Ask HN: My Microsoft account has been suspended by Microsoft without details
I am not given any other options than to Contact Support about it, which I did yesterday and got an answer today that tells me nothing more than the very few that I know:
> Microsoft disabled access to the account due to a serious violation of the Microsoft Services Agreement https://www.microsoft.com/en-us/servicesagreement. As stated in the Microsoft Services Agreement, you will no longer be able to access any Services that require Microsoft account. For any subscriptions associated with the account, Microsoft will immediately cease charging the credit card on file for recurring charges. [...] Pursuant to our terms, we cannot reactivate your account, nor provide details as to why it was closed. This represents Microsoft’s final communication regarding this account.
I hope that I am not violating any other terms by sharing these messages. I do it out of frustration to know what exactly I might have done to deserve this, something more detailed than "you have violated our Terms as you eat your dinner", because without knowing which action of mine caused this, I either;
a) Will be unable to understand my mistake and not repeat it,
b) Will fear out of doing nearly everything and refrain from them, such as using a VPN on Amazon's AWS at Ohio, which I am sincerely suspicious of.
Microsoft's own way of justice is against the legal systems in all the modern countries, which always makes sure that the accused knows their faults, as one of their rights, and for the benefit of the accused not getting involved in such acts for a second time, for that they this time will know.
228 comments
[ 3.1 ms ] story [ 189 ms ] threadProbably just like everybody else.
Of course, Linux has a different set of problems. I just spent most of a day getting audio to work again on Linux after accidentally turning on HDMI audio. This is the 16-step procedure for fixing "no sound" problems in Ubuntu Linux.[1] It's a cut and paste of ten years of hacks for fixing sound problems.
(I took a stab at writing a sane audio troubleshooting procedure.[2] It doesn't have to be that awful.)
[1] https://help.ubuntu.com/community/SoundTroubleshootingProced...
[2] https://ubuntuforums.org/showthread.php?t=2397280
Another $80 is still less than many other cloud providers for 4 years, and going down the Linux road is way too rocky for my preferences, though, may change.
The Linux road is pretty smooth for most things. And it has the advantage that it doesn't just disappear into thin air with no explanations....
Now you might think the AG won't have time for you, but the AG is not sitting there reading the incoming email and deciding to act. The AG clerk on duty will check that basic facts and dates are present in your email (make sure to include them), and ask the BigCo for their side of the story; all that before anyone even looks at the merit of the case. The BigCo will now face a choice - continue corresponding with the office of AG (which is billable lawyer time plus a drain on management brainpower), or shut you up by giving you back your stuff (which is free).
If you sue them they'll have to reveal what they think you did. Other than that you're probably only entitled to access to your data so you can transfer it to another provider, as well as maybe a prorated refund if applicable (and you'd probably have to hire a lawyer for that, too, because they possibly won't answer any further inquiries on your part).
You mentioned a university licence. Many vendors explicitly prohibit usage of such licences for purposes other than educational ones. This might be the cause of your problem, for example if you used your account for hosting a commercial application on Microsoft Azure.
Another option would be talking to a consumer organization (not sure if this is applicable because a university licence might not qualify as a consumer licence).
Other than that: Caveat emptor. I know this sounds trite and doesn't really help in your current situation but when you entered that contract you very likely agreed to the terms Microsoft now uses against you.
Yes of course, he should have simply not used e-mail.
This is probably a good example of YMMV
Sue them for what? Surely they reserve the right to deny service to anyone?
Even if the contract contains language allowing them to do that (worth checking!), if he signed the contract as a consumer (not as a business) this might be against consumer protection laws.
Also: keep backups outside of the Microsoft ecosystem.
The more I see things like this happening, the less I want to entrust anything important to MS, Google, Amazon, etc.
- "Install Microsoft Authenticator to log in with your phone"
- "Sign up for OneDrive to protect against ransomware attacks"
- "Do more with Microsoft Edge!" (this one shows up when you change your default browser)
I prefer my operating system to not upsell me.
The only problem with my Microsoft account seems to be that I didn't create one. Not a problem to me, but obviously a problem at Microsoft. |But then I'm only the guy who BOUGHT the computer and deliberately avoided creating a MSFT account. What do I know? Funny how there's no "go away and never bother me again" option on that alert.
more and more, Microsoft makes me feel like a visitor in my own home (computer).
I think it started with XP. If you tried to avoid installing windows genuine advantage (by deselecting it during the update procedure), it would come up again, then come up with increased frequency. Until in my case, it somehow just started installing itself of it's own accord.
People paid money and bought computers that came bundled with Windows licenses, and then they paid money for Windows major updates, and then ultimately Microsoft decided to bundle most of the updates for free. But one day in one of the free updates, they added in WGA (how is this not bait and switch of loyal paying customers? My operating system needs to phone home for security reasons?). But you had to opt-in. Then they decided in a later free update that it wasn't such a great idea to allow their users to permanently opt out, and their software got increasingly aggressive about making sure WGA was always enabled. You could opt out, but it tried again. And finally you just couldn't opt out anymore.
Then they used dark patterns to ensure you would think you needed a Microsoft account just to log into their computers. Wait was it your computer? Now this article about someone whose Microsoft account was closed without explanation and they're up shit-creek for it.
Is this not all absolutely part of the same conversation? It's a long history with a lot going on in it. This is not a rant against Microsoft, but a cautionary tale against depending on SaaS and letting it creep into your stack, as that's apparently also what Windows has become now, too.
I was 10 years old in the 1990's and recently I realized that I had actually convinced (or suppressed) in my memory that IE was never really a monopoly, but the historical statistics on browsers tell a very different story. So maybe my memory is not so good about IE, and given that I switched to an Open Source system in my teenage years and didn't look back, perhaps that can be excused, but still most people actually haven't. (Hell, some are still using IE...)
I guess it's true that, with the coming of the Internet, and the possibility that you could easily download and pirate Windows, if everyone knows this and WGA doesn't happen in 2008, then your security is legitimately at risk if Microsoft can't profit off of Windows, because then they won't have any incentive left to provide updates except at cost... and you need updates (we need you to get updates, it's like a vaccine that herd immunity only works to stamp out the disease if most people get innoculated.)
Microsoft is much bigger now than when the internet was new, and I think are not really worried about making a profit off of Windows anymore. But as a Windows user, I think that understanding of the history and assessment of the current state of where we are at with Windows profitability and updates would be troubling, for me.
The feeling of being given the option to choose, then being coerced strongly (with my resistance) and then being forced upon my laptop gave a strange sense of having been violated.
In a way I'm glad it happened. I was so annoyed / possibly angry? that it prompted me to find a different OS, and my only regret was not finding it earlier.
Have you noticed how on the desktop it says "this PC", not "My PC" ?
It's not the same but I made the mistake of trying the Microsoft launcher on my Android phone. Maybe I was thinking it was the MS Authenticator app. What a disaster! It took me a while to figure out how to revert back.
For the curious to undo the MS launcher: settings > apps > click dots in top corner > Default Apps > Home Screen > Choose a different launcher
But I do see many other people asking how do undo the MS launcher so it seems like I wasn't the only fool.
The MS launcher does look interesting but it was not what I wanted.
Of all the obnoxious things with Windows 10 there was nothing that made my blood boil more than being in the middle of a competitive Overwatch match and have Windows pop up over my screen telling me to install Skype.
(The second place award goes to when I was using one of those early developer builds of Windows 10 and the license expired. Next time I booted the machine it booted into a blue screen telling me that, because it had expired, they went ahead and deleted a system file that made the OS impossible to boot. The exact details are fuzzy now, but that's the gist of it. I'm seriously not making that up. Important system file deleted; OS dead)
you can disable that, and it might actually improve your performance as well!
I think it was in Settings (the windows 10 settings, not the old control panel) / Gaming / Game Bar [disable] && Game DVR [ OFF ]
> I get spammed _during_ gaming with popups telling me to install Skype or some other Microsoft product. Plus all the spam on the lock screen about using a Windows phone (I haven't even _seen_ anyone with a Windows phone in five years).
never experienced that, nor do i use the lock screen @ home, so no clue there
It's one of those talking, singing, humming, weather-reporting, poetry-reading, novel-reciting, jingle-jangling, rockaby-crooning-when-you-go-to-bed houses... With stoves that say, 'I'm apricot pie, and I'm done,' or 'I'm prime roast beef, so baste me!' and other nursery gibberish like that... A house that barely tolerates humans, I tell you.
lol, "do more ..." a browser that doesn't even support basic API like EventTarget or CustomEvent constructors. they learned nothing since IE debacle.
At least they were forced to offer LTSB for enterprise customers. Though I recently read they are rebranding the name.
But I still ended up needing a Microsoft account for the download. I was surprised to find I already had one (for the email I was using) , but I did and I was able to use it to download/install/validate the software.
Only later did I realize it was an account I created for my son to play Minecraft... hopefully he doesn't manage to get me banned from the Microsoft ecosystem.
In the future this can only exist if people pay for it, and clearly ... that's not going to happen.
I didn't even know a Microsoft account was an option when I set up my desktop :)
I'm no entirely familiar with the differences and I've been planning on buying a Win10 Pro license, so any advice would be helpful :)
Enterprise licenses give you full control of the OS via group policy in addition to all the things that Pro gives you. You can effectively turn off anything you want in the editor.
You also have full control of updates, so if that's what was keeping you away from W10 then... there you go.
Then, does that mean that you can't edit those settings in the Pro version? (I know there are some utilities to do that, but I would prefer to do it natively)
Unfortunately you can't. The 3rd party utilities work fine though, you just have to run them again after every major update.
It's also used for putting files on the cloud and renting VPSes, but those uses are much less common.
Is OP saying that, with his Microsoft account locked, he can't even use his computer?
Because, you know, there are ways around that. And worst case, you can boot with a Linux LiveCD, and copy all of your stuff to a USB drive. Unless you've used Bitlocker, anyway.
Sure it is; Microsoft is very heavily invested in a SaaS model now. Of course, some of it is SaaS that is locally installed or at least has a substantial locally installed component, but it's still a SaaS model as opposed to a physical media with attached no-interaction perpetual license model.
https://support.microsoft.com/en-us/help/4051701/global-cust...
Whatever you do (custom domain or not), you're always exposed.
And of course you're always exposed, I'm not sure why you'd mention that. It's no reason to just give up and do nothing.
They are too small for anyone to give a mess about.
This type of behaviour should be banned by the European Union.
You should be provided with the exact reason of why your account is being closed , regardless of who is the provider of the service.
It's unacceptable that companies like Microsoft, Facebook, Airbnb feel entitle to behave like this knowing how critical the service provided by those companies are for some organization. Plus the fact that those suspensions are usually done automatically by an algorithm powered by Machine Learning or something similar.
This type of mechanism could destroy an entire organization if the account of CEOs , CTOs, CFOs are suddenly locked down without possibility to access their emails , their contacts, their meetings and others business critical information.
This is outrageous.
As an example, people lost their money to PayPal and had their accounts banned because their address contained a street named after a sanctioned location.
Corporations are panicking. They spend billions of dollars on due diligence now and this is the result you are seeing. They don't want to spend even more billions of dollars on fines.
Obviously they can't tell you "transferring over 500 USD per month to Africa looked dodgy to us, so we closed your account". They are keeping details secret, which makes sense because next time you'd just circumvent their checks.
> As an example, people lost their money to PayPal and had their accounts banned because their address contained a street named after a sanctioned location.
That is ridiculous. Modern companies have no problem Hoovering up and analyzing vast amounts of intelligence on consumers for marketing purposes. PayPal almost certainly has liasons with any number of three-letter agencies that also feed them intel related to criminal or terrorist activity. Link analysis and graph database software has reached commodity status; it's affordable and available. Directing them to do something to stop transactions between accounts known to be affiliated with terrorism is a reasonable request.
If their solution to money laundering bans accounts based on something so naive as terms found in a street address, their unbounded, colossal incompetence is not the fault of any government. PayPal has never had their shit together-- run-of-the-mill fraudsters have no problem keeping accounts open, but yours will eventually be seized without notice or explanation.
Meanwhile the EU imposed a 3 billion dollar fine on Google for, and this is sadly not a joke, depreffing incredibly annoying shopping comparison sites, specifically this one [1][2] and a few others. Go on, visit it. And then tell me how much the quality of the internet is lowered by making that site harder to find.
(the real reason: the Kelkoo CEO, and I'm not even joking, convinced a secretary of the EU competition commisioner (the previous one) that they were a viable EU-based competitor to Google. Yes, really, that's the level of intelligence the EU commission had, they believed that Kelkoo would be doing internet search engines better than Google)
What exactly makes you think that when we're talking lesser amounts they'd be more careful ? Doesn't it make more sense that when they want something, like say, imposing sanctions or find someone that may have spied on them, they don't just go "all info on these users or it's a $100 million fine" ?
Because reality is more like "Block this list of users because the police chief's wife's tennis partners' ball producer's 2-year old niece says they stole a teddy from her dog or it's a $1 billion fine. Oh never mind she found it. Did you block em yet ? BLOCK EM !"
[1] http://www.kelkoo.co.uk/
[2] https://www.politico.eu/pro/politico-pro-morning-tech-google... (non-paywalled mirror @ http://blog.digitalmedialicensing.org/?p=3823 )
The intent is to not reveal that the account had been linked to (for example) financing of terrorist organizations, but in reality I think it causes more problems than it solves. A real criminal who has their account shut down is probably going to be pretty aware of what the reason is. On the other hand, many times something like this can happen due to a mistake by a government agency, an account takeover, or some other situation where the owner of the account has no idea what went wrong or how to fix it, and finds themselves blackballed by multiple financial institutions with no recourse.
I’m not a fan of PayPal by any shot, but I would wager a nontrivial number of the customer support nightmare stories we’ve all read actually come down to this, and their hands are completely tied.
If they're barred by law from saying why, fine. If not, they should have to provide at least some reason, and a way to appeal.
"Gee, it must've been that meme I posted the other day."
It’s dumb, and of course a guilty person will know exactly what happened, and of course hearing a response that their account has been closed and they cannot appeal or get any information as to why is going to make it even more blindingly obvious.
Past a point, this becomes like those building regulations and other points of governance, that are not actually publicly available.
And your democracy fails. Because how can people govern, including themselves, when they don't even know what the rules are? Where the "lines" are?
Maybe, ultimately, it would be more useful to effectively inform the public about such funding, than to hide it away.
Also, there's been another round of conversation in the last some days, about "cashless" payment systems and societies.
What happens, when some initiative or data point -- or someone's personal agenda -- flags you as "suspect"?
When your cards are suddenly deactivated, your accounts frozen, and no one will tell you why? Nor for how long?
This secret behavior -- this secrecy -- needs some serious and effective limitations.
Or we are all going to be at risk of violating society's "terms of service", and made pariah, without explanation nor recourse.
Slippery slope...
Sincere question: what are you conveying by using that spelling of (I assume) "terrorism"?
I don't support it. I also don't want to be flagged for simply discussing it.
Of course, this simple tactic may be futile, on my part.
Which sort of brings us back to the colloquialism.
Or is it just as the mentioning of terrorist mean that we leave the confines of modern democracy and enters the territory of fascists policies, as we become what we fight?
the fact that accounts are locked and funds frozen by hacked together system dependent on irrational machine learning algorithms and never heard in open court is the premise for any number of dark dystopian science fiction stories and deeply scary and yet we seem to keep enacting laws and frameworks that rewards companies like Microsoft for arbitrary enforcement by making it impossibly expensive to challenge punishment dished out private enforcers(microsoft/facebook/youtube etc.) who can be punished by the state for not enforcing aggressively enough
It's not. It's also not practiced exactly that way.
There is always a maximum duration for those things, and after that duration secrecy is gone.
Also, before locking somebody's account, the law enforcement people have to get in front of a judge, and make a really good case for why it should happen. Normally judges do not like people asking for unilateral actions (on most places judges are very competent lawyers, and if there is something that lawyers really love is their antagonistic system for decision making).
Money laundering laws are not like anti-terrorism ones.
If the block was followed by mandatory court action by whoever made the block with failure to successfully prosecute resulting in compensation paid to unjustly accused, there would be balance but thats also not how this kind of block works, as the courts are usually not involved when it's the banks/services own mandatory anti-fraud process thats being invoked, and not the police conducting an investigation prior to an actual open court case.
The problem is that private organizations are being asked to police their customers on their own under a framework thats basically outside of the justice systems, under penalty of fines by a justice system, that is not issuing the same fines when the private organization punish the innocent.
Again the problem is we have a mechanism that made some sense when nothing ever happened without sooner or later happening in a court that can/will punish the police for false arrest when/if the resulting prosecution fails, that due to the fact that a false/incorrect negative action no longer have consequences for those making it happen, especially as it happens under the pretense of being done but a free private organization by private organization that are theoretically free to reject customers even if that rejection is practically ordered by the state.
I haven't heard about something like this happening anywhere, but it's not hard to imagine it, unfortunately.
You are talking specifically about the financial and banking industry. Working in the banking industry , compliance regulation prevents banks from communicating about why your funds are frozen so the SEC can investigate and determine whether are not a fraud or suspicious activity were committed.
Such thing does not exist in the IT Industry. Microsoft ran their in house auditing tools , determined the account was suspiscious , set a flag "is_suspicious" as "true" in their database and the next day a batch ran and suspsended their account.
IT Audit for GAFA is 100% automated , there is no human interaction unlike Banking , Insurance and Finance.
Hence, the fact that BFA must communicate after the investigation about what fraud you committed to properly charge you in court and banned you from the services( You can even be banned in an entire country from owning a bank account depending on the severity ) but they must tell you why.
That is not the case for tech, it is completely unregulated which is why it's making me this upset.
This is particularly true when products frequently gain new features or integrations with other company-provided services, as changes in one system might allow an account that’s partially suspended to be able to perform legally-forbidden actions in another (think: something like iMessage gaining Apple Pay support). Yes, you can solve these things with engineering, but not only can that easily cost more than it’s worth, but you also open yourself to massive company risk if you fuck it up and regulators catch wind.
Yeah, I used to work on a fraud detection team for another company, where some guy got some traction online complaining about how his payment account got shut down. All sorts of bluster about how he scrupulously followed the terms and conditions and how he couldn't possibly be doing anything fraudulent and how we were stealing his money, and lots of bad publicity in threads like this.
Turns out the FBI was investigating the guy for hosting child porn on another service using the same account, and we weren't allowed to respond in any way to his complaining online. So we shut down all his accounts and couldn't really do anything to defend ourselves against his complaints.
In my experience, like 90+% of the loudest complainers of account shutdowns are completely full of it, and are guilty of very obvious violations that they somehow fail to mention when blogging about it. I'm not going to say that false positives from machine learning systems never happen, but people who loudly complain about their accounts being frozen don't have a good track record, and since most companies aren't going to discuss exactly why they got shut down in the open, the prevailing narrative seems to be that the large faceless corporation doesn't care.
On the converse, though, termination without reason does serve a purpose. For example, if this was because of illegal content being stored on the service, Microsoft may be complying with law enforcement and doesn’t want to tip off the suspect.
I strongly believe account remediation is better than all out termination, and that termination should only be enacted in the most severe of cases (repeat offenses or potentially criminal conduct).
the suspect is already going to be tipped off by the fact his account is banned
You might even require a $5 bond to appeal or something, to prevent spurious appeals.
Meanwhile, normal users are left totally confused, with zero recourse and potentially a loss of important data and other significant repercussions.
It probably already is. Under Article 15 of the GDPR, you have the right to access personal data and to an explanation of how that data will be processed. A database entry saying "this account has breached clause x.y of our ToS" constitutes personal data within the scope of GDPR.
Under article 16, you have the right to correct any inaccurate data. Under Article 22, you have the right to opt-out of any wholly automated decision-making process that "produces legal effects concerning him or her or similarly significantly affects him or her".
Article 23 does impose some restrictions on those rights, e.g. in matters of national security, defence or criminal justice, but those restrictions are narrow and specific. If someone tells you "your account is banned and we can't give you any further information", they're likely in breach of the GDPR.
https://gdpr-info.eu/chapter-3/
This is undoubtedly unfair, but I honestly wonder: if this is even legal?
I frequently take downloads of my Google content with Google Takeout but haven't been doing the same for Microsoft. Recently started adding important content to my MS account, and probably ought to start doing the same for that service.
edit: yeah, yeah, yeah all the cool kids don't use Microsoft stuff. For some of us, there may reasons we do, and I suggest this MS service might do the trick. I'm still testing what all is included in this export. UPDATE apparently this tool just exports a json file including usage information of each MS service but not the data contained within those usage sessions i.e. a file I've created in OneDrive Excel. Hmmmm.... going to continue the hunt.
https://account.microsoft.com/privacy/export
Even for spam they wouldn't block you like this right weather. It's due diligence.
Were you storing files? If so what kind of files.
You might find there's some kind of activity you've been doing but thought was ok, or you were storing files which got flagged for porn or copyright.
I'm thinking content scanning or Microsoft Account telemetry.
By any chance, did you have child nudity (ex: photo of child bathing, etc.) on your OneDrive? If so, I wonder if PhotoDNA picked it up (see https://www.neowin.net/news/man-arrested-after-microsoft-fin...).
E.g. my email, calendar and contacts are at FastMail with my own domain, cloud storage is at Dropbox but looking to migrate to pCloud (after their recent fiasco). For notes I use Evernote, but investigating Standard Notes. I also don’t buy DRM-ed books or other products, e.g. I buy DRM-free audio books from Downpour. I have a Spotify account but I regularly buy the music I like. I have an iPhone but I’ll be damned if I’ll let Apple dictate my web browser therefore I use Firefox and apps that play along with it.
My Google and Microsoft accounts are basically unused. I use Docs at times but I regularly back them up automatically. I don’t even use Google’s Search anymore. I have some apps purchased for Android but I stopped using Android for now. If they block me for anything, I couldn’t care less.
These companies that have products in multiple markets are after lock-in of their users by any means necessary. Don’t fall into that trap. The alternatives cost more, but your freedom and privacy are worth it.
But no, we are not talking about the same degree of risk.
You're comparing car rides with BASE jumping.
Then it's just a matter of keeping backups of your email.
Now, if my domain host goes belly up, I'll probably have a somewhat painful process of porting my domains elsewhere. It's still doable but it would probably mean a few days of downtime.
You can host your own email just like you can generate your own electricity. It's definitely worth it for other people and we definitely need more people that self host to keep email an open standard, but personally I've got better things to do.
It would take me at most 1 hour to move, on the clock. I know because I moved between email provides about 3 times already.
("imapsync" helps)
https://rclone.org/
https://hbr.org/2018/07/a-study-of-thousands-of-dropbox-proj...
Quote:
> Dropbox gave us access to project-folder-related data, which Dropbox had aggregated and anonymized, for all the scientists using its platform over the period from May 2015 to May 2017 — a group that represented 1,000 university departments (from the top 100 universities and their Dropbox collaborators from other anonymized universities of any rank).
This was done without the consent of those involved.
Wired seems to cover the story: https://www.wired.com/story/dropbox-sharing-data-study-ethic...
AFAIK all iOS web browsers must use WebKit so really are little more than a shell on top of Safari.
I'm interested in switching away but nothing I've found beats Gsuite in terms of ease of use, and paying for Gsuite for my domain means I don't have my data pawed over like plain gmail accounts are.
Personally I found it hard to migrate to G Suite after being off for about 3 years and couldn't do it.
For example FastMail is less featured, but the web interface is really responsive and the keyboard shortcuts are better. Whereas Google Admin is a nightmare and GMail has gotten really sluggish in the latest iteration for no good reason.
GMail has labels, many people are addicted to those. But regular IMAP folders play better with desktop email clients and I prefer desktop clients. GMail's labels are cool for classifying stuff (e.g. My Projects), however IMAP folders are good for separating the junk. For example I don't want Mailing Lists in my archive.
G Suite has many limits that bother me that do not apply to FastMail:
- Limits maximum IMAP connections to 15: https://support.google.com/mail/answer/7126229?hl=en
- Limits bandwidth: https://support.google.com/a/answer/2751577?hl=en
- Limits maximum number of user aliases to 30: https://support.google.com/a/answer/33327?hl=en
I have hit all of these limits at some point.
FastMail works with something called "sub-domain aliasing". So if you have `user@domain.com`, you can come up with addresses on the fly, like `google@user.domain.com`. I do that for every online service I use. And the web client is friendly to that too. E.g. you can define "wildcard identities" or you can set certain identities to be used per folder.
Sadly Gmail only supports "plus aliasing". This is weaker because it's easier to remove the alias and because many websites, including big names, do not accept "+" as a valid symbol.
You can configure G Suite to redirect all email via a regular expression, so you sort of have it, however it doesn't work if you want to also send email, which you need to reply for support and stuff. This is because Gmail will not sign your emails with DKIM unless the email is a genuine user alias, no dynamically created email addresses allowed, except for plus aliasing.
Speaking of which, even when you send from a legitimate user alias in GMail, GMail will leak your primary email address via the Return-Path and other email headers. This means that user aliases in GMail do NOT work for maintaining privacy. For example one practice I have is to create a throw-away email address that I put on my blog. I don't want my email to get in the hands of spammers via my website. And I get contacted via it and sometimes I reply. Personally I don't want my primary email address to leak when doing that, but that's what GMail does. And I'm not even mentioning that adding email aliases is freaking painful, as you have to add it once in Google Admin and a second time in GMail's web interface.
Basically GMail is useless if you want to have multiple email aliases.
Another use-case I have for FastMail is to send email from my own VPS. I have two VPSs actually and I want them to send emails on important events. FastMail allows me to set a "SMTP only" password. And in case my VPS gets compromised, theoretically at least the attacker will not have access to my email archive. And FastMail's limits on sending email are pretty relaxed. You can send notification emails from your own VPS without worry. Just don't send spam as they'll probably react to that.
It's ironic, but for all of GMail's praise, it's actually pretty bad at handling email.
Also, not sure what exactly you're using from G Suite, but Google Drive is absolute trash f...
Now I see a better alternative: Powerful pattern search, with a store of the patterns for later reuse.
Fastmail has this, and reference documentation is excellent:
Minor GUI annoyances: Advanced search not obviously discoverable, list of saved searches scales poorly.Hmm, I just now sent from a Gmail alias to a non-Google account. Don't see my primary address anywhere in the received headers.
Could the circumstances under which you see leakage be specific to some particular use case?
I am a (former) Evernote employee. Before I joined I didn't use Evernote. After I left I started using Evernote extensively (Hard to use the app when you are constantly messing up your test account doing dev work :-) )
From my experience there I know that:
1) the people there really care about the customers. If there is any sort of problem, the customer support will really go to bat for the customer. There are more than a few times where CS ensured that a bug fix made it in.
2) If there is any sort of data corruption, Evernote will stop the weekly release to get back the data before doing the next release.
3) You can get a hold of a live human being to get support
4) Evernote has a explicit policy of never going to an ad model.
5) User privacy is highly important.
6) User security is highly important - if Evernote had a choice between Evernote as a company getting hacked or a user (not even a customer) getting their account hacked. Evernote errors on the side of protecting the users' security.
Please reward this positive company by paying for the product - that is their only revenue source :-)
But the thing I miss with Evernote is the ability to create end-to-end encrypted notes. I don't necessarily want all notes to be encrypted, just some.
I hope they add this capability.
The major barrier (as I recall) is getting such a feature to play nicely with multiple installed clients and the web client.
Second strike: Mon, Jul 9, 2018 at 10:36 PM
Third strike: Mon, Jul 9, 2018 at 11:31 PM
The last / third strike came with a "Your YouTube account has been terminated" and any attempts to login or view any of my videos gives a page missing and the Google account associated with it doesn't even appear in any of my menus.
I don't really care that much it was a dumb joke channel I made to poke fun at how often profanity is used in rap music. The part I find pretty perplexing is that I _removed_ the profanity from the music and the channel was flagged for offensive content.
Sounds like a recipe for griefing.
This is why I don't put anything that I care about on a service or system I don't control. If I want to host videos I care about staying online, they live on a VM configured for a pretty common LAMP stack which exists on a hypervisor that I own and control down to the bare metal and the contract for the colo rack space and 208VAC power.
Using this example, that same 1RU system has a connection to an ISP that I know and trust. It's not going to go offline unless I were to do something so terribly abusive (in terms of network abuse) or illegal that it would cause them to admin down the 1000BaseT port facing it. Or it could theoretically go offline if I used it for illegal outbound network activity and somebody from the local FBI field office showed up with a warrant to take it (again highly unlikely, because I don't do that shit). Those are just about the only circumstances in which a third party could bring it offline.
This sounds like a challenge. Does the winner get a bottle of scotch?
:)
edit: actually, yes, the winner would get a bottle of scotch. I have had people that I know and trust, with my permission, attempt to gain external access to it, without success. Not claiming I'm any sort of netsec wizard, just that I have a layered defense of most common security precautions for anything that has a public static IP address these days. Nobody has been successful yet. It could theoretically be brought down by:
a) social engineering the ISP it's hosted at (unlikely, they know me, I know them)
b) physical removal (its reverse DNS gives no indication of where it's physically located other than within a major metro area, could be at one of about twenty different datacenters. all of which have reasonably good physical security in place).
c) false legal claims causing some legal authority to bring it down, theoretically possible, but unlikely given the strong EFF/ACLU supporting political stance of the owners of the ISP it's hosted at. They would fight anything short of a court order that they could be held in contempt of.
d) Extensive sustained DDoS. I don't have any enemies that would be interested in wasting a DDoS on this, but its upstreams have a LOT of extra peering and transit capacity to absorb DDoS up to the 150Gbps range.
e) hardware failure, it's not perfectly 1+1 redundant in everything. but I have backups of every VM that can be brought up fairly quickly on a temporary dedicated server in a new, different, geographically diverse location fairly quickly.
f) some terrible unknown zero day exploit on one of the few daemons that listens to the public interface, through which some method of accomplishing a user and then su/sudo root shell might be possible.
It is a mistake to think that consequences that come with other businesses or the government believing you are doing something illegal can only occur if you actually do something illegal. (It's also a mistake to think that the government could o my seize your computer if it thought you did something illegal with it; though if they didn't but thought it had relevant evidence they might ask nicely before getting a warrant, rather than jumping straight to compulsory process. But that's politeness, not a legal mandate.)
Yes, there is also danger in civil lawsuits.
Why do we do it?
Because these sort of stories represent probably something like one in a million failure rate. That is ridiculously successful. And those "simple things" you say are really not all that simple.
On a side note, as a published author on Amazon, I've heard horror stories in the usual author forums of Amazon doing the same to authors, pulling all their novels off their site without warning and terminating their account. Amazon does have some remediation pathways (unlike the AirBnB guy), and many authors had their accounts restored after weeks or months of perstering support (although the damage is done).
[1] https://news.ycombinator.com/item?id=17523056
I live in Turkey, I use VPN (on AWS at Ohio) not to circumvent anything else than the imposed restrictions of my own country, and not some other countries' or companies'. Along with countless others, Wikipedia and Imgur are some well-known websites that are made unaccessible from Turkey. With Windows 10's VPN client, you don't even recognize that you are on VPN. The overhead is so low (relative to the basic internet speeds), that I don't even notice that VPN is on most of the time. I usually open it when I want to visit some Wikipedia page, and turn it back off after recognizing delay/lag on the games I'm playing online. Not even videos load recognizably slower, not on my VPN on AWS at least.
Within last 10 days, I had encountered the news about Dragon Ball Z - Season 1 being free on Microsoft Store, one like this I just found searching: https://www.neowin.net/news/first-season-of-dragon-ball-z-no...
I wanted to give both the anime and the Microsoft Store's video section a try, and did nothing more than just opening the Microsoft Store, finding the content, getting it for free and watching the first episode. My guess is that this might have been the problem.
If this really is the case, then I could not possibly know I was fooling Microsoft Store: - I did not and still do not know if the content was not available, free or paid, from Turkey. There were no indications of the content being unavailable to Turkey on the Store page. - Microsoft Store did not ask me if I am from Ohio, I never said I was from Ohio. I regularly use VPN for personal reasons, unrelated to this matter. I did not use VPN to make Microsoft Store think that I am from Ohio. Microsoft Store itself may have falsely assumed that I am from Ohio, and granted me the right to watch a content for free. It is Microsoft Store's fault for immediately assuming my location from the way I connect to the Internet.
If my guesses are true, then Microsoft's Microsoft Store is the culprit for being overly presumptuous about my location, not asking me for approval, hence not putting me responsible, and giving me free access to some content as a result. I may not be put responsible for Microsoft's presumptions that I haven't approved.
I agree. It's very likely that, by using a US VPN, you circumvented geo-restriction in the Microsoft Store. You could test that by creating another Microsoft account, under a fake name, using a commercial VPN service with a non-US exit. Then try to get the Dragon Ball Z episode from Microsoft Store. If you need help, feel free to email me.