
This really seems like it needs to be regulated in law. For telephone companies, there are rules about when they may disconnect you, e.g. the Arizona Utilities Division write
> f I am unable to pay my entire bill, what can I do to maintain local dial tone?
> The Arizona Administrative Code specifically states that a telephone company may not disconnect a customer for failure to pay an unregulated portion of their bill. To maintain local service, you must pay for the regulated (landline) charges on your telephone bill while you work to resolve problems with the other portion of your bill. If you fail to pay the unregulated charges on your bill, those services may be subject to disconnection and a deposit to reestablish. (R14-2-509)
> How much notice does a telephone company have to give before disconnecting service?
> A telephone company is required to give 5 days advance written notice before disconnecting service. (R14-5-509 Section E)
In this case, Google killed people's email without any prior warning, and in retaliation for an unrelated business transaction (selling smartphones). Having your email disrupted like that is at least as bad as getting your phone cut off.
Willing to bet if any of them were Google Fi or Google Fiber customers, their phones would be cut off as well. Of course, much of their fight with AT&T over pole attachment rights has been Google's unwillingness to be classified as a "telecom"[0]. I suspect Google is very unwilling to be held to these sorts of legal responsibilities.
"Basically, the current regulations require companies with utility poles in the public rights of way to provide access to certified telecommunications providers and to TV/cable companies," Paul Lewis, assistant manager of telecommunications and regulatory affairs in Austin, told Ars. "Google is not a certified telecommunications provider, and it's a video service provider as opposed to a television/cable company."
If Google were to apply to the Public Utility Commission of Texas to become a qualified telecom, "It would make them subject to all of the state and federal telecommunications regulations," Lewis said.
Wouldn't Google be able to set up a wholly-owned subsidiary to be the designated telecom in Texas? That's how the ride-sharing companies do it in order to insulate the parent companies from having transportation law apply to their headquarters.
I think it's indicative of more than just Google being unwilling to be held to the legal responsibilities; it appears that even their Fiber arm doesn't want them as well.
I recently got locked out of my old bank account because I didn't use the SIM from my country of origin for 5 months. My mobile operator disabled my ~15yo phone number and I can't recover it without flying there and visiting their office with my ID.
That's why I also feel uneasy towards all these number-based messengers. They're targeted at users who rarely leave their countries.
Or at least get a mail address or similar from everyone whom you're talking to on a number-based messenger, so that you can recover from a lost messenger account.
(Doesn't help, though, if you lose the phone number and your mail account at the same time.)
Opinions about regarding Google as a utility aside, I think the comparison this argument makes isn't as comparable as you make it sound. Using your example with telephone companies, this situation is like saying a specific 3rd party service accessed via telephone should be regulated without actually regulating the telephone companies first. I would like to see ISPs be regulated as a utility before individual web sites are regulated as such.
In the event that becomes reality, the time would have to be taken to define what minimum level of services the web site would have to offer. Simply saying Google must keep X service available would be archaic. Would other email providers be exempt from having to maintain these rights? If your job gave you an email address, would they have to maintain it after you leave the company? These are probably contrived questions, but ones that would certainly have to be answered first.
> Gmail is part of the chain of technology that lets me communicate, so I think a comparison with a telco is fair.
And it's actually harder to switch to a secondary. With my ISP, if they cut me off I can fall back on my cell provider within minutes. I have no such failover for my Google services.
Google's terms of service say that each user retains the copyright to their content, but grants to Google a license so that Google can provide services.
If Google has the only copy of some of this content, I wonder if a copyright claim might have any leverage. It's one thing to give Google a license; it seems like quite another for Google to deny you access to your own copyrighted material.
That route would only get you copies of your email. It wouldn't help you change a password on a 3rd party service, if their practice was to require confirmation through your address on record.
Fastmail. I'm just a regular (paying) customer, not a business or anything. I've opened a small number of tickets, one or two of the RTFM variety. I've always got a human response and satisfaction, even a "here, let me RTFM that for you."
I can't imagine being locked out of my fastmail account for anything other than abuse of my fastmail account. Or not paying my bill.
We also stalk you on... I mean, we read the same tech news sites you do.
(I'm on third line ticket duty right now, so if you have something significantly more complex than RTFM, or an actual bug, you'll probably be talking to me this week)
The most common cause of getting locked out other than you abusing your fastmail account is having your credentials stolen and used for spam/fraud, which is why we recommend 2 factor authentication:
Awesome - I moved across to fastmail a couple of days ago. I've been using a custom domain for email for awhile (josephg.com), merged with a gmail account. I'm very happy I set that up because moving to fastmail was a cinch - there's no forwarding to do, just a few DNS records to reconfigure. And with a custom domain I'll have that email address for life, no matter what happens to fastmail.
My gmail account (josephg@) gets a tremendous amount of email for other people. Earlier this year I was getting a lot of marketing trash from a particularly excited group of car dealerships in Illinois. Around the same time youtube suspiciously started advertising new cars to me. Its all way too creepy, and reading articles like this about people's gmail accounts getting locked out I'm very happy to reinforce my digital independence from google.
> My gmail account (josephg@) gets a tremendous amount of email for other people.
Same with my josephb@. It's amazing how many companies start sending personal identifiable information to a random email address without validating it.
Doctors, real estate, universities, banks and the list goes on.
The only thing that has put me off Fastmail very recently, and indeed I moved to another provider (Runbox), is the loss of their Family plans.
Requiring three accounts now for instance would cost $150 a year minimum for the size I would have needed and unfortunately because I needed to rearrange my old grandfathered plan to re-organise accounts I'd have lost my previous plan.
Basically, Fastmail is good (very good), and you can still do admin type stuff by creating your master account first and creating your 'users' under it, but do look around if you are price conscious.
NOTE - I know you can't please everyone and that doesn't detract from the fact Fastmail was extremely stable, fast and had excellent customer support so don't take this as a 'Fastmail is bad' type post, because it isn't. Just look around and make sure you're getting the rid price/value for your needs.
Damn. I was going to move to them at the end of this year when my VM (where I currently run my mail) is up for renewal. But if I now need to buy several Standard plans instead, and get several gigabytes of storage I don't need, then that's less appealing.
Runbox looks good. Any other suggested alternatives?
Zoho is actually very good too but they (like Gmail) enforce IMAP connection limits, so it you have a lot of folders etc or use mobile clients like K9 that open a connection per folder then you can get errors very regularly.
The above is true for Zoho on the free plans anyway, but it may be different for the paid ones. But the free ones have pretty much all you could need if you don't run into the high number of IMAP connections issues.
If you have enough accounts to make it worthwhile I think Rackspace is supposed to be very good, but last I looked you needed a minimum of 5 accounts (I only had 4) so it didn't work out:
Nice. :) Reading this in the context of this thread made me setup my own trial account, with a new domain name. As soon as those MX records propagate, I'll be good to test it for a while.
Wish you had a dark theme, that'd be my only feedback for now (Stylish also works). Appears to be very fast, but of course, my account is 100% empty.
ime: it stays very fast, even with 1.5k emails in inbox, ~30k emails / 2.5G total in various folders.
Also, changes propagate faster even than gmail. If you have your inbox open on 2 computers and move an email out of your inbox on one of them, you'll see it replicated in near real time on the second computer. I don't know how they do it, but it works really well.
Interesting, thanks for that. I'm up and running on my own domain after waiting for the domain name server to transfer from Bluehost where I registered the domain. I did start out doing manual configuration until deciding I might as well use Fastmail's; their DNS config page is rather nicely laid out.
Was very easy in the end, but must admit I had forgotten just about everything I once learned about DNS. As such it was nice to get a little refresher.
EDIT: I would probably have gone for Google Apps / G Suite if not for this article. So, yeah, hope it served Google well to freeze those accounts with no warning.
SMS is not very secure, there have been quite a few stories of people losing digital access due to an attacker just calling Verizon and taking over their phone account.
That's in the US. In other countries things may be more secure. In Russia I barely can make any changes by phone because they verify so much info. Forwarding will certainly require an in-person visit to the carrier office.
So I guess it's better to leave the choice to the user, with an appropriate warning text.
There's the other side of it, which is that SMS delivery is awfully unreliable in many places, and it's a frustrating experience for everyone. We can fire off the SMS, but if it fails to reach you it's an expensive and time consuming support headache for us, and a shitty experience for you.
A Yubikey costs less than a year's FastMail service.
So no, we're not leaving this choice to the customer sorry, SMS sucks for too many reasons to consider adding back.
Previously I've been hesitant to disuse Gmail, but now I'm 100% confident to actually transition to Fastmail. And I'll take Fastmail in consideration for my company usage too (we're a smb).
Will Fastmail have CDN? I'm currently in Vietnam and latency to Fastmail isn't good (250ms RTT), as I connect to server that's located in US. While my home's internet service might be worse, so I hope Fastmail servers are closer.
We tried using CDN for static files (interface javascript and such) for a while, but we found that it didn't really give much benefit. The faster connect times got eaten up in the second SSL negotiation required for a different hostname. And it meant fun and games with content security policies or giving a third party SSL certificates that were inside our domain, so it was a wash. We decided the benefits didn't add value.
And yeah, our core dev team is in .AU, so we know all about the latency. It's really not a big deal once you sync up the first time - all the static artifacts are cached and the dynamic data is loaded in the background, often before you need it.
I also transitioned from gmail to fastmail a few months back and am very happy so far. Haven't had any issues and moving over was less stressful than I had imagined.
At a techinical level it means we take a copy of each incoming and outgoing (assuming you send via our web interface or via our SMTP servers) email and dump them into a separate folder in a separate account on our server which your admin accounts get a READ-ONLY ACL to, so you can see the messages, but can't remove them or modify them.
Unlimited is a bit buzzwordy, because we do have sending and receiving rate limits, so you can't grow the archive user faster than that.
Also if you go over about 850Gb of data right now you will make me very sad because I don't have facilities for splitting users yet, and we segment users across 1Tb partitions. I'm hoping nobody hits that point before I've got sharding inside users working - but worst case I spin up new hardware with larger individual partitions and put the user there :)
That's awesome. I've just gone through setting up my domain account and it was a slick experience. Neat 2FA authentication etc. Proud to see you're Melbourne based as myself, too.
PS. I hope no-one reads your post now and takes it as "challenge accepted". :-)
I've been w/ you guys since there was a 'bounce' function (miss that, btw). Used to use 2FA w/ a Yubikey, but stopped for some reason that made sense at the time, though I don't recall what happened, was so long ago.
What keeps me from enabling 2FA again, is that there's always some kind of "I lost my 2FA device" function which essentially allows it to be bypassed. So whoever's determined enough could find answers to secret questions or whatever to gain unauthorized access. If it were possible to disable this attack vector I'd get another Yubikey & try again- if...
...The other thing that prevents me from going this route, which is: The fact that it's impossible to implement an additional Yubikey functioning as a "clone" of the one used to secure the account. I can't say I've never lost my (physical) keys. But when I do I just grab my backup copies, make new backup copies, & all is well. No can do with a Yubikey.
Isn't making "impossibly" hard security questions and storing them where you would store your secondary yubikey basically the same thing? Or can't you pick your own security questions?
I started switching to fastmail due to their economical family plan but then they changed plan structures to where that is no longer available and the new plans were all a lot more expensive for a family. I was grandfathered in (I signed up just before the change), but won't start using a service on a deprecated plan. It was to bad because it seemed very good for the week or so I played with it.
Just chiming in to say I also use FastMail and love it. The only thing I wish they did differently is offer SMS 2FA. (Yeah, I know about the downsides. I am a normal person who doesn't need extreme security.)
Any modern phone should be able to run a TOTP client. For my own FastMail account I have a TOTP client on my phone plus two Yubikeys, one I carry with me and one that I keep at home. We require all our staff use 2FA because emails from us get the magic green tick :)
So yeah, if I have my phone, I have a 2FA option already without SMS. I normally use the Yubikey because it's super easy.
If you have a Yubikey NEO and a phone with NFC, you can store the TOTP secret on the Yubikey instead of the phone, and use the phone purely as a screen with a time source by opening Yubico Authenticator app and touching the Yubikey to it to generate codes.
For Fastmail I plug it into the USB port as usual (using an OTG cable). Last I checked that was still the only way to do it specifically for Fastmail, since they do not support NFC. For Lastpass though, using the Yubikey through NFC works great.
I might have to switch at some point. It is stories like these that are freaking me out. Were there any instances of them being DoS-ed or you not getting emails from others?
I would also be afraid one day if Google sees people fleeing to them, they'd come in and buy them. I'd almost whish there was a public trust or non-profit who would run an email server. Post office is a government service (for better or for worse), email is a bit like what regular mail was 100 years ago.
ime: their spam detection is definitely inferior to gmail; I've had 2-5 false negatives per month (spam not detected) and a handful of false positives over 3+ years. Plus a payment notice from my student loan that fastmail absolutely positively refuses to believe is not spam not matter how many times I so mark it.
I've had zero deliverability issues.
edit: to be clear, the spam detection works well, and if you're going to make an error, it's far less annoying to bias (as they do) towards a few spam showing up in your inbox rather than actual messages getting lost in spam. Also, they show the spam score, and you can hand adjust your spam threshold if you want.
I get tons of false positives in Gmail. Mostly from mailing lists where I guess someone else reported it as spam because they were too lazy to unsubscribe, but also some others. But it means that I regularly have to dig through all of the Russian camgirl requests to make sure nothing important is there.
"a payment notice from my student loan that fastmail absolutely positively refuses to believe is not spam"
That's because it's not spam. I'm pretty sure there's a blog post coming soon about the difference between spam and "email I don't want to receive". If you just don't want to hear from a particular email address, the way to stop it is to put an explicit discard rule for that address in your Rules screen.
Likely changes for next year include making a much easier UI option for "don't show me email from this address again", because that's a fairly common request for situations like this where you have a vexatious sender. I suspect it will be implemented as an addressbook group - the anti-whitelist!
The student loan confirmation is sent to spam every month. I mark it as not spam.
In their defense, the message is full of all caps words that look like a sentence formatted from a sql query with little attention paid to formatting plus it has all sorts of spam words (bank, payment confirmation, loan, etc).
Yeah, fastmail has some issues (see below), but they offer human tech support that ime knew what they were doing, even at the $40/year price point. And they seem to have slightly raised prices while I've been a customer, but automatically grandfathered me into the previous deal. Which is kind of them / a stand up thing to do.
Issues: they've fixed many of them -- in particular, charging for 2fa at $0.1/sms and the settings area in the web client used to feel like a bad programmer's first js project ever -- but mostly it comes down to, across almost all experiences, they're slightly to mildly inferior to gmail. Google's apps are just best of breed. Fastmail is the best non-google I've found, and I looked pretty hard a couple years ago.
Things I miss from gmail are things like: fastmail is a hybrid conversation based email with folders rather than tags. I miss tags; some folder weirdness occasionally peeks through. Fit and finish like after a message is selected, choosing add rule from message doesn't offer to filter other messages in your inbox that match the new rule. Etc.
Paying $40-ish/year to have email that isn't used for ads and that is run by a company with actual support seems like a good deal to me. Particularly if you don't have a friend inside google or the ability to hit the front page of HN to get customer service.
You can see the improvements in fastmail even over the 3 years. So that's really promising.
I wanted to report a bug in Fastmail's android client only to discover that their ticket form requires you to type in your password. My fastmail password is gigantic, and typing it in on a phone is a major ordeal. Is it that much of a problem if a non-user submits a ticket?
> This really seems like it needs to be regulated in law
Absolutely not! That way you are slowly making people to lose any bits of the common sense they might still have. Perhaps losing data once or twice will make people look for alternatives.
Throwing in another regulation will just increase barrier of entry for companies offering emails and who knows what else some dumb politicians could come up with, maybe this will open the gate to even not being able to self host an email server.
It's not a question of backups. Even with no data loss, the cost of most people being shut out of their Google account is absurdly high. Missed texts. Missed calls. Missed emails. Can't log into third party sites.
If Google wants to have a monopoly on all of that stuff, they need to be subject to regulation that compartmentalizes their services and what they can and can't do arbitrarily.
They don't want a monopoly, you want them to. You opted in to it, and you only end up in such a horrible position when you make a series of horrible decisions.
Missed texts and phone calls? How did you even get into the position where Google controls your telephony? Missed emails? Why are you using gmail.com? Third-party authentication? Did they not have the option to use e-mail or a username?
You can't fix every problem by band-aiding regulation on top of it. Sometimes you need to step back and wonder how you got here, and solve that instead.
Of course they do. Every strategic decision the company has made over the last two decades is to try to secure a monopoly on your data.
You make it sound like it's easy to run your own full stack of all web-connected applications. It's not. The cost is INSANELY high. So your real choice is whether to use one company, or dozens of individual companies for every individual service. The latter protects you against the risk of something like this happening. But it comes at a day-to-day expense which will far outweigh the prevented risk for 99.9% of people.
If your concern is data _loss_ as opposed to data _ownership_ you can still use Google all you want as long as you use it redundantly (backups, separate domain, &c.) What you're saying is more applicable to people who want Google not to see their data.
Please don't post unsubstantive comments here, and especially not vitriolic ones. Throwing acid around is damaging to the kind of discussion we're hoping for.
This just disgusts me. This is the problem with giving everything we rely on to a for profit corporation like Google, et al.
It's not your data if they can take it away from you. Your data is their profit center so we should demand more of these companies or simply avoid them as much as possible.
Cheese off the government enough, and they'll freeze everything, bank accounts, ability to be hired, your freedom to not be in jail, everything, not just "your account with them".
The problem isn't the "profit" bit, it's the "everything" bit.
I agree that the "for profit" bit isn't the problem, it's the sheer size of Google. Everyone who has been paying attention has watched with dismay as Apple and "don't be evil" Google (along with other, smaller, actors) have become increasingly amoral over the last decade. Same goes, of course, for the government.
I don't see any reason to believe that there's anything other to it than sheer size: as a company gets larger, it becomes less driven by humans and more driven by its corporate structure, or whatever.
I use FastMail, and I don't imagine for a second that it would act any more ethically if it were in the same position of market dominance.
A while back I set up email using my personal domain using Google Apps after discarding the idea of managing the while thing on a vps and after checking out a few providers like Protonmail. It basically came down to price and convenience; Google was on par with others for price and I really like the Inbox interface.
Not the OP, but I've been looking at Fastmail for a while to replace Gmail for a robust dedicated email service. I haven't felt the push to pull the trigger yet, until reading this article.
Does FastMail have any equivalent to Inbox (reminders/snoozing emails)? I started to migrate last month, got lazy when I realized how much I used those, and then I think my trial account lapsed.
This article might scare me enough into trying again anyway, but if I can find any replacement for reminders (Fastmail or otherwise) that's as nice to use I'll jump over so fast.
We don't have snooze yet, but it's getting really close. We have a plan for it which I started on nearly a year ago (Christmas day 2015!) and then it got mothballed behind other things - but we have a grand plan for how it would work, so it's a matter of some more internal plumbing.
That is fantastic to hear! I currently use the iOS Reminders app to remind me to check out that email again, and it would be really nice not to have that layer of indirection.
While we're on the topic of wishlist items: I'd love to have sync in the app. It sucks not being able to access any emails when I don't have internet (on the subway or a car/train in some remote area, even in some shielded buildings, etc). It would be fantastic if I could tell it to store the last two weeks' emails (possibly even per-folder, "store all in folder X, last week in Y, last month in Z"). That's the feature I miss most from your app.
Other than that, keep rocking :) FastMail is awesome!
How so? It gives us an opportunity to ask questions to make sure the service is right for us. I think it's pretty cool that I could talk directly to a Fastmail employee if I wanted to, without having to call support or open a chat session.
Besides, I'm the one he directly replied to, and I'm not complaining. Why do you care?
FWIW, I migrated all of my email from gmail to fastmail with a script I found online about 2 years ago and setup email forwarding from my gmail account to my fastmail account. I also linked my domain name to my fastmail email (before I just used an @gmail.com email).
I've really enjoyed fastmail so far. Their UI is intuitive (after the first few days), and the service is very fast and stable.
Can I ask what your email stack was? I'm working on a project that's a cross between TOR and bit torrent to provide free (encrypted) email to the masses that doesn't monetize data. I've been on a crash course of all things email lately.
Ancient, set up maybe 15 years ago. Postfix, spamassassin (which wasn't effective, spam being the bulk of the problem pun intended), RBLs, and a nice almost two decade old .procmailrc for categorization.
I'm still in the process of trialling new providers. I'll be using fetchmail along with my existing procmailrc. The part I'm outsourcing is the spam filtering and availability on the MX.
You can register a domain for ~$15/yr from a registrar like Gandi, and they will include several email accounts. Anyone who cares about their online presence should do this.
And susceptible to the whims of and demands upon your registrar or registry. "Torrentz.eu Domain Suspended After UK Police Request " etc
Probably best to pick a TLD and registrar outside your immediate jurisdiction as well as that of the USA and EU, which rather narrows the choices. .ch or .me seem reasonable.
Little wonder 'normal' people don't bother with all this stuff.
Just curious here, but why are people outraged over this? They clearly violated Google's policy, and there were repercussions. Those rules are there to protect Google; perhaps their only legal recourse to cover themselves after a rule violation is to suspend the account?
What if your landlord cut off access to your apartment, and everything inside, because you happened to have 3 guests visit and stay with you this month, instead of the 2 allowed by the lease? Would that be okay with you?
And that wouldn't even be as bad as this, because a lease is a far more legally applicable document unlike TOS's which no one reads. Further, at least your violation there is related to your apartment. The TOS being violated here was for a hardware device that isn't the service being disrupted. And the worst part is that the act that was in violation is one that governments want to encourage, to the point that owners are protected from being sued. Since Google can't attack them the ordinary way, they are using their leverage on those users with their other products to prevent them from conducting this act.
A. Landlords can most certainly terminate your lease because of that. They can't throw you out immediately because of tenant protection laws, and they have to let you get your belongings once you're evicted.
B. ToS are just as legally binding as a lease (provided they are presented in the right manner, which is how Google presents them). No one cares of you actually read them or not. As soon as you check the box that said you read and agree to them, you're legally bound to follow them.
C. No one ever said that repercussions have to match the violation. As I said, perhaps suspending the account is the only way Google can comply or protect themselves legally.
D. Google has no interest in attacking anyone. They simply follow the protocol they set for this occurrence.
The common denominator here seems to be that people are getting outraged that they can't break the rules and get away with it.
Actually, many aren't. Many Terms of Service agreements or EULAs are looked at quite critically today because of the fact that companies reasonably expect that nobody has read them. Sensible provisions tend to be upheld, unfair ones... aren't always. If I install an app, and buried in it's EULA is a requirement that I become their indentured servant, it isn't enforceable.
What if your "landlord" (and by landlord I mean your buddy who is letting you stay in his apartment complex free of charge other than making you read through the occasional newspaper flier) cut off access to your apartment, and everything inside, because you happened to have a raging house party that encompassed the entire 20th floor of his building. None of those apartments were occupied so you just broke down the doors and let people run wild. They destroyed pretty much every apartment on the floor.
Would you expect that to happen? Would you want a lot of sympathy from other people because he just cut you off without prior warning? No?
The whole thing is terrible only in the way that people like this and the dealer who buy up products that are high in demand and low in supply are the scum of the earth. They provide absolutely no value to the supply chain and make life more difficult for honest buyers.
Equating "copy of my data" with "my housing situation" is even more silly. Google isn't TAKING anything from you by locking the account, they are simply destroying what should be one of many COPIES of your data.
This would be the equivalent of you putting your key in a mailbox on the corner that you don't own, free of use, with no guarantees around it being there at any point in time. One day you go to grab your key and it's gone. Who's at fault? Google LITERALLY tells you in the TOS that you both don't own any content served up by their platform, and that they may suspend you at any time they choose.
>We may suspend or stop providing our Services to you if you do not comply with our terms or policies or if we are investigating suspected misconduct.
>Using our Services does not give you ownership of any intellectual property rights in our Services or the content you access.
If that's where you're storing your "key" - you should probably re-evaluate your personal storage policies.
Look, i could try and explain this all in detail, but i'm tired of it.
You're acting the same as Google. Cold logic, zero humanity. Go hug someone you care about. Maybe even a child or someone elder. Then run through through your head how it would feel telling them what you said.
Even under the worst lease violations you can think of, it is illegal for a landlord to keep your stuff. They can throw it out on the curb, but they cannot keep it.
Google not only cut off services, they cut off access to remove users' content. I don't see how that is defensible.
They cut off access to a COPY of a users content. They didn't TAKE anything from a user. If, in 2016, you're relying on a free service as your only copy of important data, you're a fool.
Countless governments across the world could literally, without any notice, delete all of your data at the drop of a hat on ANY public service. See: megaupload. It's not the job of a free service provider, who literally makes 0 promises of data integrity, to provide you unlimited access to your data until the end of time.
"You don't need to worry about keeping your data anywhere else" is the heart of Google's pitch for all their services, including Gmail, Docs, Drive, and most recently Photos. I mean, the ads for Photos are literally people feeling better knowing that their stuff is safely stored with Google.
It seems reasonable to hold Google responsible for what they say.
Presumably the argument would be "because otherwise the landlord accepts legal responsibility". Which means that if your apartment burns down with 3 guests in it he not only is not covered by fire insurance (that contractually puts occupancy limits because of legal demands on them), but actually has to pay for the ambulance and medical costs because "he created an unsafe situation".
So "why would people complain" ... it's a matter of perspective and maybe ideology.
I would say the other reaction is easier : make sure you have 5 google accounts. One is email and you DO NOT use it for anything even remotely business related.
Only speaking for myself, but I'm put off because Google is punishing its users with a digital death sentence because they sold a phone that was originally bought from Google at full retail price. Yes, it's against the service agreement for the Fi phone service, but at most Google should only be allowed to suspend the user's Fi account, not irretrievably delete their entire Google identity. It's retaliation and punishment, and it shouldn't be legal. Basically, Google is claiming that these folks paid full retail price for a device they don't actually get to own, as they apparently don't have a resale right to it. That's a load of horseshit as far as I'm concerned.
All of that said, this is a perfect example of why you should diversify your online services and always, always have an offline backup.
In most concepts of justice there is the idea of proportional punishment.
For example it would not be considered just to cut off someone's foot when they are caught speeding. Yes, they broke a rule, but the punishment is a huge overreaction.
Google now has so many services, that so many people use for so many things (at Google's encouragement!) that cutting off everything for a minor violation of purchase terms seems like an unfair overreaction.
And it's bad business. I am most definitely going to think twice before putting data into Google now. In order to grow, Google needs its users to trust it. This seems like a gross violation of that trust.
The problem is that the customers broke the rules of their Google Fi service. I wouldn't be as upset if Google just suspended that one service (though I maintain that Google should not be allowed to do anything in retaliation for a customer exercising their right to resell a full retail purchase).
However, Google is not only suspending their phone service, they are deleting the user's entire Google account. For some people that goes all the way back to 2004 when Gmail started. That's a hell of a slap in the face, and they are doing it without warning nor chance for appeal.
Even if you agree with Google's stance on this, you must realize that this is horribly negative publicity for them, right? There are people (myself included) who are immediately seeking alternative services and planning to drop Google altogether because of this. It's highly disturbing that they would so casually drop the hammer.
The only process that will be happening is a class action lawsuit. The rest is just bad PR for Google atm because they decided to screw enough customers at once.
They could've contacted people with a warning first. Act like actual humans. A company acting like a pure machine towards humans is not acceptable.
Besides that: Google is digitally killing people here for doing something whose damage to Google is not obvious to a layperson, and honestly not even obvious to me.
Perhaps they needed to suspend the account immediately to cover themselves legally? Besides most things at Google are automated. It's likely that a human didn't actually press the button that suspended the accounts.
I don't care about technical justifications, i was talking about morality and humanity. Google is still a company composed of humans, but a few people in there seem to lack a certain amount humanity.
Please do keep in mind: They digitally killed people here in something that looks like pure and petty spite from Google. Some of these people might have relied on their gmail account for their livelihood. (Think remote freelancers, etc.)
You can also look at it like this: The punishment is wildly out of proportion to the crime.
Even if Google is staffed by humans (it is), they have to act in-line with their job description. So long as their internal policies are the way they are, Google the company will lack humanity. And you can't change the internal policies because that's against shareholder interests.
Pretty incredible - especially with how little that a hardware product purchase has to do with a user's data. Imagine for a moment that google required people to have an account to access all their services - that they have the ability to cut you off arbitrarily across ALL their services for a TOS violation should scare anyone. Imagine if facebook cut your account and thereby ties to many of your friends and acquaintances for promoting a competing ad company?
These companies have lulled us into their systems with good intentions and free services, and now they wield tremendous power over our lives. I don't actually want to go back before the days where these services were fragmented and it was very difficult to juggle many closed services instead of a few. Still, its what happens when the company owns the whole vertical of individual user's data.
> I don't actually want to go back before the days where these services were fragmented and it was very difficult to juggle many closed services instead of a few
I do. I'm sick of the giant web companies. Especially since they make their money off fucking ads.
I remember when Spotify switched to requiring facebook for signup and were pushing linking the accounts on existing users. Perhaps it was a bug but at one point they made finding and following other users very difficult without facebook integration. Apparently they switched back to allowing email signup again some time ago but it left a very sour taste in my mouth. I still have my account today so I suppose that's a testament to how well they've run their service outside of that issue.
Anyway, I hope developers keep incidents like this Google one in mind and let people create standalone accounts. Certainly at the very least supporting more than one provider and allowing you to link another email address if they don't feel comfortable dealing with the very serious responsibility of managing and encrypting usernames and passwords.
Login with Facebook is a nightmare: I've stopped counting the times I've had a problem with accounts created with Facebook Login. It is pain in the ass to switch that account to a regular one, once you did it.
People get banned from Facebook every day for stupid reasons, whether it be Facebook's real name policy or otherwise, and I would encourage you and everyone else to keep alternate contact details handy for your friends.
Maybe you should encourage them to get on Signal Private Messenger, so that you aren't SOL if anything happens to Facebook.
I picked up the sarcasm immediately but it's scary how many times I've been told (HERE, on HN of all places) that it's impossible to live a normal life without Facebook. As in: literally, with a straight face someone would claim they would have no contact with friends if not for Facebook and be totally serious about it. Kind of unbelievable but I've heard it multiple times.
i mean facebook gives you the means to provide alternate contact points(phone numbers) to your friends. people don't choose to use it coz of whatever reason deserve to be cut off-why wouldn't you want your friends phone numbers in your phone?
Nowadays the means of keeping contact information when making new friends is whatsapp or facebook. So yes, this would not be a problem for now, but it would be in a few years when mobile numbers become really obsolete (hopefully not).
Apparently so. On the Google Apps/G Suite (which is basically the paid business version of Google services, including Gmail) page about restoring a suspended user (https://support.google.com/a/answer/1110339), "You can’t restore an account that was suspended for abuse or for breaching the Google Terms of Service. To see why a user was suspended, click the exclamation on their account page for an error message. Then see below for your corresponding recovery options."
It's often quite stunning how quickly posts showing malpractice by Google disappears off the front page of HN. I wouldn't dare speculate as to why, but it's pretty common.
It's incredibly difficult and time consuming. I've found that a good compromise is to buy a domain name (or use one you already have), and pay for a reseller hosting account with a reputable service provider. You'll get a level of customer support that is far above a standard hosting account, full control over your email settings, and you'll have full root/WHM access to your account. As a bonus you can spin up a website whenever you want for testing or production, and make back your monthly fees by selling webspace to a single client. It sounds like a lot to just have good managed email, but I only pay about $15/month for the reseller account, barely more than a regular hosted account.
I went with A Small Orange, they have incredible support and they stay on top of abuse reports so their emails servers never get blacklisted. I've also used Tiger Technologies in the past and they are superb as well.
With that said, I'm still considering replacing Gmail with something like Fastmail even though I'm satisfied with the email service from ASO. Having a web-based account outside the reseller hosting umbrella makes two-factor auth a lot easier to manage.
You can't run an email server from a residential address b/c most ISP's block port 25 and 587. That being said, there a project called mail in a box, that attempts to be a plug and play solution. You'll have to host it on a VPS provider (Digital Ocean, for example) and even then you'll have a hard time keeping your email from being black holed by major email service providers like Google.
This sort of thing truly needs to run into regulatory force. I don't believe in government being up our collective skirts for everything but regulation does have its place and this, I think, would be appropriate use of such power.
And this does not apply to just Google. We've had run-ins with Google, Facebook and Amazon on different fronts and for different issues. And, in all cases, our clients had their accounts suspended forever, permanently, done, no more.
One case happened about six years ago. Google opened-up a product called, if I remember correctly, "AdSense for Domains". The idea was that, rather than park your domains with GoDaddy (or whoever) and have GoDaddy earn $0.02 and give you $0.005 on ads placed on your domains you could, instead, park them directly with Google and get paid directly.
One of our clients had over 250 domains on GoDaddy. They decided to move them ALL to Google. The process entailed moving them over to the Google provided DNS, followed by an automated approval process that took minutes. All 250+ domains got moved and all 250+ domains got approved.
About three days later: "All your Google accounts have been suspended due to fraudulent activity on your Google for Domains pages". Upon digging, it appears they claimed excessive clicks on ads. Well, nobody clicked on any of them. At least not our client. The domains were many years old and were logging ad clicks on a regular basis when parked with GoDaddy for years. In other words, normal behavior.
So, Google acted like a totalitarian regime run by an asshole and cut off our client. All for the $50 a month these parked domains were going to earn him. What really sucked was that his AdWords account got rolled into that as well, so they lost all ability to use AdWords to promote their legitimate business. No appeal. No email. No way to communicate.
Can't get more despicable than that.
Oh, wait, you can!
A different client. They had been advertising their products on Facebook with some results. Nothing great, but they were learning. Their product, for women, featured images of a woman wearing a normal bikini. No, nothing racy, just a normal looking bikini worn by a model. Facebook flagged the ads as inappropriate despite the fact that, during the same period of time, you could regularly see half-naked Victoria's Secret ads on FB all the time. So these guys, not wanting to get into trouble, changed-up their ads to simple graphics. No problem.
About six months later they decide to take advantage of a lucrative affiliate program for a business course. They decided on a budget and started to advertise it on FB. No scam, a course tens of thousands of people had taken. Legit through and through. About a week into this FB emails: "Your advertising account has been suspended permanently." No reason given.
They reached out to FB with their appeal form. No reply. Tried again. Snotty reply saying "Please consider this decision final. This will be our last communication".
And so, this company, a valuable and upstanding member of society, is now cutoff from advertising on Facebook forever. Done. For life.
This, in no uncertain terms, is pure highly refined bullshit totalitarian crap. This is NOT how business is done outside of the realm of games played by petulant children. It is disgusting, to say the least.
In the real world business people engage in conversations to find common ground. If a magazine doesn't like your ads, the editor will discuss them with you and seek modifications. They don't cut you off for life. That's some violent bullshit there.
No, I think it's high time the likes of Google and Facebook visit the receiving end of a good government style reaming. I'm so sick of it I am more than willing to get the ball rolling. What's the best course of action? Any law firms who read HN interested in a nice fat class action lawsuit?
Consumers can't be treated like this. It has been...
You hit the nail on the head describing the culture of doing business with these companies. This is not the way the world works and certainly not the way legitimate businesses operate, dealing with them is incredibly frustrating. I laugh every time people complain about comcast or att customer service, just wait until they have to deal with google and facebook's nonexistent customer service.
I don't know if it's so much attributable to malice as it is that it's their business model of working hard to satisfy the 99% but neglecting the concerns of the 1% that cause trouble and take up a lot of labor without yielding commensurate return to the bottom line. I don't know if regulation is the solution, but at the least, we should be mindful of this and try to arrange their lives to be anti-fragile to these unexpected shocks.
I am going to be harsh here. It's not malice. It's the lack of an education. No, I am not talking about college.
I am talking about manners, caring, being considerate, respectful and not insolent, petulant and completely oblivious to what human decency and respect entail.
Places like Facebook are almost entirely populated by a generation of young people who are intellectually smart yet socially vacuous to an unbelievable extent. It is an insolent, immature generation where 27 year olds can actually behave like my 9 year old's do, or worst. And, in many ways, it's like Vulcans with shitty attitudes. No human part at all. An empty logic machine operating with a flawed and fucked-up version of logic they have created.
That's what's going on. They now rule the world and have very little in the way of human decency within them as a guide. And, of course, through intense age discrimination there are no adults to teach them how to behave in the face of real human beings, with real lives, kids, businesses, problems, bills to pay, concerns and needs.
This is the only context within which a person could possibly decide it is OK to utterly destroy someone's income without as much as a conversation.
And, since they don't seem very interested in correcting their behavior (or don't even understand why they should) it might be time to throw the only possible correcting factor people on the outside can reach for: Government goons.
It sure feels like it's about time. Too many of these stories out there.
@"good government style reaming", I just wanted to add that interestingly, a government (at least a democratic government) operates exactly the opposite of Google/Facebook.
By which I mean that there is democratic control over their policies, there is a hierarchy of courts and tribunals, there is a structured appeal process, and there are certain rights that no one, not even a court, can take from you.
It's almost as if at some point, people all around the world noticed that if an organization becomes so big that it's services might be considered "infrastructure", a different approach to decision-making is advisable. And they made that organization adhere to those principles, sometimes by force.
"good government style reaming" still sounds good and satisfying. If you've ever dealt with such agencies as the IRS you know exactly how scary they can be.
Google, Facebook and others need to experience this at a level 100,000 times greater than a typical contentious IRS audit. Maybe then they'll hire a few adults to teach the kids how to behave in the real world.
Could this have been fraud detection automation? I would be shocked if they didn't at least let you dump the contents of your account and setup temporary mail forwarding. It's their service and these people didn't follow the rules but when they ask us to essentially entrust our digital lives to them they owe even the misbehaving users (as opposed to criminal users) who broke a TOS agreement something more than just scorched earth tactics.
> he people affected don’t have access to Gmail, Google Drive, Google Voice, or anything from Google. They don’t have any access to gift cards, bills, travel confirmations, work documents, etc that were saved in their Gmail accounts.
Yikes. That is scary. A large part of my online life is tied to Google. I was even debating getting a Project Fi phone too. Because well it is convenient and cheaper, but it would mean sink everything even deeper into Google.
For fun though, let's imagine if Google or Facebook ran a country. They would control the news you read, the apps you can install, they know where you are at every single instant (via your phone), they know all your secrets (who you talked to, what sites you visit, how often), they know who you know (contacts), Nest thermostat at home even controls how warm or cold you should be. In return you get all the super shiny and new stuff: latest technology, watches which measure your cholesterol, VR games, best email experience, unlimited archiving of your photos, really fast tear-free rendering of web pages. But if you make a wrong step your plug is pulled and you have no recourse. You go to the store to buy something, you just don't exist in the system - no access to you account. Can't travel because it refuses to route you. You can't talk to email or chat to other people because they can't reach you.
Yeah, that's why they don't want to run countries (be a government) - legitimacy of political power comes with a social contract, fluid and quite vague, unlike TOS.
Violating it often ends up in bloodshed and revolutions.
The world's growing dependence on mega-services provided by the likes of Google is why I started the Free Data Foundation.
The goal of the project is to support OSS that can replace "free" services that subsist on our data. Interestingly enough the maiden project is tentatively called Tmail (short for torrent mail).
It works somewhat like TOR in that it will depend on volunteers to host nodes that will communicate with existing email providers (outlook, gmail, yahoo, etc) and relay the mail over 80 to RPis preloaded with MDA (mail delivery agent) software.
The goal is be able to expand the service to allow people to sign up for email accounts without running their own software (a la gmail).
503 comments
[ 5.2 ms ] story [ 347 ms ] threadThis is one of the biggest problems with these vertically-integrated ecosystems, your entire online life becomes managed by a single company, which can revoke your access at will, effectively deleting your existence from the Internet. Don't be the sort of person who falls for this. Get a domain you control, direct mail from it to a mail service controlled by a different company than the domain. Make sure you have a contingency for issues with either one. Ideally make sure neither of those services are run by Google.
I'm not super well versed in the details, but my suggested reading would be discussion of easement rights: https://en.wikipedia.org/wiki/Easement
In response, Google suspended all their accounts, without the option to download any their stuff, including email and drive data, etc.
Additionally, Google's Terms of Service also says you own your data, including IP rights: "You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours."[1] I would question if refusal to grant users access to download their own data could be considered theft.
Of course, IANAL, but if I were any of these people, I would seek the opinion a real one immediately.
[0]https://en.wikipedia.org/wiki/First-sale_doctrine [1]http://www.google.com/intl/en/policies/terms/
The "right of first sale" means that you can't be sued (well, you can be sued but they would lose) if you sell a book you own. It doesn't say that the publisher of that book must continue to sell you additional copies or that the author won't give you a dirty look if you pass in the street or that someone may take steps that don't involve suing you for copyright infringement to discourage your activity.
This is, by the way, the same trick that powers RHEL – the binaries are all GPL, so you can totally redistribute them to anyone. If you do though, RHEL will cancel your account.
You own your data but not the servers on which that data is stored, so you can't compel Google to give you access to it, any more than you can compel me to produce your comment from my browser cache if you lose it. Refusing to give you access to their servers definitely isn't theft.
Very legal. Arguably unethical, but that's a different question.
Don't be evil. lol.
Anyone remember the glory days of the first sale doctrine? Before we started letting companies essentially make arbitrary binding rules at their whim.
The most likely outcome is Google will settle well before trial since they know the odds are against them, and the cost to fight it (just in labor) is much more than the cost of any Pixel phone.
Google deletes artist’s blog, a decade of his work: This makes me laugh my ass off. This is a bit of a pet peeve I have with people and modern technology. They believe they have a right to use a service even though they're not paying for the usage of the service. Then they turn around shocked and angry when the free service is removed. `Why! why did they do this to me, this is the biggest injustice! How un-professional of them!`. Kind of like the dicussion I have with my collegues that `shouldn't you know.... support the open source frameworks we use to make money with?`... `Why would we do that?` ... Kind of leaves me speachless.
Take a look here, his response is actually very thoughtful:
https://www.pixartprinting.co.uk/blog/dennis-cooper-erased-b...
Sure, people should pay & support the tools they use, but there are a lot of clueless, inept people out there who have been trained by Google, Facebook, etc that everything is free.
Whatsapp with the $1 a year charge was a step in the right direction, but Facebook idiotically killed that (decent) business model. That could have made over $80 mil a month in revenue, while being a nominal amount for the average user to pay.
> f I am unable to pay my entire bill, what can I do to maintain local dial tone?
> The Arizona Administrative Code specifically states that a telephone company may not disconnect a customer for failure to pay an unregulated portion of their bill. To maintain local service, you must pay for the regulated (landline) charges on your telephone bill while you work to resolve problems with the other portion of your bill. If you fail to pay the unregulated charges on your bill, those services may be subject to disconnection and a deposit to reestablish. (R14-2-509)
> How much notice does a telephone company have to give before disconnecting service?
> A telephone company is required to give 5 days advance written notice before disconnecting service. (R14-5-509 Section E)
In this case, Google killed people's email without any prior warning, and in retaliation for an unrelated business transaction (selling smartphones). Having your email disrupted like that is at least as bad as getting your phone cut off.
"Basically, the current regulations require companies with utility poles in the public rights of way to provide access to certified telecommunications providers and to TV/cable companies," Paul Lewis, assistant manager of telecommunications and regulatory affairs in Austin, told Ars. "Google is not a certified telecommunications provider, and it's a video service provider as opposed to a television/cable company."
If Google were to apply to the Public Utility Commission of Texas to become a qualified telecom, "It would make them subject to all of the state and federal telecommunications regulations," Lewis said.
[0]http://arstechnica.com/tech-policy/2013/12/why-att-says-it-c...
I think it's indicative of more than just Google being unwilling to be held to the legal responsibilities; it appears that even their Fiber arm doesn't want them as well.
You can essentially get locked out of your Steam account.
That's why I also feel uneasy towards all these number-based messengers. They're targeted at users who rarely leave their countries.
(Doesn't help, though, if you lose the phone number and your mail account at the same time.)
I wonder if any G Suite customers had their accounts closed.
In the event that becomes reality, the time would have to be taken to define what minimum level of services the web site would have to offer. Simply saying Google must keep X service available would be archaic. Would other email providers be exempt from having to maintain these rights? If your job gave you an email address, would they have to maintain it after you leave the company? These are probably contrived questions, but ones that would certainly have to be answered first.
Also there could be a distinction in the law for mass communication, e.g. #users > 1M.
And it's actually harder to switch to a secondary. With my ISP, if they cut me off I can fall back on my cell provider within minutes. I have no such failover for my Google services.
If Google has the only copy of some of this content, I wonder if a copyright claim might have any leverage. It's one thing to give Google a license; it seems like quite another for Google to deny you access to your own copyrighted material.
I can't imagine being locked out of my fastmail account for anything other than abuse of my fastmail account. Or not paying my bill.
(I'm on third line ticket duty right now, so if you have something significantly more complex than RTFM, or an actual bug, you'll probably be talking to me this week)
The most common cause of getting locked out other than you abusing your fastmail account is having your credentials stolen and used for spam/fraud, which is why we recommend 2 factor authentication:
https://www.fastmail.com/help/account/securityupgrade.html
But yeah, even then we don't lock you out forever - just need you to reconfirm your identity and re-secure your account.
My gmail account (josephg@) gets a tremendous amount of email for other people. Earlier this year I was getting a lot of marketing trash from a particularly excited group of car dealerships in Illinois. Around the same time youtube suspiciously started advertising new cars to me. Its all way too creepy, and reading articles like this about people's gmail accounts getting locked out I'm very happy to reinforce my digital independence from google.
Same with my josephb@. It's amazing how many companies start sending personal identifiable information to a random email address without validating it.
Doctors, real estate, universities, banks and the list goes on.
Requiring three accounts now for instance would cost $150 a year minimum for the size I would have needed and unfortunately because I needed to rearrange my old grandfathered plan to re-organise accounts I'd have lost my previous plan.
Basically, Fastmail is good (very good), and you can still do admin type stuff by creating your master account first and creating your 'users' under it, but do look around if you are price conscious.
NOTE - I know you can't please everyone and that doesn't detract from the fact Fastmail was extremely stable, fast and had excellent customer support so don't take this as a 'Fastmail is bad' type post, because it isn't. Just look around and make sure you're getting the rid price/value for your needs.
Damn. I was going to move to them at the end of this year when my VM (where I currently run my mail) is up for renewal. But if I now need to buy several Standard plans instead, and get several gigabytes of storage I don't need, then that's less appealing.
Runbox looks good. Any other suggested alternatives?
They announced this on 18 August: https://blog.fastmail.com/2016/08/18/easier-user-management-...
https://www.polarismail.com/
Zoho is actually very good too but they (like Gmail) enforce IMAP connection limits, so it you have a lot of folders etc or use mobile clients like K9 that open a connection per folder then you can get errors very regularly.
The above is true for Zoho on the free plans anyway, but it may be different for the paid ones. But the free ones have pretty much all you could need if you don't run into the high number of IMAP connections issues.
https://www.zoho.com/mail/
If you have enough accounts to make it worthwhile I think Rackspace is supposed to be very good, but last I looked you needed a minimum of 5 accounts (I only had 4) so it didn't work out:
https://www.rackspace.com/email-hosting/webmail
[0] https://www.fastmail.com/help/account/icantlogin.html
Wish you had a dark theme, that'd be my only feedback for now (Stylish also works). Appears to be very fast, but of course, my account is 100% empty.
Also, changes propagate faster even than gmail. If you have your inbox open on 2 computers and move an email out of your inbox on one of them, you'll see it replicated in near real time on the second computer. I don't know how they do it, but it works really well.
https://blog.fastmail.com/2014/12/02/dec-3-push-it-real-good...
and how we do the initial load as well:
https://blog.fastmail.com/2014/12/15/dec-15-putting-the-fast...
Was very easy in the end, but must admit I had forgotten just about everything I once learned about DNS. As such it was nice to get a little refresher.
EDIT: I would probably have gone for Google Apps / G Suite if not for this article. So, yeah, hope it served Google well to freeze those accounts with no warning.
So I guess it's better to leave the choice to the user, with an appropriate warning text.
—Another happy Fastmail customer
A Yubikey costs less than a year's FastMail service.
So no, we're not leaving this choice to the customer sorry, SMS sucks for too many reasons to consider adding back.
CDN for unique items like mail probably doesn't offer tons of gain for the additional complexity.
And yeah, our core dev team is in .AU, so we know all about the latency. It's really not a big deal once you sync up the first time - all the static artifacts are cached and the dynamic data is loaded in the background, often before you need it.
"Flexible tamper-proof data retention policies with unlimited archiving space" - from the pricing page.
I am considering to switch to Fastmail, seems nice!
Unlimited is a bit buzzwordy, because we do have sending and receiving rate limits, so you can't grow the archive user faster than that.
Also if you go over about 850Gb of data right now you will make me very sad because I don't have facilities for splitting users yet, and we segment users across 1Tb partitions. I'm hoping nobody hits that point before I've got sharding inside users working - but worst case I spin up new hardware with larger individual partitions and put the user there :)
PS. I hope no-one reads your post now and takes it as "challenge accepted". :-)
> Our main servers are located at New York Internet (NYI) in New York City, USA.
Nvm... :(
What keeps me from enabling 2FA again, is that there's always some kind of "I lost my 2FA device" function which essentially allows it to be bypassed. So whoever's determined enough could find answers to secret questions or whatever to gain unauthorized access. If it were possible to disable this attack vector I'd get another Yubikey & try again- if...
...The other thing that prevents me from going this route, which is: The fact that it's impossible to implement an additional Yubikey functioning as a "clone" of the one used to secure the account. I can't say I've never lost my (physical) keys. But when I do I just grab my backup copies, make new backup copies, & all is well. No can do with a Yubikey.
-My 2c
Sorry for butting in uninformed.
Keep up!!!
So yeah, if I have my phone, I have a 2FA option already without SMS. I normally use the Yubikey because it's super easy.
I would also be afraid one day if Google sees people fleeing to them, they'd come in and buy them. I'd almost whish there was a public trust or non-profit who would run an email server. Post office is a government service (for better or for worse), email is a bit like what regular mail was 100 years ago.
I've had zero deliverability issues.
edit: to be clear, the spam detection works well, and if you're going to make an error, it's far less annoying to bias (as they do) towards a few spam showing up in your inbox rather than actual messages getting lost in spam. Also, they show the spam score, and you can hand adjust your spam threshold if you want.
That's because it's not spam. I'm pretty sure there's a blog post coming soon about the difference between spam and "email I don't want to receive". If you just don't want to hear from a particular email address, the way to stop it is to put an explicit discard rule for that address in your Rules screen.
Likely changes for next year include making a much easier UI option for "don't show me email from this address again", because that's a fairly common request for situations like this where you have a vexatious sender. I suspect it will be implemented as an addressbook group - the anti-whitelist!
The student loan confirmation is sent to spam every month. I mark it as not spam.
In their defense, the message is full of all caps words that look like a sentence formatted from a sql query with little attention paid to formatting plus it has all sorts of spam words (bank, payment confirmation, loan, etc).
Issues: they've fixed many of them -- in particular, charging for 2fa at $0.1/sms and the settings area in the web client used to feel like a bad programmer's first js project ever -- but mostly it comes down to, across almost all experiences, they're slightly to mildly inferior to gmail. Google's apps are just best of breed. Fastmail is the best non-google I've found, and I looked pretty hard a couple years ago.
Things I miss from gmail are things like: fastmail is a hybrid conversation based email with folders rather than tags. I miss tags; some folder weirdness occasionally peeks through. Fit and finish like after a message is selected, choosing add rule from message doesn't offer to filter other messages in your inbox that match the new rule. Etc.
Paying $40-ish/year to have email that isn't used for ads and that is run by a company with actual support seems like a good deal to me. Particularly if you don't have a friend inside google or the ability to hit the front page of HN to get customer service.
You can see the improvements in fastmail even over the 3 years. So that's really promising.
Never been happier. Their Webmail UI is less cluttered and more intuitive than Gmail (at least to me - but I'm not a huge webmail user anyways).
Well worth the money.
Absolutely not! That way you are slowly making people to lose any bits of the common sense they might still have. Perhaps losing data once or twice will make people look for alternatives. Throwing in another regulation will just increase barrier of entry for companies offering emails and who knows what else some dumb politicians could come up with, maybe this will open the gate to even not being able to self host an email server.
Or use backups. Don't go crying to the government when you can handle it yourself.
If Google wants to have a monopoly on all of that stuff, they need to be subject to regulation that compartmentalizes their services and what they can and can't do arbitrarily.
Missed texts and phone calls? How did you even get into the position where Google controls your telephony? Missed emails? Why are you using gmail.com? Third-party authentication? Did they not have the option to use e-mail or a username?
You can't fix every problem by band-aiding regulation on top of it. Sometimes you need to step back and wonder how you got here, and solve that instead.
Of course they do. Every strategic decision the company has made over the last two decades is to try to secure a monopoly on your data.
You make it sound like it's easy to run your own full stack of all web-connected applications. It's not. The cost is INSANELY high. So your real choice is whether to use one company, or dozens of individual companies for every individual service. The latter protects you against the risk of something like this happening. But it comes at a day-to-day expense which will far outweigh the prevented risk for 99.9% of people.
It's not your data if they can take it away from you. Your data is their profit center so we should demand more of these companies or simply avoid them as much as possible.
The problem isn't the "profit" bit, it's the "everything" bit.
I don't see any reason to believe that there's anything other to it than sheer size: as a company gets larger, it becomes less driven by humans and more driven by its corporate structure, or whatever.
I use FastMail, and I don't imagine for a second that it would act any more ethically if it were in the same position of market dominance.
Right now we're very much driven by humans.
Stories like this are why I didn't pick gmail for this service, which would have otherwise been my first choice.
A while back I set up email using my personal domain using Google Apps after discarding the idea of managing the while thing on a vps and after checking out a few providers like Protonmail. It basically came down to price and convenience; Google was on par with others for price and I really like the Inbox interface.
This article might scare me enough into trying again anyway, but if I can find any replacement for reminders (Fastmail or otherwise) that's as nice to use I'll jump over so fast.
While we're on the topic of wishlist items: I'd love to have sync in the app. It sucks not being able to access any emails when I don't have internet (on the subway or a car/train in some remote area, even in some shielded buildings, etc). It would be fantastic if I could tell it to store the last two weeks' emails (possibly even per-folder, "store all in folder X, last week in Y, last month in Z"). That's the feature I miss most from your app.
Other than that, keep rocking :) FastMail is awesome!
https://postbox-inc.com/features - Offers reminders (near bottom of page)
Both are email clients that should work. I don't use Fastmail, so I cannot comment for sure on that.
Besides, I'm the one he directly replied to, and I'm not complaining. Why do you care?
I've really enjoyed fastmail so far. Their UI is intuitive (after the first few days), and the service is very fast and stable.
1. Arch Linux.
2. OpenSmtpd.
3. SpamPD
4. DkimProxy
5. Dovecot
This replaced a Postfix stack that I was using. I miss the use of Postgrey, the greylisting daemon, and I seem to get more spam because of this.
I'm still in the process of trialling new providers. I'll be using fetchmail along with my existing procmailrc. The part I'm outsourcing is the spam filtering and availability on the MX.
And for doing something that I believe the law mandates companies to allow their customers to do, i.e. resell their purchases.
My recommendation is to buy a domain name use that as the primary email.
It may cost in total around $100/year but it is definitely worth it.
https://news.ycombinator.com/item?id=7141532
Probably best to pick a TLD and registrar outside your immediate jurisdiction as well as that of the USA and EU, which rather narrows the choices. .ch or .me seem reasonable.
Little wonder 'normal' people don't bother with all this stuff.
And that wouldn't even be as bad as this, because a lease is a far more legally applicable document unlike TOS's which no one reads. Further, at least your violation there is related to your apartment. The TOS being violated here was for a hardware device that isn't the service being disrupted. And the worst part is that the act that was in violation is one that governments want to encourage, to the point that owners are protected from being sued. Since Google can't attack them the ordinary way, they are using their leverage on those users with their other products to prevent them from conducting this act.
This whole thing is terrible in many ways.
B. ToS are just as legally binding as a lease (provided they are presented in the right manner, which is how Google presents them). No one cares of you actually read them or not. As soon as you check the box that said you read and agree to them, you're legally bound to follow them.
C. No one ever said that repercussions have to match the violation. As I said, perhaps suspending the account is the only way Google can comply or protect themselves legally.
D. Google has no interest in attacking anyone. They simply follow the protocol they set for this occurrence.
The common denominator here seems to be that people are getting outraged that they can't break the rules and get away with it.
Would you expect that to happen? Would you want a lot of sympathy from other people because he just cut you off without prior warning? No?
The whole thing is terrible only in the way that people like this and the dealer who buy up products that are high in demand and low in supply are the scum of the earth. They provide absolutely no value to the supply chain and make life more difficult for honest buyers.
>We may suspend or stop providing our Services to you if you do not comply with our terms or policies or if we are investigating suspected misconduct.
>Using our Services does not give you ownership of any intellectual property rights in our Services or the content you access.
If that's where you're storing your "key" - you should probably re-evaluate your personal storage policies.
You're acting the same as Google. Cold logic, zero humanity. Go hug someone you care about. Maybe even a child or someone elder. Then run through through your head how it would feel telling them what you said.
Google not only cut off services, they cut off access to remove users' content. I don't see how that is defensible.
Countless governments across the world could literally, without any notice, delete all of your data at the drop of a hat on ANY public service. See: megaupload. It's not the job of a free service provider, who literally makes 0 promises of data integrity, to provide you unlimited access to your data until the end of time.
It seems reasonable to hold Google responsible for what they say.
Personally, I lost photos of my kid's Sep 1.
So "why would people complain" ... it's a matter of perspective and maybe ideology.
I would say the other reaction is easier : make sure you have 5 google accounts. One is email and you DO NOT use it for anything even remotely business related.
All of that said, this is a perfect example of why you should diversify your online services and always, always have an offline backup.
At the end of the day, rules were broken. If you can't handle the repercussions then don't break the rules. Pretty simple.
For example it would not be considered just to cut off someone's foot when they are caught speeding. Yes, they broke a rule, but the punishment is a huge overreaction.
Google now has so many services, that so many people use for so many things (at Google's encouragement!) that cutting off everything for a minor violation of purchase terms seems like an unfair overreaction.
And it's bad business. I am most definitely going to think twice before putting data into Google now. In order to grow, Google needs its users to trust it. This seems like a gross violation of that trust.
However, Google is not only suspending their phone service, they are deleting the user's entire Google account. For some people that goes all the way back to 2004 when Gmail started. That's a hell of a slap in the face, and they are doing it without warning nor chance for appeal.
Even if you agree with Google's stance on this, you must realize that this is horribly negative publicity for them, right? There are people (myself included) who are immediately seeking alternative services and planning to drop Google altogether because of this. It's highly disturbing that they would so casually drop the hammer.
Besides that: Google is digitally killing people here for doing something whose damage to Google is not obvious to a layperson, and honestly not even obvious to me.
Please do keep in mind: They digitally killed people here in something that looks like pure and petty spite from Google. Some of these people might have relied on their gmail account for their livelihood. (Think remote freelancers, etc.)
You can also look at it like this: The punishment is wildly out of proportion to the crime.
These companies have lulled us into their systems with good intentions and free services, and now they wield tremendous power over our lives. I don't actually want to go back before the days where these services were fragmented and it was very difficult to juggle many closed services instead of a few. Still, its what happens when the company owns the whole vertical of individual user's data.
I do. I'm sick of the giant web companies. Especially since they make their money off fucking ads.
This is very imaginable. Facebook has never attempted to be privacy or user friendly; DO NOT USE IT. You are the only product they have of value.
In general, do not use third party login for anything personal you care about. It's not a password; it's nothing you control.
Anyway, I hope developers keep incidents like this Google one in mind and let people create standalone accounts. Certainly at the very least supporting more than one provider and allowing you to link another email address if they don't feel comfortable dealing with the very serious responsibility of managing and encrypting usernames and passwords.
Maybe you should encourage them to get on Signal Private Messenger, so that you aren't SOL if anything happens to Facebook.
I went with A Small Orange, they have incredible support and they stay on top of abuse reports so their emails servers never get blacklisted. I've also used Tiger Technologies in the past and they are superb as well.
With that said, I'm still considering replacing Gmail with something like Fastmail even though I'm satisfied with the email service from ASO. Having a web-based account outside the reseller hosting umbrella makes two-factor auth a lot easier to manage.
And this does not apply to just Google. We've had run-ins with Google, Facebook and Amazon on different fronts and for different issues. And, in all cases, our clients had their accounts suspended forever, permanently, done, no more.
One case happened about six years ago. Google opened-up a product called, if I remember correctly, "AdSense for Domains". The idea was that, rather than park your domains with GoDaddy (or whoever) and have GoDaddy earn $0.02 and give you $0.005 on ads placed on your domains you could, instead, park them directly with Google and get paid directly.
One of our clients had over 250 domains on GoDaddy. They decided to move them ALL to Google. The process entailed moving them over to the Google provided DNS, followed by an automated approval process that took minutes. All 250+ domains got moved and all 250+ domains got approved.
About three days later: "All your Google accounts have been suspended due to fraudulent activity on your Google for Domains pages". Upon digging, it appears they claimed excessive clicks on ads. Well, nobody clicked on any of them. At least not our client. The domains were many years old and were logging ad clicks on a regular basis when parked with GoDaddy for years. In other words, normal behavior.
So, Google acted like a totalitarian regime run by an asshole and cut off our client. All for the $50 a month these parked domains were going to earn him. What really sucked was that his AdWords account got rolled into that as well, so they lost all ability to use AdWords to promote their legitimate business. No appeal. No email. No way to communicate.
Can't get more despicable than that.
Oh, wait, you can!
A different client. They had been advertising their products on Facebook with some results. Nothing great, but they were learning. Their product, for women, featured images of a woman wearing a normal bikini. No, nothing racy, just a normal looking bikini worn by a model. Facebook flagged the ads as inappropriate despite the fact that, during the same period of time, you could regularly see half-naked Victoria's Secret ads on FB all the time. So these guys, not wanting to get into trouble, changed-up their ads to simple graphics. No problem.
About six months later they decide to take advantage of a lucrative affiliate program for a business course. They decided on a budget and started to advertise it on FB. No scam, a course tens of thousands of people had taken. Legit through and through. About a week into this FB emails: "Your advertising account has been suspended permanently." No reason given.
They reached out to FB with their appeal form. No reply. Tried again. Snotty reply saying "Please consider this decision final. This will be our last communication".
And so, this company, a valuable and upstanding member of society, is now cutoff from advertising on Facebook forever. Done. For life.
This, in no uncertain terms, is pure highly refined bullshit totalitarian crap. This is NOT how business is done outside of the realm of games played by petulant children. It is disgusting, to say the least.
In the real world business people engage in conversations to find common ground. If a magazine doesn't like your ads, the editor will discuss them with you and seek modifications. They don't cut you off for life. That's some violent bullshit there.
No, I think it's high time the likes of Google and Facebook visit the receiving end of a good government style reaming. I'm so sick of it I am more than willing to get the ball rolling. What's the best course of action? Any law firms who read HN interested in a nice fat class action lawsuit?
Consumers can't be treated like this. It has been...
I am talking about manners, caring, being considerate, respectful and not insolent, petulant and completely oblivious to what human decency and respect entail.
Places like Facebook are almost entirely populated by a generation of young people who are intellectually smart yet socially vacuous to an unbelievable extent. It is an insolent, immature generation where 27 year olds can actually behave like my 9 year old's do, or worst. And, in many ways, it's like Vulcans with shitty attitudes. No human part at all. An empty logic machine operating with a flawed and fucked-up version of logic they have created.
That's what's going on. They now rule the world and have very little in the way of human decency within them as a guide. And, of course, through intense age discrimination there are no adults to teach them how to behave in the face of real human beings, with real lives, kids, businesses, problems, bills to pay, concerns and needs.
This is the only context within which a person could possibly decide it is OK to utterly destroy someone's income without as much as a conversation.
And, since they don't seem very interested in correcting their behavior (or don't even understand why they should) it might be time to throw the only possible correcting factor people on the outside can reach for: Government goons.
It sure feels like it's about time. Too many of these stories out there.
@"good government style reaming", I just wanted to add that interestingly, a government (at least a democratic government) operates exactly the opposite of Google/Facebook.
By which I mean that there is democratic control over their policies, there is a hierarchy of courts and tribunals, there is a structured appeal process, and there are certain rights that no one, not even a court, can take from you.
It's almost as if at some point, people all around the world noticed that if an organization becomes so big that it's services might be considered "infrastructure", a different approach to decision-making is advisable. And they made that organization adhere to those principles, sometimes by force.
Google, Facebook and others need to experience this at a level 100,000 times greater than a typical contentious IRS audit. Maybe then they'll hire a few adults to teach the kids how to behave in the real world.
Yikes. That is scary. A large part of my online life is tied to Google. I was even debating getting a Project Fi phone too. Because well it is convenient and cheaper, but it would mean sink everything even deeper into Google.
For fun though, let's imagine if Google or Facebook ran a country. They would control the news you read, the apps you can install, they know where you are at every single instant (via your phone), they know all your secrets (who you talked to, what sites you visit, how often), they know who you know (contacts), Nest thermostat at home even controls how warm or cold you should be. In return you get all the super shiny and new stuff: latest technology, watches which measure your cholesterol, VR games, best email experience, unlimited archiving of your photos, really fast tear-free rendering of web pages. But if you make a wrong step your plug is pulled and you have no recourse. You go to the store to buy something, you just don't exist in the system - no access to you account. Can't travel because it refuses to route you. You can't talk to email or chat to other people because they can't reach you.
This is creepy as maybe it means they could mess with your sleeping habits!
Violating it often ends up in bloodshed and revolutions.
The goal of the project is to support OSS that can replace "free" services that subsist on our data. Interestingly enough the maiden project is tentatively called Tmail (short for torrent mail).
It works somewhat like TOR in that it will depend on volunteers to host nodes that will communicate with existing email providers (outlook, gmail, yahoo, etc) and relay the mail over 80 to RPis preloaded with MDA (mail delivery agent) software.
The goal is be able to expand the service to allow people to sign up for email accounts without running their own software (a la gmail).
It gets way deeper than that, but I'll leave it there. You can follow the project at https://github.com/freedatafound/. I've also bought http://freedatafoundation.org but there's currently nothing there.