549 comments

[ 4.2 ms ] story [ 325 ms ] thread
One very good reason to regularly download backups of gmail inbox, and if possible simply stop using it eventually.
POP3 for the win!

(unlike IMAP, it only downloads things No way the server can tell the client to delete something)

And be as independent of google services as possible.
I seem to remember a website that helped people "de-google" (something like that), where it listed self hosted alternatives, or other cloud services with better customer service track records.
Yep after reading a very similar story a couple of years ago (Google account closed and no recourse given) I’ve migrated all of my important accounts and subscriptions away from gmail and into an email address associated to a domain that I own. Now Gmail and Outlook.com are only used for spammy stuff that I don’t care about
Any good tools for automating this that are already out in the world?
gmvault
It stopped working earlier this year, due to OAuth API changes by Google, if I'm not mistaken. Or did you manage to get it working?
What's the point of Google Photos if I've to keep backup. They may choose to lock me out and I've lost all my memories.
Never rely on a single cloud service for your backup. Always backup to at least one independent place such as a local hard drive or another cloud provider.
This. I suggest iCloud, Dropbox, Lightroom, OneDrive, or Ever. I often take advantage of “free trials” to upload all my photos to these services periodically. Once your free trial expires you can’t upload more photos but they hold onto the existing ones indefinitely.

I also use a NAS device (cheap!) and a lifetime Plex account for my viewer. Only iOS “live” photos are inconvenient to back up anywhere but iCloud so I don’t take many Live Photos.

Google Photos is not a backup system. It’s a place to host photos in the cloud. You need your own backup somewhere else.
I have all of my photos in a RAID 1 at home, and I regularly "rclone" all of them to Backblaze B2. I have all of them inside Google Photos because that's how I view them, but I don't consider it to be a backup. It's just a much more convenient way to access the photos from many devices, and share them with friends and family.

Apart from that, I keep a Google Takeout archive the same way (RAID 1, B2)

Don't keep your photos in only one place if you care about them, even if that place is Google.

Google Photos is a handy worst-case backup for your photos, but it's not magic and you really need to keep another copy somewhere.

Any backup recommendations? Gmvault stopped working earlier this year, and for multi-gigabyte accounts via a connection that is prone to get interrupted every once in a while, I couldn't find anything that seemed as simple and robust (Gmvault allowed incremental backups, tolerated disconnections, ...).
Google Takeout.

I used to use offlineimap and as far as I know it should still work...

With all that GDPR stuff we have now shouldn't they actually be forced to let you download all your data in a simple way? I don't use GM for anything relevant but I'd totally abuse the "get my data" thing to backup stuff.
If you're using Mac, you could try https://thehorcrux.com/

Disclaimer: I'm the developer.

I'm surprised you managed to get the Copyright for 'Horcrux'. Did you have to licence it at all?
Hmm, I don't see "Do you have to destroy another email account in order to set it up?" on the FAQ list. I suppose, arguably, a user would be impelled to use the service by witnessing the destruction of an account near and dear to them, perhaps enough to split their soul...
I don't think there is any copyright on mere names of fictional objects (e.g. Palantir).
IANAL but with my 10 mins of googling I've found the following:

* Items/characters cannot be trademarked unless they are the source of goods or services (so therefore this service would have the right whereas JK. Rowling et al wouldn't) [1]

* Items/characters are copyrighted when featured in a copyrighted piece of fiction (which Horcruxes are). [1]

* JK Rowling et al are crazy litigious [2][3]

* JK seems to endorse/praise fan collections of stuff, but the team come down hard on people trying to sell that commercially. [2] That does, however, seem to be for publishing books eg. fan fact books.

[1] https://corporate.findlaw.com/intellectual-property/protecti...

[2] https://www.legallanguage.com/legal-articles/harry-potter-co...

[3] https://en.wikipedia.org/wiki/Legal_disputes_over_the_Harry_...

I was talking specifically about item names, not items / characters as a whole.
How is that different?
> One very good reason to regularly download backups of gmail

And anything else you care about.

People were bad at backing up local data, but what they're worse at is backing up data that is in someone else's hands ("cloud").

Recently I was listening to a tech podcast (Tweakers, Dutch) and they discovered how dependent the presenters were on Spotify for their entire collection of playlists and library that they spent lots and lots of time gathering and curating. The reason I don't have this problem is because I already had this problem: Grooveshark happened to me. My music was all on there, including custom mp3s that I pulled from Youtube. So after spending some time importing all of that to Spotify from memory, I used the API calls to export my data from time to time. These days, people have it easy: just run a GDPR export from the Spotify website. (That reminds me, I should still email the guys at Tweakers.)

I guess I also grew up with data loss more than average. As someone who wrote code from ~12 years old, but who didn't understand the rest of their computer well enough to take proper care of it, the family computer guy had to reinstall it a bunch of times and I lost data every time for different reasons (he also didn't really give a damn). And I overwrote an external hard drive once when I thought that backup software would just put the backup there, not clone the disk. And 000webhost cancelled my account one summer. And a hard drive died, then (I actually had a backup!) the backup hard drive was accidentally destroyed by my little brother. In that summer, I lost all code, school documents, game save files, browsing history, chat history, nearly everything I ever did digitally. Taught me a thing or two...

Shouldn't you make regular backups of your emails anyway, whichever alternative to GMail you use? And then what do you gain by switching in practical terms?

I do find these account suspensions terrifying. It's the biggest issue I have with using GMail, but I treat it like any very low probability event of shit happening to my data.

This is rather harsh punishment.

Do note that if the poster had some apps published on google play those would be gone too.

And work accounts could also be banned by affiliation I believe?
Sounds like some trolling to me, especially since he can't produce the email. If Google was actually doing this they would have emailed other NewPipe users, not just this one guy.
Does Gmail give access to your emails when your Google Account is suspended?
Under GDPR, they legally have to if you request it.
Not to be that guy, but do you have anything to back that claim up? I'd love to know if it's actually true or not; it seems like GDPR is often used as a catch-all magic wand for "I want my data therefore the company has to give it to me", but I'd love to know if it actually applies in the case of a terminated/suspended account and/or an account found to be in violation of the service's terms & conditions.
Ctrl+F for my comment above to see how they won't give you anything in response to a GDPR request.
No, they'll delete the data and say they have none.
I find it perfectly plausible that Google would suspend someone's account arbitrarily. Even if it's not true, it is a reminder that Google can and will suspend your account and fuck up your life because of some algorithm, and you should probably do something about it.
The most likely scenario to me is that Google did suspend the account, but either this is not the reason, or it was only a minor aspect of the algorithm's decision. People are often bad at figuring out what they did wrong when you send a message explaining exactly what it was, people are hopeless when they get no message at all, which is how these suspensions work.

The assurance that they've used no other apps I put little faith in; I've too often both delivered and received the incorrect "but I'm sure I did nothing else, it had to be this!" claim. We do a lot of things without forming strong memories of them all the time. No offense intended to the original reporter, it's just my experience says that's rarely a highly trustworthy claim, even when trustworthy people make it.

You're exactly right. It's been my experience from community moderation that you can give people an itemized list of things they did that led to a response, and often all they'll take away from reading it is the one item they have a strong emotional reaction to.
I took a look at this user's GitHub activity, and it seems they have been using NewPipe daily. It's not trolling probably.
Their system isn't even likely detecting NewPipe. It is probably detecting signals indicating the ads it serves are being blocked and the user's account isn't a Premium account. Any client that failed to vend the ads (or failed to spoof the ads-vended signals) could trigger this.

(Obvious solution: use the approved clients.)

You can't log in with an account to newpipe though. It is pulling videos off youtube as if it was a browser on the phone.
Has anyone wiresharked its transactions to Google? If it's literally doing it like it's a browser, what cookies or storage API (or other) state is it leaking?
It's all open source. Not sure what info it is leaking tho. https://github.com/TeamNewPipe/NewPipe#Description
NewPipe itself is open-source. It's using the OS infrastructure to make requests (https://github.com/TeamNewPipe/NewPipe/blob/ce17ccad27af0aba...).

One would have to do a deep-read of the implementation of those APIs to know what they might leak (or toss a packet sniffer in the network stack).

This seems like an argument from ignorance. eg. "Well, there's no evidence to support this hypothesis, but it could be x (no proof given), so unless we look into x, we won't know for sure".

Using the system browser or webview doesn't send any user identifying information (other than device type and version) in http requests. There's no plausible reason why using the download manager API would do it either.

I'm not sure I'd call it an argument, but the ignorance part was right (note upthread this began with a question as to whether anyone had attempted to packet capture on what NewPipe is sending in a session).

There isn't evidence other than the user in question's account apparently got banned and they claim to be using NewPipe. So it's one possible avenue of further investigation if one tries to figure out how Google would even know to ban a user that was using a tool that allows connection to YouTube anonymously.

If Google PlayProtect is enabled it'll be aware of the NewPipe app on the phone or any other Google components may track its usage. Alternatively Youtube could detect the newpipe usage on their end and cross check with the client IP adress collected via the regular YT app. It's certainly possible to detect it.
Google does not care about one user not seeing ads. It isn't worth even 5 seconds of an engineer's time.

But if that guy built a custom build of NewPipe that did a million simultaneous downloads, and that impacted service availability for other users, that would make Google ban him.

Entire lives are wrapped up in Google accounts! They're used for administering other accounts, taxes and payroll, subscriptions, keeping in touch with family, photos...

This could easily ruin someone's life.

What the fuck, Google.

We seriously need to break this company up into its constituent pieces. This is beyond unacceptable.

I wonder how decentralized Google accounts were before the Google+ unification process. Funny that management of that project is still having long lasting negative affects!
This is one of the reasons why I ditched google, especially gmail a few years ago.

Yandex, pretty decent email web interface, and I can have my own @domain.com emails for free, if I ever need to move away from Yandex I can do so without telling everybody I "changed my email".

But I doubt Yandex will ever "inspire" me to move away form them, I think they dont even think of me at all, unlike Googles algorithms.

I pay yearly for G Suite to avoid this issue by using my own domain instead of @gmail.com. If I ever had an issue I can change my email provider (also backup email regularly using Takeout or in the past using offlineimap).

Unfortunate that it’s necessary but I think it’s a good idea for everyone who can.

Do you use Google Drive or Docs to store anything critical?
How does G Suite help here? If you've just got your own domain, you can do the same thing without G Suite.
I presume he wants to use the gmail tools.
I realize I've never checked if my Android GMail app supports using my other address as the From address. I guess it doesn't.

I don't use GMail's web interface but prefer an actual mail reader which has no problem with using a different address. Maybe I should use an IMAP mailreader for GMail on Android as well.

You have to use the Gmail web page to set it up, but it is possible to use the Android Gmail app to send from non-gmail accounts. The 'From' field becomes a drop-down allowing you to choose from the accounts you have set up.
I'm assuming to use all the google apps like Gmail. But in the case that Google suspends you, you can redirect your mail elsewhere and not be locked out from any other accounts.
The person in the bug post lost access to their email address. Just think of how many services you have tied into your email address. How many of those accounts would allow you to recover without email access?

By having G Suite and your own domain, you get to port that domain to another email provider if something bad did happen with Google.

But how is that different from simply having your own domain and sending email for that domain to your GMail box, and redirecting it somewhere else once you need to get rid of GMail?
But how do you send email from your domain? Last time I looked (a few years ago admittedly) you could set a reply to address but your email still clearly came from your gmail address.
I'm not using GMail's web interface. My mailreader (Apple Mail) allows me to select from which address I'm mailing.

Admittedly this doesn't work from my mobile GMail app, but I don't send a lot of work-related email (which my alternate address is for) from my smartphone.

Admittedly I haven’t used gmail for years now but from what I remember when I used to do this this is half right. If you change the From address in gmail, it will add a ‘Sender:’ header with your gmail account on it. Some clients will show that combination as the email being from ‘X on behalf of Y’ where Y is the from address and X the sender address and some will send replies, especially bounces, to your sender address. It may also set off some spam traps. I think it might also have required some form of verification that you have access to the address in question.

If you want to send from a different address without the sender header being set to your gmail account, I think you have to have Gsuite.

I just looked at the headers from some emails I sent this way. My gmail address does not appear there and both the <From> and Return-path are my domain address.
Thanks. Looks like they fixed this quite a while ago and now either you can verify an account after which it will accept your From header (and the web and app UIs let you select that) or, if you haven’t verified the address then if you send an email through their SMTP servers it will rewrite the From as your gmail address and sets a new X-Google-Original-From header to the address you put in the email originally.
I just tested it and it does work from the Android Gmail app.
How? I just checked and couldn't find it.
You have to have added the other email addresses from your Gmail web page first, under Settings, Accounts and Import, Send Mail As. It will ask you for the server address and credentials etc.

Then when you compose a message from either the website or the Android app, your From address is a dropdown containing the addresses you set up.

https://support.google.com/mail/answer/22370?hl=en

I have it set up so that Gmail sends the mail through my domain's server. The <from> field is my domain address, and my gmail address does not appear anywhere in the header.

I've had it this way for a long time, but I believe it was optional and it's also possible to only read the mail from the domain but send it via gmail.

If you have GSuite you@yourdomain.com is your gmail address. yourdomain.com's MX records will be pointed to Google.

This is different to the various techniques, such as IMAP/POP and forwarding, used to get them@theirdomain.com email (actually hosted elsewhere) into a theirgoogleacct@gmail.com mailbox

The biggest thing you're missing out on is Gmail's spam filtering.
If you get a lot of spam, you can always use something like SpamAssasin.
You can't afford the Lamborghini? Here, try this Fiat Panda. They're both Italian cars!

Hyperbole but not by far. Google's filter is trained on billions of messages a day, tuned by their own systems and by other users. It's the single best selling point for hosted email. Nothing compares when you've got that sort of volume.

I've had about three spam come through in the past year and they've all been personally addressed, non-bot but unsolicited marketing emails. I have three catch-all domains in this account.

We used to run our one domain through a passthrough service (at the cost of hundreds of pounds a year). Gmail was always right, easier to correct and by the point you're paying per-user (not per address), much much cheaper.

But you still lose access to your entire life up to that point.

Sure, you can start to rebuild without changing your email address, but it's no less catastrophic when you get locked out.

Another assumption might be paying for Google services warrants better support in case of an issue.
I used the G Suite basic account in the past ($6/month), I was able to get a support ticket responded to within 24 hours. The issue got resolved by someone before their support team responded to me via email, but I was still happy an actual person got back to me.

It's been said many times before, but it's best to pay for stuff, even (and especially) when you can get a good product/service for only ~$5/month.

You normally have an admin super user account as well as your normal one. The admin account can do anything to the normal account. Also has access to support, which is pretty quick.
Can you expand for a scared dummy like me? Is your email infrastructure currently a gmail backend that you can hot-swap with any other provider?
If you have your own domain name for your email, you can point it at any host's servers. Google in the case of Gsuite or Fastmail or Pobox or anyone else.

If you have regular backups, all you have to do is change a DNS record to switch to a different provider and you shouldn't lose any email in the process.

This is what I and many others do. I have had the same email address for ~20 years and have had it hosted on at least a half dozen providers over that time with no loss in data.

not the person you're responding to, but I have G Suite and I have my domain pointed at Google for mail. If for some reason Google came down hard on me, I could login to Namecheap and setup email to be handled by another provider (Microsoft, ProtonMail, whoever). So if someone emailed me at my email address, the only gap I risk is between the last time I read my emails and when I setup the new provider. Added bonus, "forgot password" on various sites will continue to work at this stage and I don't have to mass email people that my email address is now name@domain.tld.
We should be able to port emails like we are with phone numbers. Keep your @gmail.com address but host it with another provider.
> We should be able to port emails like we are with phone numbers.

We already have that if the e-mail address was "yours" to begin with, you can buy domains and keep using e-mail addresses pointing to them, moving to whatever e-mail provider you prefer this decade.

From a consumer perspective the phone number model is much more usable though. You buy the service from a carrier but you can still keep your number when you change carrier due to it being regulated. No need to buy phone numbers separate from the service.
And what do you do with the hundred of millions who have all of their accounts tied to a gmail/...
Those hundreds of millions of users would not switch providers anyway. Breaking protocols that lasted for decades for the sake of achieving nothing seems like an ineffective reaction to stupid corporate policies and a total lack of customer support.
Nonsense.

You have no ownership claim to the domain gmail.com. You are merely renting it, and for free no less!

Stop acting entitled. If you want ownership, the option already exists, and it’s easy: get your own domain.

That’s yours to keep and manage as you see fit, with Gmail a possible service attached to it as you see fit.

You're speaking from a position of knowing how the technology works and understanding how difficult this would be to implement.

But your attitude seems to convey that you find this behavior acceptable.

The majority of people don't have the tech know how to do what you're saying. Are we to leave them unrepresented and vulnerable? How many other people has this happened to that haven't been able to file bug reports on Github?

The solution here isn't a fine. Companies just laugh at those and continue on with business as usual. The real fix is to take Gmail (and the domain) away from Google.

I'll be voting for legislators with the nerve to do this.

> You have no ownership claim to the domain gmail.com. You are merely renting it, and for free no less!

Irrelevant, and also true of phone numbers (not accounts, numbers).

> Stop acting entitled. If you want ownership, the option already exists, and it’s easy: get your own domain.

You and I can do that easily. Doesn’t mean other people can. Division of skills and focusing on what you’re good at is a foundational principal of our global economy.

On the other hand, making a thing available at below cost so as to push the competition out of business sounds to me like an “unfair monopoly”.

I must assume that you built your own cell phone, erected your own service towers, wired them to the rest of the grid, and have service agreements with other providers allowing you to connect @josteink's homegrown phone network to everyone else.
How is a natural monopoly comparable to a free email service that you have a million alternatives to?

No one is stopping anyone from paying Fastmail or using a slew of other services than Google, other than people’s unwillingness to pay for things.

What natural monopoly? I have a choice of mobile phone service providers, so you can’t have meant that. If any of the phone companies had made themselves free, I’d ask if they really had a viable business or if they were instead trying to undermine any potential competitors in order to create a monopoly.
The US has 4 mobile network providers. Sprint is useless, Tmobile is okay in certain areas, but really, the 2 with nationwide coverage are ATT and Verizon. In my experience, Verizon coverage is more solid than ATT, but in general these are the 2 networks that provide the most comprehensive coverage.

A natural monopoly exists anywhere there are extremely high infrastructure costs, such as running pipes and wires to every home. The same thing exists with mobile networks, as it requires towers everywhere.

The towers can usefully overlap, in a way that pipes and cables don’t, so I disagree with you about it counting as a monopoly.

And that’s without roaming, which I don’t understand, as it means I have cheaper mobile minutes/texts/data in the USA and Germany than most locals.

Is there a way to get your data out if your account is suspended? In the very least there needs to be some recourse and a way for users to export their data if their account is suspended.
If you live in the EU you could threaten them with GDPR, also you have a right to not have decisions made by algorithms without recourse. If you live in US you are pretty much fucked.
GDPR requires them to answer your request within 30 days. They are allowed to give you your data as it appears when they process your request.

Google's policies, as required by their privacy policy, are to delete all data associated with a suspended account in 30 days.

That means any GDPR request submitted after the account is suspended will be responded to on the 30th day, and the response will be "we hold no data about that account".

That doesn't sound like it would survive a fight with an Information Commissioner.
Note to self: bombard google with GDPR requests so i have monthly backups of my data.
Joking aside: You can schedule automated backups every other month using Google Takeout.
By scheduling you mean schedule a reminder to do it by hand?
No, it actually supports automatic backup and can also upload to third party services like Dropbox.
There is an explicit exception to the GDPR for duplicate/unreasonable requests.
It could be arguable whether monthly data requests are duplicate or unreasonable though. Anything more frequently, sure, but 1 month?
Can you access takeout.google.com with a suspended account?
It dePends why the account was suspended. In most cases, you cannot use takeout.

If you are allowed to use takeout, they link you to that on the account suspended page.

I am not sure under GDPR they are “allowed” to stop you.
(comment deleted)
I'm aware of the threat of Google's decisions and moved the bulk of my email onto self-hosted. Quite the learning curve but a valuable exercise. Then I did a takeout and dumped it all into <a href="https://notmuchmail.org/">"notmuch"</a>. I can search old emails in seconds.
Alternatively, one should probably break up one's interface to Google into a personal Gmail account and a professional Gmail account.

I don't disagree that Google could do a better job firewalling TOS violations in one service from blowing up all your interaction with Google, but in the short run, defense in depth.

Until you link them in some way, in which case Google might suspend the linked account too. There are some nasty stories about those things going around.
That's generally true, and the solution is to avoid linking them.

It's a rock-and-a-hard-place problem, since the most common scenario Google is dealing with is criminal enterprises trying to obfuscate their activity behind dozens of "independent" accounts (so of course they have to try unifying accounts). But this is analogous to the scenario one deals with separating concerns when forming an LLC; you keep your work and personal stuff separate, including finances and capital (i.e. don't do work stuff on your personal computer; that's riksing having your LLC status collapse if someone has occasion to sue you).

I've heard from one Android freelancer developer, that he creates pristine VM for new project, uses it via VPN, creates new Google Account, uses it only inside that VM and does not use that VM for other tasks, so there's no correlation between his accounts.
Technically they're already linked - it's an android, it can query the bluetooth mac address, the wifi mac address, the hostname of the device and the serial number / imei / esn of the device.

There's no "unlinking" it unless you manually modify the serial numbers on the device, which is possible, if you have qualcomm diagnostic tools (QPST/QXDM) and are able to communicate to the modem softband directly.

This will not work. There are stories of entire companies being locked out of GSuite because one of the admins got their personal account locked out for a spurious reason.
If ever there was a clear case for breaking them up, it's this. An issue with Youtube should not impact all other Google services you're using. If they don't like people avoiding Youtube ads, I guess they're free to block their access to Youtube. But don't block access to Android, GMail, Docs and whatever.
But YouTube and Search ads are what pays for all of the other services...

If you really want to break up Google, people are going to have to get used to paying for a ton of other services.

I’m not saying this is wrong, but it will come as a shock to many people when they have to start paying for email again (or start seeing ads in gmail again).

Or we could just pay for the infra and host our own, rolling open source into user friendly packages

I mean look around Github: people all around the world breaking through social barriers and norms to provide safe, useful software

Then look at how every tech company behaves

>But YouTube and Search ads are what pays for all of the other services...

Then charge me 1-2$ a month for gmail access... oh wait I already pay for extra storage. I'm quite fine paying if it means that if for some reason I offend them and they decide to suspend my service that I have a window where I'm allowed to exit their ecosystem.

Remove my ability to send email, allow me to receive email and give me a 1 week period to export everything and change contact info elsewhere.

You may want to get a head start while you still can honestly.
> People are going to have to get used to paying for a ton of other services.

I and a lot of other people are fine with that. Patron et al. showed that people are willing to support things they like. From podcasts to open source projects.

The narrative that the only way to have nice things on the internet is via advertisers' money is pushed by the advertisers themselves.

You're in minority. People are buying into the narrative at large scale.
Do you have a source for that? I'd be interested in reading the studies.
If that was true how come people are making living creating stuff with Patron supporters?

Not everyone has to do it, but there is enough of people to keep creativity free from influance ad companies.

I have a few people donating money to me on Patreon so I'm not arguing against that. I'm just saying that the majority does not actually want to pay for things, but that doesn't mean people can't make a living out of the minority that does. That's not the topic of this conversation though (see the line you replied to).
You can pay for it now? The narrative in this thread seems to be that people are being forced to use Gmail against their will, and paid options don’t exist, both of which are obviously false.
While strictly speaking you aren't forced to use Gmail, the reason i gave up trying to run my own VPS and mail server was all the little issues that caused people with Gmail to not ever receive (or receive, but in their spam folder) mail sent by me.
> If you really want to break up Google, people are going to have to get used to paying for a ton of other services.

There's upside to this too: it provides business opportunities. I think it's necessary for a healthy well-functioning economy.

Something like Gmail should exist.. everyone should have free access to a basic web based email service.

However, it shouldn't be a corporate product. It should be a public service, paid for by the taxes everyone already pays and regulated to ensure privacy abuse and productizing of the user base doesn't happen.

This is how things used to be done - when a new technology became important enough to society, it became part of the national infrastructure, everyone was guaranteed access and no one was allowed to profit off of it. That's how the original telephone network came to be in the US.

Gmail and other private services have been allowed to take the place of something the government should provide so someone can make money off it it, and it's open to abuse and inequity. Some services are important enough that not having them makes you a second class person.

Imagine how you'd feel if the US post office told you that you couldn't receive mail any more because you had an unpaid parking ticket in another city? That's not punishment, that's behavior control. Maybe the parking ticket wasn't fair, or maybe it was someone else with the same name as you, or maybe you had a legal, legitimate reason for parking there.

The US government is required by law to treat people fairly and protect them (to some extent). More importantly, public services are (in theory) controlled by the people they benefit.

Private companies are not, and private companies should not be allowed to provide critical services without regulation to ensure equal treatment for everyone and a means to contest the actions of the company for every user.

The US government is far, far behind where it should be as regards updating laws and services for the computer age. It's time to clean out the dusty, old computer illiterate career politicians and replace them with technically adept younger people.

> and no one was allowed to profit off of it. That's how the original telephone network came to be in the US.

This is flat out wrong. AT&T made A LOT of money off this.

Exactly.

And to add to that public telephone service couldn't exist without a heavy public infrastructure investment in telephone lines, and continued support of that infrastructure.

The costs of supporting an email service are probably not great enough that government intervention is necessary.

>everyone should have free access to a basic web based email service. >It should be a public service, paid for by the taxes

No, that would lead to even worse abuses.

Cf the present day Hong Kong protests, and Yellow Vests protests - in both cases, the government would use snooping power to spy on the communications, dragnet style. Anybody seriously suspected of partaking would have the account shut down. Since the account would be "the official one", that would most probably render them unable to access other major services, like banking, judiciary, or healthcare records.

Having a corporate steward of email is one more level of indirection. While imperfect, the corporations do put up at least a bit of resistance against governmental over-reach. Even just the fact of having to create, send & monitor official correspondence to demand snooping & take-downs is slowing down the snooping a bit.

Moreover, it would be highly probable the government would mandate a "real name" policy, or otherwise tie the email service to your offline identity. Cue the abusers by online platforms like Facebook & other advertisers.

Lastly, it's more feasible to compete with corporate services than with tax-paid services. And it's competition that drives innovation, quality increase, and cost reduction.

> Cf the present day Hong Kong protests, and Yellow Vests protests - in both cases, the government would use snooping power to spy on the communications, dragnet style.

The USG has been working quite diligently on that already. I don't think there's any particular reason to believe it can't read (almost?) any email it wants to. Very few emails are encrypted and host-to-host encryption is optional anyway. Various providers that have tried to resist USG secret warrants have just given up because it's not really possible.

(comment deleted)
>Moreover, it would be highly probable the government would mandate a "real name" policy, or otherwise tie the email service to your offline identity.

Big email providers already do that.

> Big email providers already do that.

It's exception, not rule. Even if they want you to give name, it's not something available for others if they only have e-mail address (unless address contains name).

You've got to pay, normally; and usually the options are PayPal (or similar) or bank payment card (eg Visa/Maestro).

In the UK I don't think it's possible to get a credit/debit card without giving up name & address that are backed by ID.

Gmail, IIRC, requires a phone number, which again is tied to your payment account (if you buy it in the UK). Though you could buy a stolen pre-paid SIM, so it's possible if you're not bothered about being legal.

In USA I understand you have pre-pay credit cards you can buy in a shop, in the UK you have to register those (using a phone number IIRC, thus tying it to a supposed real identity) and they're really expensive.

There is huge amount of free mail service, unless you are talking about your own domain.

Even with custom domain, there are some mail providers that accept Bitcoin. See here: https://www.privacytools.io/providers/email/

And, once more: my previous point was that even if providers know your id, it is not public. There is no service you can use to ask what is name of e-mail address owner (I'm ignoring "whois", which is domain-specific, not mail).

I think there exists now a very pervasive and worrying conflation of "public control" with "the government". If you oppose expanding the sphere under control of one, centralized power with no day-to-day responsibility before anyone, I am with you. This is why republican countries were established in the first place. But this doesn't mean that private, feudal and corporate power is the only other option. You can establish institutions that are elected directly by the people, and/or are granted strong legal immunity from demands of the executive branch etc.

Secrecy of correspondence is one of the basic constitutional rights in many countries. And also there is a public postal service almost everywhere.

>You can establish institutions that are elected directly by the people, and/or are granted strong legal immunity from demands of the executive branch etc.

Any example you could name would be highly contested as to validity of the claim.

Specifically, "elected by the people" doesn't grant any immunity by and of itself; you would need a huge public protest or other such expression of public will. You may still be ignored by the media, which prevents you from getting anything done[0]. On the other hand, "strong legal immunity from demands of the executive branch" would take a constitutional amendment; anything less can be rescinded with a simple majority vote or a judicial decision.

>But this doesn't mean that private, feudal and corporate power is the only other option.

You would need to create a very strong legal shield around such institution. Right now the government (particularly the judiciary branch) considers every private contract to be in its purview, with ability & willingness to void, add, or rewrite any and all clauses it considers wrong. Even institutions like marriage are subject to retroactive change of the original terms&conditions. Even the media, with its oversized influence through gatekeeping the political parties & candidates, is still bound by various regulations regarding falsehoods, besmirchment, etc., while at the same time tied intimately to their insider sources. About the only exceptions I can think of is the internal dealings of the churches, and the diplomatic matters [1].

On the other hand, any NGO is subject to the wishes of whoever finances it. Whether it is public donations or corporate sponsorship (or outright corporate structure); whoever holds the spigot of the money gets a say. Another important say is held by the media; with ability to either prop up or sink any NGO or public figure.

As of recent, the social media mobs seem to be gaining the gatekeeping ability just as well.

--

[0] quick examples of media keeping mostly quiet: weekly Yellow Vests protests, Paris, France, 45+ weeks; annual March for Life, Washington DC, US, 45 years.

[1] bit of a stretch, but also the https://en.wikipedia.org/wiki/Sovereign_Military_Order_of_Ma...

>Specifically, "elected by the people" doesn't grant any immunity by and of itself; you would need a huge public protest or other such expression of public will. You may still be ignored by the media, which prevents you from getting anything done

I'd say if you are an institution established by public law, you don't need expression of public will for your normal operation. Or you need it to control you, not to affirm you. You just exercise your legal powers.

But I agree that my comment was abstract, and by the pervasive conflation I mean not only in common perception, but also in practice. What I have in mind as positive example is Tocqueville's "Democracy in America", or perhaps Switzerland as states deeply amalgamated with their populations. Anyway, if someone is strongly pro-government or pro-corporate, it's in their interest to present those as binary options. I think this should be opposed in principle, whenever possible, even if the present state of Western democracies is not that great.

I would gladly use a US government sanctioned e-mail service. The US government and its allies already have access to Google data should they desire.

I just would not use it for everything (not for criticizing the West; for that you could use a Chinese or Russian e-mail service). They can already snoop all the metadata anyway.

If it's paid for by taxes, then it's not free. The cost is just hidden.
and distributed in a progressive manner

and run without a profit motive

If it takes taxes from some other BS, like military spending, it is practically free.
I don't know why you'd be downvoted. 60 percent of the national budget goes to military.
No, it doesn't. Slightly less than half of the discretionary portion of the budget goes to defense programs. The discretionary portion is only about 33% of the total budget, meaning defense programs take about 16% of the total budget.

https://en.wikipedia.org/wiki/United_States_federal_budget#/...

(comment deleted)
https://en.m.wikipedia.org/wiki/Bell_Telephone_Company

That wasn’t a non-profit, neither were the first telegraph companies. Monopolies are problematic, private companies are not.

As far as cleaning out “old” politicians — that’s ageism. One’s birthdate doesn’t determine technical literacy.

>As far as cleaning out “old” politicians — that’s ageism. One’s birthdate doesn’t determine technical literacy.

Statistically speaking, it very much does...

Would you bet your money, when age is the only available information, that 1000 randomly chosen people in the 60-80 bracket would have equal or more technical literacy than 1000 randomly chosen people in the 30-50 bracket rather than less?

Didn't think so.

A lot of -isms correlate strongly with statistics. That doesn't make it okay.
Being true trumps being OK.
I figure that the problems with •-isms are mostly when: a) there is antipathy against a group, b) one falsely infers a causal connection from the membership in the group to the thing, c) or the •-ism otherwise causes undue harm to members of the group in some other way (I guess this option is just a catch-all to make me not wrong, which suggests that my splitting things up in this way may be a mistake.)

We acknowledge that infants do not have the capability to competently vote, yeah? We have a minimum voting age requirement, which shows that we don’t find all action based on correlation with age to be illegitimate.

I think I am probably forgetting the original context.

Suppose that you are running a class at a local library on how to use some software, and you intend for it to be accessible whether or not the people attending have some specific background knowledge, but it is easier and faster if they do, because you don’t have to explain the background first. Suppose you also have a note sheet that you give out for them to take home in case they forgot any details. You actually have 2 versions of the note sheet, because one version also includes an explanation of the background information, and therefore takes more pages of paper.

Every time you run this class, you find that some of the people attending need the version including the background information, even if all of them are young, but you also notice that people over a certain age are statistically more likely need the longer sheet.

Therefore, when you know that a particular session you are running has a greater than average number of people over that age, you print more of the longer version of the notes sheet. Have you acted wrongly in doing so?

Is doing so “ageist”?

I don’t think so.

I would imagine in such situations, that the people with the largest amount of background in the topic would likely also skew somewhat older, at least for some topics.

But, seeing as I forgot the context outside of your comment itself, probably this hypothetical is quite unlike the situation in the context.

Edit: Ah, the context was politicians. Ok. Idk how to apply this to politicians.

I suppose I am not especially concerned for the individual politicians’ interests, as, aiui, politicians in the US tend to be fairly well off, have enough savings to retire, etc.

Therefore, the goal should be primarily based on how the choice of politicians impacts the rest of the populace.

There may be issues where a way of choosing politicians could cause or reenforce harmful stereotypes that harm other non-politicians?

(comment deleted)
>Imagine how you'd feel if the US post office told you that you couldn't receive mail any more because you had an unpaid parking ticket in another city? That's not punishment, that's behavior control. Maybe the parking ticket wasn't fair, or maybe it was someone else with the same name as you, or maybe you had a legal, legitimate reason for parking there.

I agree that it's draconian and goes too far but government very commonly screws people over over minor things by using monopolistic behavior like this and there are many people (including many people here) that endorse it when it (dis)incentivizes something they want (dis)incentivized. Point is this behavior will not go away if you have a public email provider. The list of triggers just becomes different. What Google doesn't like is different than the US government doesn't like is different than... you get the point. You may at least get due process though which would be good but the fundamental "this person has offended our organization so we're gonna screw them every way we can" behavior won't change unless society demands it.

edit: I'd be interested to hear why everyone finds my opinion so disagreeable.

(comment deleted)
I'm interested in this idea. How could something like this exist and be structurally independent from the USG to avoid all of the good points in the comments below this post? And while I think they are good and obvious concerns, they don't exclude future thought on the subject.

But what would this take? If there were municipality-owned servers that allowed for basic email how could abuse be prevented? Make it an open source project with public inspection allowed to prevent abusive manipulation of data? E2E throughout the system? What would this take? Someone has to have thought about it before.

What would it take? Too much work to make it a net-positive outcome. Plus, fewer people use email, and it will eventually become an anachronism.

Better would be a standardized, secure public service to store and retrieve data on top of which any protocol could be built.

Once people own and control their service data, lots of things will become decoupled.

> Better would be a standardized, secure public service to store and retrieve data on top of which any protocol could be built.

Sounds like a good idea. Do you know if any public entity has made an attempt at this space? I don't even know how to begin a search for this kind of work let alone if it exists.

I have a friend who’s trying to work with state governors (in the USA) to establish a block-chain where each state hosts one node of the network. But, I haven’t keep current with what he’s doing.
> everyone should have free access to a basic web based email service.

What if you could get a free email account through your internet service provider... oh wait.

That's not so great when you switch ISPs, move, etc.
It seems that a lot of problems regarding email involve a lack of transferability between providers, and I don’t think that having a government-run mail provider would adequately solve that.

Instead, maybe an extension of existing mail protocols to allow for updating address information would be better - for instance, mailing a deactivated address would give a special response announcing the change in address, so that information stored about addresses can be updated without user intervention.

Any thoughts on this?

That would be great, but it would suck and everyone would hate it. Also, you have merely traded the big corporation devil for the government devil. The best compromise is to have the market decide on the platform (for quality control) with some government oversight (to keep abuse in check).
> Something like Gmail should exist..

Something like Gmail... I'm not sure if you mean by this; a multi-billion dollar tech stack built by the leading internet company in the world, securing exabytes of data for its customers with redundant backup, provided in hundreds of countries (and languages?), hosted across dozens of data centers, offering easy access through native apps on every dominant platform, with 5-nine availability,...

> [E]veryone should have free access to a basic web based email service.

There are two issues here, first is internet access and second is services available via the internet.

I think it is a great ideal to state that everyone in the world should have the ability access to the Internet in some form, with the ability to benefit from the online learning and communications tools it provides. Governments should use tools like spectrum licensing, and eminent domain to promote fair and equitable infrastructure deployments which provide reliable high speed access at reasonable prices to their entire population.

I disagree that government should outright purchase internet access for its citizens. The market for internet access is fairly anti-competitive already, government subsidies for specific levels of access work out poorly in practice, and tend to provide substandard service at above-market prices. This means the taxpayer loses and the citizen getting subsidized access loses. It works out better in theory and in practice to ensure your population has good paying jobs and can decide how they want to spend that money, including, whether they spend it on phones or laptops with LTE or wired internet access, which service provider they use, etc.

As to "free access to a basic web based email service" -- and to be sure, there's nothing "basic" about Gmail at all -- the amazing thing is that there are already a plethora of choices that netizens can make when setting up an email account, and many good free choices. Each of these free choices are usually subsidized either by paying customers of a premium offering, advertisements services with the email, or other services that the company offers.

What's great about this model is that companies are competing to provide the best possible email interface, at the lowest possible infrastructure costs to them, and attempting to offer such a great experience that they can ultimately convert those users into more frequent [paying] customers.

Practically everything about this model breaks down when you try to have "the government" provide the service.

> Gmail and other private services have been allowed to take the place of something the government should provide so someone can make money off it it, and it's open to abuse and inequity. Some services are important enough that not having them makes you a second class person.

Gmail and other private services paved the way by spending their hard-earned R&D dollars to innovate and invent new delivery models for these services. To be sure, this was a public/private partnership at the most foundational level (ARPANET) and it has grown to be perhaps the crowning example of what private industry properly supported by government research and hands-off regulatory approach can achieve.

> Imagine how you'd feel if the US post office told you that you couldn't receive mail any more because you had an unpaid parking ticket in another city?

That unpaid parking ticket will mean, in many jurisdictions, that you cannot renew your registration or your license, which means the day will come when you cannot legally drive. That's the thing with State control of critical services; the day always comes when they will use a big stick to make you comply with their demands, or they will take those services away.

Private communication infrastructure must never be directly provided by the government, most especially. I'm sure you've heard of PRISM, or how a secret court allowed th...

The USPS wanted to provide a registered email to people back in the 90s, and was prevented by Congress.

The USPS or some similar highly-regulated corporation could easily provide basic email, banking, etc.

That, or we should start regulating email providers since it's no longer rocket science.

> everyone should have free access to a basic web based email service.

Everyone with internet access already has free access to email and to any of several basic web based email services [1], but, to get that free access the owner has to be willing to host their own email server on their own infrastructure.

Email (as in SMTP email) is one of the original free and open protocols of the internet. No one is required to have 'google' to have email, although a lot of people prefer to 'let someone else handle the plumbing', which is ok if they understand the ramifications of that choice.

Note -- I am deliberately ignoring the sad fact that SPAM has made 'running their own server' much more difficult than it used to be for many. But a lot of that difficulty stems directly from allowing a single giant corporation to hoover up too much of the service, such that the single giant corporation has gotten big enough to start dictating terms to everyone else who is not part of their system.

[1] some examples (note: just found these via a search, no suggestion of good/bad is being made, just the availability for free):

    http://squirrelmail.org/
    https://roundcube.net/
    https://www.zimbra.com/
This link: https://www.slant.co/topics/1460/~best-self-hosted-webmail-c... claims to reference fourteen clients.

This link: https://www.jotform.com/blog/10-ajax-webmail-clients/ lists ten (some overlap with items above).

It's really not possible to run your own email server and guarantee to get MS to accept your mail. Even on a well established ISP (yes with SPF, dmarc and such) you can get your mail dropped. Google have been tricky in the past for me too.

IMO it's really not a workable option, the administration is time-costly too.

(comment deleted)
> but it will come as a shock to many people when they have to start paying for email again

I bet people will prefer "need to pay" as a shock instead of "locked out" as a shock (with no option of getting your stuff back). I certainly would prefer the former.

So many false dichotomies in this and the sibling posts that follow.

Email existed before Google. The email services didn't all used to be owned and controlled by giants. Remember Hotmail and Yahoo Mail?

Email doesn't have to be a Government-provided utility service as another poster claims. It doesn't have to be free or paid. The market will make it work.

Just don't let Google operate it.

It's a simple narrative.

Speaking of false dichotomies...

Google doesn’t “operate” email. Gmail one email service among many, that people can choose to use or not. Yahoo Mail is still an option.

I think this distinction is a bit blurrier than you suggest. For my personal email I pay for and use Fastmail. I think it's a wonderful option and I'm more productive in it. However, when starting a new company recently, we ended up use Gmail because it's required for many SaaS tools. Sometimes you can use something other than Gmail, but it's painful, and in other cases you really can't at all. And that's before you get into the ancillary services like calendar and contacts -- very few tools working with either support either CardDAV or CalDAV.
I'm genuinely curious, what SaaS tool requires Gmail?
YouTube doesn't pay for anything. YouTube is not profitable.
Not True, Google is living in Tax Evasion heaven. Their company is so big that they can hide YouTube as one company registered in the US and ADs is some tax haven. You only pay the taxes that you want and can never be regulated. Being Free is not worth considering the amount of crap that they do.
I see ads in Gmail all the time
>it's this

Its not yet known whether its true or not. There are no proofs in the github thread. He could at least post his google email so some google employee could check since this thread got heavily upvoted

Yes, an unsubstantiated claim by one random person trying to circumvent a company’s revenue model is definitely reason to break up that company.
You definitely shouldn't be using the same account for all these things. Split into at least work and personal accounts.
on separate phones :)
May not help, Google associates accounts together: https://www.reddit.com/r/androiddev/comments/b2ztr0/google_t...

So make sure you never access them both from the same computer, phone or IP.

The association is generally limited to recovery email and phone numbers.

In the case of AdWords, your billing address is also a linking factor.

In the case of Google Cloud, being Owner of the same project or organisation is a linking factor.

In the case of Google Payments, using the same bank details is a linking factor (also applies to GCloud).

Even if that's the case they may change it with some new ML/AI solution in the future. Then run it retroactively on past data.

That's the thing, you have no control over what Google does and little recourse once they do it.

(comment deleted)
It's entirely possible the banning had nothing to do with NewPipe. No other NewPipe users seem to have had this issue. But of course it's fun to yell at Google.

We know nothing about this person. Isn't it very possible he was actually violating Google's terms in some way?

With so much tied to a Google account, there should be some means of dealing with it. With this person being in Finland, they should have some means of at least extracting all account data thanks to the GDPR or other protection laws.
Except that, if your account is cancelled, the datas are deleted (or should have been)... so there's nothing to download, even from a GDPR point of view.

So the probleme to be able to use that GDPR feature... is to still have an account

I find that to be a possibility too. If none of the other newpipe users in the thread got suspended for "using 3rd party app outside of Play Store to go around Youtube ads", chances are newpipe isn't on the app blacklist.
It might also be possible that someone was violating terms while imposting as the user in question using snooped access tokens or whatever. There won't be a trial where the reason might come to light.
As has been proven by other companies recently, so long as there is a "catchall" clause in the terms, anything you do has the potential to be against their terms.

All you can ever really do is hope to not be caught up in something Google (or its bots) considers "bad".

EDIT: A few catchall terms from YouTube's TOS:

"YouTube may, in its sole discretion, modify or revise these Terms of Service and policies at any time, and you agree to be bound by such modifications or revisions."

"You agree not to access Content through any technology or means other than the video playback pages of the Service itself, the Embeddable Player, or other explicitly authorized means YouTube may designate." (There go all New Pipe accounts)

"YouTube reserves the right to discontinue any aspect of the Service at any time."

"YouTube reserves the right to decide whether Content violates these Terms of Service for reasons other than copyright infringement, [...]. YouTube may at any time, without prior notice and in its sole discretion, [...] terminate a user's account for submitting such material in violation of these Terms of Service."

There is also no proof (screenshots/etc) that this user is actually suspended, and not just random trolling.
Violating terms or not- it's still a lot of power for Google to hold over a person and there should be some consumer protections for this.
I just discovered a mission critical bug in their 2FA flow as well. Gist of it is if you switch phones, verifying the new number, it still prompts to the old number. You cannot login to update to the new number, without the old number. It then locks you out of your account for hours.

The kicker is I am authenticated on the new phone! But cannot make changes because of the 2FA bug. So at some point, randomly, it decided to revert to an old phone number. Even though I am certain I disabled it!

I feel even submitting a detailed report, it would take quite a while to pierce the layers of bureaucracy and come into contact with a technical human that can diagnose and understand the nature of this issue ;(

This is on purpose, otherwise anyone can just register a new phone including an attacker.

In these contexts, you should have a recovery mechanism in place such as recovery codes or a recovery email.

Maybe stop using google at all?

"The web"'s future mustn't be about corporations and centralized control of information, but rather decentralized (or even better, distributed) systems with freedom of speech and freedom of information exchange(a.k.a everything done on the internet)in mind.I would say privacy at upmost priority as well, but this is obviously impossible for some services/products.

People who are so vehemently against this and still use google(or any other monopoly corporation for that matter) products need to be called out.Just because it's convenient doesn't mean you should do it,especially when you know how for-profit corporations work and operate.(Google is one whether we like it or not,even if they contribute to open projects,their profit ramifications outweigh their effort/money poured into these open projects).

Alt-tech is possible, alt-education is possible.We have a massive opportunity to change the hierarchical way of computing and flow of information yet we still do it because "it's convenient".

And i'm not delusional, people who know about these are in the very minority,but i would say it's our "duty" to at least inform others that are not aware of the potential abuses and how hard their lives can be impacted by choosing convenient.(at the moment anyways).A centrist position will stagnate at best the centralization of power. If this sounds very "anti-profit" and "socialistic" speech, it's really not.We should just consider the value of our information and whether we really like essentially "selling ourselves" because it's the easy path. If one decides they would make the trade, so be it.But at least people should be informed about the data-mining possibilities of our tech industry.

It’s not just TOS violations... I can’t get into my google account because they locked my password and don’t recognize any of my current devices. The account isn’t even suspended, they just have no support team so I can’t recover my account in any “algorithmically approved” way.
Btw. what usually works is just giving them a phone number, ideally a number that is associated with with one gmail account that is still in good standing.

Which of course completely defeats the "security" of this "security feature", but that's probably not the point of it anyway, they just want your phone number for meta data collection.

Unless you use Google Fi and get locked out of that, too, I guess?
It is possible to not use google for payroll, subscriptions and keeping in touch with family. That people allow Google to have prongs in every aspect of their life — that’s on them. Just because Google enables you to put all of your eggs in one basket doesn’t mean you should.
I don't disagree but it's not just Google. Apple is doing the same thing. In fact agressively with their new login system that they require that if you support any 3rd party system you must support "Sign in with Apple"

https://developer.apple.com/app-store/review/guidelines/#sig...

AFAIK Google has no such requirements for apps on Android.

As more and more people use "Sign in with Apple" it will end up being the same issue. If Apple locks your account they'll ruin your life.

I generally use neither. I don't sign into things with Google nor Apple nor Facebook. The exception is I do sign into a few dev related things with github but only of they are related to my github account (example, Travis CI). I also have my own domain as I learned the hard way in the 90s that losing your email address to your ISP is no fun.

An app that exclusively offers third party sign in.. not all apps. Apple is forcing choice: it isn’t going to allow an app that only allows Google for sign in (and not email.) That’s a win. Apple is saying that you can’t only offer Google sign in. If you allow standard email/password you don’t have to allow Sign In with Apple. Apple says: “either allow normal sign in or, if you only allow 3rd party, then one of the choices should be Apple.

Basically Apple says: you are required to offer choices and you can’t force users to only use Facebook/Google. A big difference and a big win for choice.

I agree that maintaining some independence from a central provider with little accountability is a Good Idea(tm). But Apple is far less dangerous than Google. Partly because you're actually a customer to begin with, rather than just a data source. And partly because there are well-known ways to get ahold of humans at Apple, one of which is to walk into the local Apple Store.
I have been using email and password instead of Google SSO for a while now, never been fan on concentrating so much power on one single company, who just proved to be unreliable.

It's harder and harder, Sign-up UIs are hiding it. Sign-in with Google or Facebook is really the norm nowadays.

I was more thinking of a kind of "Right to keep at least a basic service"... a bit like a kind of GDPR

ANY identity provider (meaning email, facebook, ...) can terminate any account BUT MUST provide a temporary (maybe 1 month) minimum service (maybe only replying to incoming emails for example, with a cap) to allow identity migration out of the platform... because identity can't be owned by anybody.

It doesn't need to apply to ANY website, ONLY to website providing some identity service (like email or auth provider).

And this could be quite a simple law. It wouldn't forbid the website to cancel accounts, only would they have to give enough time and functionalities to properly manage the cancellation and its impact on the user digital life

(comment deleted)
We thought some evil AI would take over the world and make arbitrary decisions that we struggle to undo.

But really humans are happy to do it to each other ...

Google/Youtube love to pretend it was the AI that made the decision when in reality many are made by humans. Companies get away with so much lying.
There should be a law like GDPR that forces them to justify account terminations, provide feedback, and even be sued for doing so, whatever their EULAs saw (and make that part illegal to enforce).
What I find most ironic is that outside of Search, Youtube is probably the least linked Google service to your account that springs to mind. Ban your account? Private mode and/or VPN and you can access YouTube again. Can't get the curated lists thing that your data can provide, but you can still access the site.

Whereas Drive, Mail, etc. are all deeply connected to it. So seems the punitive measure is specifically setup to have the most impact on you. Within their right, granted, but I feel for anyone who shares a device with someone who wants to circumvent ads in YouTube while they're logged in as they could be the person punished for reasons they don't understand.

Why do people give all their stuff away though? It's literally saying, here why don't you control my stuff instead of me. So stupid, I never got that.
I will start migrating all soon, I don't want to be fucked by any mistake of Google
Hey, it's really easy: do not rely on a Google account. There are choices, and it's your decision in the end. Google is actually rather clear in the terms of use that you have no rights whatsoever and that they can use your data for training their algorithms.
CCPA and similar regulations are going to have an effect on at least recovering and restoring your data so it's not a catastrophic loss.

Also after hearing these stories, I keep my cloud accounts as light as possible and use S3 + NAS for actual data.

I got my AdSense account suspension notice yesterday about an game I had built nearly 7 years ago.

Stuff like this are downright scary but there is absolutely nothing we can do. Google is too big to fail now for consumers

Completely agree. Unless Google can assure some amount of access to accounts, even in cases of potential abuse, the behemoth threatens to destroy lives with ever scratch, sniffle and scare that it gets.
If losing access to Google would ruin your life I’m pretty sure you’re doing something wrong. To be sure, many don’t have the knowledge to put in place fallback plans. But if you think that about yourself you really ought to do something about it.
I certainly don't wrap my life around my Google account, most of my important accounts have secondary emails tied to other service providers and other means of contact that Google has no control over (yet).

I'm always amazed at how quickly people jump into these massive corporate product/service ecosystems gung-ho as if we haven't learned anything about large business behaviors (including technology companies) over decades and decades of history.

You should always remember that a business has one goal: to make money for its shareholders. Anything and everything else is a side effect, so if you can forsee any goals you have utilizing a business product/service ecosystem not in direct alignment with a specific businesses' shareholders' interest in profit, then you should hedge your bets and have backup plans if you interconnect important aspects of your life with that business.

To me, this includes career paths which is why it's always fun to see businesses get heavily entrenched in AWS or some other ecosystem when their needs don't even require the benefits AWS actually provide. I'm singling out AWS because that's the case I'm dealing with on current projects at a current employer but it applies to any similar ecosystem.

The issue is that this massive corporations are buying stuff left and right. Google,Facebook,Microsoft are buying things left and right and you are forced(or tricked with dark patterns) to link your Google account with your YouTube account,your Skype account with your MS account etc.

This companies should not be able to suspend your account for everything, if my son broke some TOS rule on my console I should not have to have access blocked to anything except online gaming, my emails. my phone , my apps should still work.

>Entire lives are wrapped up in Google accounts!...We seriously need to break this company up

How about users that don't like the TOS just find another service? I'm perfectly happy with the way things are.

Unfortunately this will not work. Google must stay until lawmakers figure out all the walkarounds company can use and close all the loopholes. One by one, law by law. Or there is going to be another google company stepping the same steps.

But this is just the beginning. Cloud is next, raising prices, preventing people from leaving by crating apis you cant simply rewrite... Mainframe history all over again.

(disclaimer: googless for a decade, once I prediceted where this is going I became completely self hosted, learned to build my own roms without gms etc. Today is much easyer with microg, newpipe, aurora, apktool, ... On the other side, people are less and less knowlidgable as a result of helpers from companies and dependant to them. I am eager to see how this will end)

These huge TOS agreements are akin to governmental authoritarian control. Everyone has broken something in them, we are all a criminal. Knowing this, we all live in fear knowing that it's not a matter of 'if' but 'when' the government/corporate overlord can cancel everything we've been working on or living for because of an obscure clause that no one has ever read, which was created for this very purpose.
Google isn't nearly old enough to have the vast web of cross-contradictory regulations that a government does. I sincerely doubt most users even interface with it enough to risk violating the TOS.
Well, if you accept TFA, all it can take is blocking ads that Google really wants to show you.
I hope I will never have to go to a country that is so badly run that a private, non-democratic company without any rule of law and a customer "support" bureaucracy that could be greatly improved by making it kafkaesque looks good in comparison.
I see this meme a lot on the internet, especially when the US political justice system comes up lately, and it shows just how little our generation and younger care about how government works, is intended to work, and what to do when it doesn't work, the latter point being the most important. Going to social media and complaining, for example, is a good example of what not to do.

The control is only authoritarian if those being controlled by it have no recourse. As applied to governments, authoritarianism has strong central power and limited political freedoms. In the US, we believe in the principles of limited central power, and many political freedoms. (Whether or not this is the situation depending on who you are is the topic of another day because this is how it should be, and the only way it may have become not that is if we have allowed our complacencies to kick in and allow it to happen. I am a firm believer in the concept of "people get the government they deserve in a democracy." ) Ultimately the governmental authoritarian control is beholden to the people and can be eradicated. The only reason we feel as if it can't be is because we have allowed the power to creep up over the years and it seems like an insurmountable mountain, but rest assured if you pick up that pick axe and start chipping away rock by rock you absolutely can tear it down.

Likewise, authoritarianism applied to a corporation implies strong central power, and limited consumer freedoms. This is also patently false in the US. The US has anti-trust laws to prevent centralized control, consumer protection agencies, and the free market. The consumer ultimately always has the freedom to choose another option. If the corporation loses too many consumers, then the corporation goes under. I understand there is a lot of nuance, but this is the basic principles of how things should operate in this country, and the mechanisms for things to operate are in fact there. The question then becomes what are it's people doing about it?

> The US has anti-trust laws to prevent centralized control, consumer protection agencies, and the free market. The consumer ultimately always has the freedom to choose another option.

You had me going until this, nice satire

Hey dude, it looks like you're shadowbanned from HN. Just thought you should know.
Yeah I don't play well to the white moderate crowd.
show me a successful peaceful revolution anywhere in world ever in the history of the world.
Women basically asked for the right to vote, and got it.
Every time there is a change of party in a modern government.

It is so commonplace that we miss it, but one ruling organization steps down and another, often with opposing views, steps up.

Those are called "election". The entire idea of an electoral democracy is that you have them once in a while, so the government stays aligned with the public wishes.
> the only way it may have become not that is if we have allowed our complacencies to kick in

Just wanted to observe that this belief presupposes the US ever lived up to the principles you outline. US history shows that the country has never quite lived up to its touted values.

> ”because of an obscure clause that no one has ever read, which was created for this very purpose.”

I don’t like that OP was locked out of his email.

But besides that, it’s not as if he broke some obscure TOS clause. He actively subverted the company’s revenue model to take its product for free. That’s about as obvious as it gets that you’re risking being blocked from a service.

> He used specialized software to subvert the company’s revenue model and take its product for free.

How is this different than using an ad blocker in the browser?

It does seem similar. If you don't want to see the ads, don't use the service.

I don't use an ad blocker, and if I don't want to see ads I pay for the service, such as with Reddit, Ars Technica, Windows Live Mail, Netflix, and YouTube. Technically, I quit Netflix once they started showing me ads, even though they were for their own shows (general dark patterns were the more significant factor though).

Where do you draw that line though? If I take steps to ignore/block ads that don't involve software -- like muting during ads or flipping the phone over -- am I subverting the company's revenue model? How much do I need to "see" ads?
Right. It's like the slow march towards the future from the fifteen million merits episode of black mirror.
A very good question. Muting a TV seems OK on the surface to me, but only because it is normal to me. When actually thinking about it, I realize that muting TV ads is similar to web ad blocking.

So in principle I would have to say that one shouldn't mute TV ads, or skip them using +10 second buttons. Of course I will not always live my life up to that principle...

> It does seem similar. If you don't want to see the ads, don't use the service.

That just doesn't make sense. Not using their services has zero advantages compared to blocking ads. But by using them, you raise their costs, making their business model less viable.

> I don't use an ad blocker, and if I don't want to see ads I pay for the service, such as with Reddit, Ars Technica, Windows Live Mail, Netflix, and YouTube.

By paying for services, you show that you have disposable income. You cannot escape ads that way except in the short term.

pretty sure even with my adblocker, I still see the "watch 5 seconds and skip ad" ads. May've configured it that way, not sure, been a while.

But to your question, if the ad blocker is subverting the company's revenue model and they can detect it, you risk the company blocking you. Per the Issue, it looks like the service that is there to scan for bad actors on your device may've picked up that NewPipe was installed on their device which may've caused them to look (speculation on all counts).

Yeah, something with your config. I don't see those using uBlock Origin.
I got the impression the GP is describing precisely that.
NewPipe is a video downloader, different from an adblocker.
TIL.

Would that mean that using progs like `youtube-dl` to fetch videos from Youtube may get your Goog Account deleted?

I don't think you even can login with youtube-dl.
Google linked the usage of New Pipe with the Google Account (despite the person not being logued into their account in New Pipe) and blocked it from all Google services.

Imagine you using adblock in the CNN website without being logged in and they block your access to all Time Warner services (for example HBO).

That sounds like it could only be a good thing, to help you free yourself from the intellectual pablum and misleading narratives they produce. I for one encourage these companies to ban all of us from everything, the sooner the better, so we can be effectively galvanized into making real alternatives instead of the Tivoized bullshit Android has become.
Legally? It isn't really. (Your question was rhetorical, wasn't it?) Sure, maybe courts could separate these two issues on other grounds (such as using a side-channel for banning people based on the mere existence of an ad-blocker versus detecting the exact instance of blocking the ad from showing/playing somehow) - but from the point of the ToS, it's a clear deal. You get to access to YT but you have to watch ads. No ads, no YT.

That said, fuck that. It's not like people haven't been subverting ads for ages. (From the simple pause recording when the ad starts, rewind just a tad bit and resume-recording when the movie continues to Pi-Hole and Blockada on Android.)

Now should I be worried about using YouTube vanced app. Same thing there to isn't it?
(comment deleted)
"Show me the man and I’ll show you the TOS Violation"
And given that emails are akin to a home address these days, you can be locked out of your entire life. Google can wipe a person off the map. Bank accounts, health care, billing, everything is tied to email accounts and phones tied to google accounts.
This sounds like simple accusation and speculation without any proof to me.
This is frightening. I use newpipe and depend on Google for work, email, and data storage. I use Google cloud to host my websites, and Google domains to control their domain names. What's next? Will they suspend an account for using an adblocker on their website while using a browser?

The fact that Google would suspend their account instead of just blocking their access to YouTube is an abuse of their near-monopoly. I'll be taking steps to migrate off the Google stack for this.

I was similarly dependent on Google but started diversifying for exactly those reasons. Domains are with a third party, Email is (Fastmail with own domain, GMail still forwards), hosting is also a separate provider. If any provider now blocked my account this would still be bad but I could easily restore services.

Especially if your work depends on it, I would encourage everyone to do the same. No other company (including your bank) should be able to shut down your business and/or ruin you financially because they close your account temporarily.

At the same time, this also means you're less affected by discontinued products or price hikes.

At the very least, I recommend sharding your accounts for work, email, and data storage if you're nervous about those failing simultaneously.

The attack surface is larger than a TOS violation (someone could spear-phish your login credentials, or a coordinated attack on your account could lead to denial-of-service if Google can't disambiguate your legitimate attempts to login from attackers' attempts).

I'm afraid I can't find the source, so take this with a grain of salt. But I seem to remember reading a few years ago about a small company having all their employee's Google accounts suspended because one of them had previously been banned for something, and his banned account then "infected" any other accounts it came into contact with, like common projects.

I question whether separate accounts would help, Google's automated systems probably connect them and bans all of them anyway.

Yes. Whatever the real specifics of this particular case, some number of users will inevitably lose access to their accounts in a way that they can't recover from. Arguably, with business services, there will always to some way to reliably establish identity with fallback systems. But, at some point with free/ad-supported/etc. consumer services a provider is sometimes, if hopefully rarely, just going to go "Nope. Can't establish your identity or overlook this ToS violation. No recourse." and showing up in Mountain View with physical documentation isn't going to be an option.

It's not an ideal state of affairs. But the alternative would probably need to be more rigorous identity verification and locking down of systems.

lol what in the actual fuck world are we living it? "I'm really worried im going to lose access to Google because I'm constantly stealing from Google"

"the fact my bank would close my savings account when I'm only stealing out of the ATM is an abuse of their near monopoly. I'll be taking steps to migrate my money out of banks for this".

My thoughts now: one of the reasons I use NewPipe is because it have no need for Google accounts (i.e. correlation to emails, no tracking of data gathering).

If evilG banned an account, it means the event that triggered it was a correlation between YT usage and IP addresses. Interesting.

Has anyone Wiresharked the data that is sent when NewPipe makes a video request?

I wonder if it's leaking things Google could use for correlating signal (IP address is an obvious one, but I wonder if the phone is sending IMEI in a header, or if YouTube is setting a cookie / using a storage API that NewPipe honors, but then that cookie / API tag is also readable from the browser when the user uses their regular account).

NewPipe is free software so I don't thing it will be able to send some covert information (even if the author is attacked /compromised).

Android is designed to not allow an app to read information from another one, so it should prevent the second scenario -- except that Google has root-level access to our phones so it can spy everything anyway.

NewPipe's free-software-ness is less relevant if it's relying upon OS-supplied APIs to send network requests and nobody has Wiresharked the output of those APIs.

For example, if it's fetching data from YouTube via a WebView, the HTTP requests made to the server will carry all kinds of cookie state and enable all kinds of APIs that can be used to tag a client in a cross-session fashion (though I don't personally know what WebView's state-sharing model is).

Remember, the security model for web sites isn't "app"-based; it's domain-based. Hypothetically, if YouTube were setting a cookie via NewPipe's interactions onto the youtube.com domain that says "Hey this user-agent used NewPipe," then if some other piece of Android (such as the browser) were sharing the same cookie jar, it would vend that cookie back and Google could correlate it to a logged-in user. The question is whether the cookie jar gets reused.

Well, that makes perfect sense!

If Google is providing an API to easily download things through (e.g.) HTTPS, it may also intercept and poison these requests when they are directed to one of their services and get some extra information from it!

One feature NewPipe has is to import your list of subscribed channels, after you've exported the list from YouTube. So if a NewPipe install queried YouTube to "give me updates for the following channels", YT could "fingerprint" which account the channel list came from. And match the IP of these NewPipe requests to the IP of the account (since the GMail app would also be talking to Google from the phone), and Google can be certain it's the "abuser".

That's one possible vector...

Doubtful, the youtube-dl python library is used by thousands of people and sites to download youtube videos and while API changes break it often, I've never heard of anyone getting their IP banned or an associated account banned from using it.

Even though I have Youtube Red (through my google music subscription), I watch most of my Youtube videos through mpv which uses youtube-dl to download the videos. There are no ads and it requires no account to use yet I've seen no reports on their bug tracker of getting banned.

(comment deleted)
so it's an app that lets you watch youtube without using the youtube app? I don't get on what grounds can google ban you for this - esp. if you could very easily download youtube videos using youtube-dl...

Why not use firefox, and install ublock origin to block the ads?

It also doesn't show ads, and basically make it convenient to use by the average user. I prefer YouTube-DL, but I also like NewPipe.
torsocks + youtube-dl FTW...
didnt knew about torsocks, thanks
NewPipe has quite a few other features, e.g. playback in background or while the screen is off (requires another plugin in Firefox).
To be honest this sounds like some fake story. NewPipe really don't use any Google credentials and even considering how little trust I have in Google I don't buy like they going to buy account this this kind of stuff. Like seriously think on it: why should they ban someone based off IP address alone that can be shared with many devices / accounts.
They wouldn't. But if there's enough secondary signal for them to determine what account is running the access that is grabbing videos but not ads (i.e. do NewPipe's requests carry the phone IMEI? Can Google correlate that IMEI to a user account?), Google could lock down the account.

What the user describes sounds like an account lockdown, not an IP ban.

>do NewPipe's requests carry the phone IMEI?

It doesn't have the required permissions to get IMEI, so no.

It sounds to me like this user was banned for an entirely different reason. Like for example, someone stole his login credentials, fired up hundreds of VM's on GCloud, and started mining Monero.
User does claim they received a message from Google "saying that I was using 3rd party app outside of Play Store to go around Youtube ads." We haven't seen a copy of that message, but I'm assuming we can take it at face-value.
Why would you assume one sentence of an anonymous person on the Internet should be taken at face value?

'shadowgovt owes me 12.3 BTC.

If we don't assume that on average, we have very little to talk about. ;)
You can't assume it at face-value, because how could he receive the email if he's banned?
The culprit could be Google Play protect. You need to use a google account to use Google Play, and then Google Play periodically scans apps, even if they aren't downloaded from Google Play like F-Droid (even apps I loaded for testing using adb). So that scan, whose results are sent back to google could reveal NewPipe and associate that with your account.
I had the same intuition as well. I'm wondering if this is a scare story generated by a google employee to get people to stop using NewPipe.
Or generated by a Google opposer to get people to stop using Google.
Some commenters on the thread suggested that Play Protect reports to Google that your device (linked to your account) uses this app. I'm not sure that's true, but I disabled it nonetheless.
For me it's hard to believe that Google can identify which Google user account is used to run NewPipe.
IP address? But if they really did that, this could be grounds for a serious lawsuit. I have a suspicion that the poster is not being entirely honest.
I'm inclined to agree because of one contradiction in the issue: they say they got an email when they were banned but then they say they can't access their Gmail to provide proof because they were banned. Either your account stays unbanned for a few minutes so your Gmail can sync in which case it should still be available offline, it's on another email which they can still access, or they're lying.
You can provide alternate email addresses for recovery, etc for google accounts.
True, but the person in question was asked in the thread to provide a screenshot of the email.

To which they replied that they couldn't because the account was locked. That certainly doesn't seem to add up, though it might just be a mis-communication.

I don't know anything about this specific story, and won't comment on it. But, this is actually a common attack vector that people with nefarious purposes use. They come up with a story that makes some company look bad, but leave out important details (like they were trying to hijack accounts, spamming, etc...). Some of these people will do this either to get policies changed in their benefit, or as a form of revenge for getting caught.

It's important to remember that all stories have 2 sides, and to consider other possibilities when you only hear one side of a story.

I used to work with Google's account abuse team. The company will never comment on suspensions, so you are right that you only get 1 side. Every consumer account suspension I ever looked into was due to severe abuse on the part of the account holder: folders full of child porn, account being used to spam or distribute viruses, etc. Every advertiser account that some jerk whined about being "wrongly suspended for no reason omg google is satan" was actually due to either click fraud or advertisers' sites distributing malware. Whenever you see one of these complaints you should reach for a massive, galaxy-scale grain of salt.

In this case however the account holder is being totally up front about their activities: they were using a proxy network to rip off YouTube. This is a bit like Trump committing treason on live TV and then later whining about impeachment on Twitter. What's in question is not the facts but the policy.

Out of curiosity, how did you notice folders were full of child porn? Do operators have access to mail folders and / or use to check randomly on people emails?
My understanding is that hosting companies use hashes of known material in combination with automated scanning. Also, that some companies may not want to tell you much about how they do it, because the act of identifying it means looking at it, which is illegal (I have not researched this, I might well be wrong/inaccurate)
I'm pretty sure looking at it isn't the illegal part. Making, possessing, and distributing are the illegal bits. Maybe some other aspects too, like transporting or buying or some form of conspiring? I don't think the government (at least the US gov't) can actually make looking at anything illegal. But it's hard to look at something that's restricted in that way without doing at least one of the illegal things.

If just looking were illegal, you could shove it in someone's face on the sidewalk and they'd instantly be guilty of a serious crime.

I don’t understand, you’re saying this case is believable? That Google treats this the same as folders full of child porn?
This is absolutely nonsense. My colleagues account was suspended for using PayPal and not Google wallet, one startup was suspended because their dev had multi sign-in, my account was suspended because of "app likeness" or whatever bullshit, people were suspended for reselling pixel, wrong credit card info, pseudo names on Google plus, dmca violation, copy right violation on YouTube, competitors hitting report, false copy right and the list goes on.
There are multiple ways for Google to know that NewPipe is installed in a device. Play Protect scanning is one way mentioned in the OP’s github link. Another method I can think is, when I download a mp3 file using newpipe, it adds the text “NewPipe” for the Album mp3 tag. and PlayMusic automatically uploads any new mp3 file downloaded to your device.
Also isn't there another setting to track app usage activity on Android? I'm pretty certain that also keeps a record of opening and using apps outside of just what's on the Play store as well. If anything I'd suspect that was used rather than Play Protect.
Same reaction. I'm skeptical this story is true. I've never heard of Google banning a user over blocking ads before -- frankly, even with the amount of crap I usually give Google, this feels out of character for them.

Lots of people use NewPipe with unrooted phones, so if it is an actual policy, we should see more widespread bans. If we don't, I'm going to dismiss it as, "we don't have the full story, or its made up entirely."

That being said, of course you should take steps to mitigate the impacts of being banned by Google. But you should have been doing that anyway, so I don't think this story changes anything.

But... no, I wouldn't panic over using NewPipe.

Google logs all apps you use on Android. Start time, how many times was used, device, OS etc.

You may disable history but that don't mean they will stop logging.

See the history at https://myactivity.google.com/myactivity

Edit: get out of Google now!

What about LineageOS and no gapps?
For me, that's just as bad as supporting Google with 'normal' Android.
What do you mean? My understanding is most of the problems arrive with the various Google services, but LineageOS can be installed without all that noise, or can it?
MyActivity shows all play store apps and some non-store, pre-installed apps for me, e.g. the system launcher and WiFi drivers, but it does not show sideloaded apks.

If this story turns out to be what it seems, that might mean Google shows you only a subset of the app activity log that they actually keep, adding another layer of intransparency to the injustice.

I think if you are an EU citizen, you can use GDPR to find out.
One of my GMail accounts was fairly recently disabled due to Google not recognizing any device logging into the account. I had to dig up some old Android phone to even attempt recovery which was unsuccessful. After I involved some of my Google contacts, the account was back within 2 days, yet while my phone can log in, none of my other computers are allowed to log in. I am guessing something in their ML system went seriously wrong in some corner cases (in my case, accessing the same account from >10 computers/phones/tablets on different operating systems via Firefox with private browsing, likely triggering their anomaly detection).
Yeah, unfortunately, that smells a lot like a coordinated attack on a specific user's account.

Do you have the enhanced security features turned on? Google's systems trust the logins more if you have to 2-factor them against a phone or somesuch.

No enhanced security, I travel a lot abroad with different phones and can't handle SMS or some type of authenticator reliably.

I completely get it being flagged, I even wrote ML/DL-based anomaly detector for mobile stuff myself, but it really gets in the way, so I switched my primary account over to ProtonMail.

I hear that. :)

I had the opposite problem not too long ago; was away for a relative's wedding and had my phone die during the trip. Even after replacing the phone, getting back into my Google account on the new phone was a chore, because the phone that died was all my trusted devices (2FA key holder and receiver of phone calls for verification at the same time).

Oops. :-p

Yeah, it feels like walking on eggshells these days wrt security... Either paranoid, or locked out.
> was all my trusted devices (2FA key holder and receiver of phone calls for verification at the same time).

That's not actually two factor authentication anymore. Also that's pretty typical of 'two' factor authentication systems IME.

Even though I think story is fake I encourage everyone to setup their own mail server using Mail-in-a-Box [0]. You just need one VPS with public IP and domain name and it's fully automated solution that works great.

[0] https://mailinabox.email/

https://github.com/mail-in-a-box/mailinabox

From the CoC >"That's so easy my grandmother could do it.", which is prejudicial toward grandmothers

Cringe

I think these automatic suspensions are really alarming.

I got my whole Vimeo account suspended by some script that had the impression I was violating some of their ToS. I just uploaded 3 demo videos of an app I created. Then they told me I should click on a link to contact support, where they told me I have to log in to contact support, which I couldn't do because my account was shut down.

I just released a blog article that needed these videos, so I didn't have any time for these things so I quickly uploaded the videos to Youtube.

I mean that was just a small account with three videos, but they simply nuked the whole thing. That's just crazy.

I don't think I'm save at Youtube either, I just didn't have a better idea at the time.

> I don't think I'm save at Youtube either, I just didn't have a better idea at the time.

Ever thought of hosting the videos just like you would any other static file?

What are the financial and technical implications of this?
That of course depends on how popular your videos becomes, but for the 99% videos I would say none since you already pay for hosting your web site.
Technically its pretty easy with the video tag and HTML5. Financially it will probably not be an issue unless their videos become very popular and at that point they could always move elsewhere or pay for more bandwidth. But discoverability is an issue. People search for videos on Youtube, but no one will know about your personal domain.
I see... I think dev.to, the blogging platform I use, supports video-uploads too.

Otherwise, I'll take a look into S3/CloudFront.

Didn't even think that far, lol. Thanks for the info!

Technically, your users will get a sub-par experience.

Those on 3g will have to wait ages for the video to buffer. Those on an old device won't be able to play it at all if you used new codecs. Users won't be able to select playback quality, and on a slow connection, they'll get endless buffering.

You'll have to come up with your own systems for counting how many people viewed the video and which bits they bailed out on. You'll have to reinvent caption translations and go to extra effort to get captions working at all.

Self hosted videos have mostly died for the above reasons.

Adaptive streaming doesn't seem to be a difficult problem to solve. Most cloud providers offer video streaming services that can transparently sit in front of your domain or you can serve something like HLS or MPEG-DASH files through an appropriate js player. I must admit though I have no personal experience with this and am sure any home-rolled solution will be vastly inferior to Youtube et al, but it is possible and may satisfy the use cases of many people who don't want to put all their eggs into one basket.
You can provide links for different qualities and let user decide which one is better. Subtitles are supported by HTML video tag, you don't need to invent anything.
> Those on 3g will have to wait ages for the video to buffer. Those on an old device won't be able to play it at all if you used new codecs.

This advice is pretty stale: 3G is rather old by now – 4G came out in 2009 – and unless you’re still supporting IE8 HTML5 makes it easy to let the browser select from multiple sources (subtitles have similarly had wide support for at least half a decade). Properly hinted video will start playing pretty quickly — certainly not massively slower than someone with 3G on an old device is going to experience everywhere else, especially since that old device isn’t going to pick the 4K version anyway.

> This advice is pretty stale: 3G is rather old by now – 4G came out in 2009

When traveling to places with 4G or LTE coverage I'm often downgraded to 3G or edge. My parents' home has mostly 2G/edge connectivity, with some spotty 3G coverage on the second floor. They're "only" on the outskirts of a greater metropolitan area.

Just because some tech is old doesn't mean it's not very much still relevant.

You can’t look at this without considering the context: yes, there are areas with marginal coverage (I also have relatives in that situation) but if you’re in one of them you are either not watching video over cellular because the experience is unpleasant or you’re used to it being slow and an extra second to start is a drop in the bucket. The number of people who are on very slow connections who are also highly latency sensitive just isn’t a significant percentage of users for most sites, and most sites have many areas for performance improvements before they need to tackle that problem.
I actually force my cellphone to 3G since I can watch everything in 1080p with it and I never lose connection like I do with 4G
I managed to do adaptive streaming as a 14 year old (in 2014) and it worked for 10 000 people. It didnt cost me that much, given I made profit of 80$ off of adsense before being banned and almost sued but thats a different thing.

The point is with HLS or DASH and CloudFlare you can provide the exact same experience to all your users. You can easily automate the process, which I've done. All other problems are already solved by player software like Clappr, JWPlayer, VideoJS, etc. They all use HLS.js and Dash.js in the background...

One nasty implication is that adaptive bandwidth streaming as YouTube and Vimeo provide is tricky to get right. It’s definitely beyond “any other static file.”

It’s a nice feature to allow clients to stream the max bitrate they can handle without buffering. Without this, you sacrifice either quality of those with good connections, or the complete experience of those with poor ones. I ended up struggling with ffmpeg and JPlayer which is never a good day.

Additionally, you need to make sure you use the right codec, something supported on FF, Chrome, and Linux/Mac/Windows/Android/iOS. Due to codec power struggles, this is not self evident.

Hosting video is harder than it seems :(

On Digital Ocean's S3-compatible service for example, $5/month gets you 250GB storage and 1TB egress. $0.02/GB additional storage and $0.01/GB additional egress.

So if you have 5GB of videos that ALL get watched 10,000 times you will be out $500, so maybe problematic. Or calculated another way, 2.2mbps is good for 720p and comes out to 1GB/hour, so your cost is basically $0.01 per hour of video streamed (plus $5/month).

How does this change with a CDN on front? Are those prices similar, more expensive or less?
CloudFront is $0.085 per GB out, S3 is almost the same.

But as far as I know, CF has more free traffic than S3.

That's the case of premature optimization.

You are not going to get even one video watched 10k times, not to mention all of those videos. 10K video views is pretty darn close to head rather than the tail.

If you did, you would be making a million a year like @BrunchBoys on IG and hiring people to build an independent platform so when Youtube/Google/FB shut you down you would still have a way to deliver your awesome videos and make money.

P.S. You can always proxy EC2 traffic through the Lightsail to have a cheap delivery.

Or, you might get a random HN/Reddit (Slashdot, haha) hug of love, and that's -500 USD for you, and no +1 000 000 at the end of the year, because it was a one time thing.
You might get 10k people to start watching a video. They're not each going to watch five hours.
I heart a lot of these magic hugs of love and I can tell you excluding teen boy bands with a gaggle of screaming teenage girls using their phones to live stream from concerts or pirate pay per view boxing matches I have never seen anything close to it.

10K views of a video that's more than a few minutes long is a big deal. Having a hundred of those means a producer is either a celebrity or a real business specializing in video content.

The financial implications depend a lot on your provider. AWS has usurious prices at 90 USD/TB, with Google Cloud and Azure being similarly expensive.

While traditional hosters often include traffic with their offerings or charge a much lower amount. For example Hetzner (Big traditional German hoster) costs 1 EUR/TB and traffic is inclusive with most bigger/dedicated offers.

> usurious

Nitpick: you mean either "extortionate" or something to do with ogliopolies, cartels, and price fixing; usury is when the perpetrator charges interest on a non-defaultable loan.

I think in this case this word was used for simple dramatic emphasis, and somehow usury seems like a more white-collar thing than extortion, so maybe felt like the better "analogy"?
You can also use something like Peertube or another implementation of WebTorrent.
Maybe this is unsuitable for your use-case, but these days it's pretty easy to embed video yourself with the <video> tag and an MP4 file. Example: https://www.brainonfire.net/blog/2018/03/23/oxalis-leaf-open...
Video can still cost a lot of bandwidth on your personal hosting. .. I've actually been meaning to rehost all the stuff I have on either Vimeo or YouTube on a personal PeerTube instance, change all my embeds on my blog to point to PeerTube with YouTube/Viemo removed and links under the video to those respective sites as mirrors.

None of my stuff gets enough attention for me to care about exposure, but big content creators who rely on YouTube ads really can't get away from it.

The problem with peertube is that it leaks your IP to everyone else watching the video.

I've been looking at the same thing.

(comment deleted)
> Video can still cost a lot of bandwidth on your personal hosting.

Jesus Christ. Just pay for the bandwidth! You can't at the same time go "I dont want to be subjected to this automation stuff" and "I don't want to pay!"

More like use a dedicated server or vps host that bundles several TBs of bandwidth. It isn't hard to get ~20TB of bandwidth for $100-$200, compared to however much that would cost at aws/gcp.
Vimeo, which the original person was using, is a paid service.
The videos don't have to be on your standard host. You could stick them on S3 or something, which might be cheaper, and is more portable than Vimeo or YouTube.
> Then they told me I should click on a link to contact support, where they told me I have to log in to contact support, which I couldn't do because my account was shut down.

Gotta love Silicon Valley Customer Service!! The same thing happened to me with LinkedIn. Multiple Catch-22s and/or Chicken and the Egg.

  Silicon Valley Customer Service!!
Vimeo is in NYC.
The HQ does not need to be in Silicon Valley to adopt the ethos.
People say google has good engineers, and that their systems have few bugs. However, their algorithmic bugs routinely de-platform people and often seem to take away people’s incomes (eg, the AdWords people losing accounts every other day). To me, that sounds like one of the most severe types of bugs possible and the Internet is rife with these stories
This could easily ruin someone's life. Stop fucking around Google.
Their username means "Fuck you all, Satan!" according to google translate
This is pretty frightening. I have around 5 Gmail accounts that practically everything is filtered through, and while I don't use it, I did (just uninstalled it) have NewPipe installed on my phone, along with F-Droid, along with a number of apps I downloaded directly from github, that Google has no place knowing anything about.

If I lose those accounts, I'm pretty sure I'm screwed, there are many online services that require you to open an email and retrieve a temporary code, or require you to have access to the original email account in order to switch to a new one. I don't know what I'd do if I'd lost those.

(comment deleted)
Sounds like you have a good incentive to spin up a domain and start transitioning away from Google.
I have a couple of domains, and do have an email for own domain but haven't transitioned my emails to be sent to the new email just yet
I use G-suite for my domain... Just uninstalled NewPipe too, just to be sure for now.
A company I know has lost the password for their info@company.tld google account. Google refused to reset the password - it asks for mail verification (passed), phone # (not passed, no one has an idea which phone number that was) and account age (not passed, this thing is ages old).

Google refused two letters by their legal counsel, now the company will attempt to file an emergency injunction / court order, but jeez it sucks that Google can not be bothered to have ANY place where you can contact an actual human.

That's exactly what happened to me just a few days ago. I got an email alerting me that a secondary Google account of mine had been accessed, password changed, secondary email changed and I think even some kind of security question also changed (I don't even remember Google having those). Ok, no problem, I'll just tell Google I own it for whatever means they ask and change the password back.

Recovery email doesn't exist anymore. There's no phone number attached (I haven't accessed the account since before I had my first smartphone). And the account must be like 12 years old or so, there's no possible human way to remember the precise month I created it (I don't even remember the year).

I have all my Google accounts connected through gmail, and I can even receive the emails that go to that account, since they go to my main account. I tried for a full whole work day to get the account back, but there's just isn't any human I can talk to, so the account now belong to some russian hacker or who knows. Luckily for me is not a very important account and I haven't found anything important attached to it, but it's very scary.

Sounds like someone was specifically targeting you?
No idea, why do you think so? I could see a bot doing all that.
Wow and I had enough trouble getting an AWS Org root account deleted (created by an employee who no longer works at the company). AWS sub orgs require you give the sub org a credit card, then close them independently.

Be sure to close the sub org first, then remove it from the root org. If you don't and don't have the root login for the sub account, you're going to have a bad time.

At least for both Amazon and Azure one can get real human support either by calling a phone number, filing a ticket or writing an email.

Google has literally no way to talk to a human, neither do Facebook and Twitter.

Why the hell does Google get to decide what I install on my phone?
From this story, it seems they only get to decide what apps you access their services through, which seems entirely reasonable, no?
I'm not entirely sure what the user expected was going to happen. Unless I drastically misunderstand, NewPipe lets a user see YouTube videos with neither ads nor a premium account. Of course that's going to be a TOS violation.
Yeah, it is unfair to their paid users, similar to piracy
(comment deleted)
This pretty much is piracy - streaming videos without paying for them to the creators.

For some strange reason not paying for YouTube content and bandwidth seems to be just fine here on HN as opposed to doing the same on iTunes or other services.

Even without ad blocking, simply circumventing CSRF and hitting API endpoints is usually a breach of any TOS by itself, especially one that provides its own clients (or has occasionally refused to, see Amazon FireTV).

Those downvoting the parent, can you add to the discussion?

NewPipe doesn't hit any YouTube APIs; it scrapes the website.
By API I don't mean published API. I mean it subverts the normal client usage and makes calls directly, masquerading as the intended client. Internal API if you will.
The thing is you could use NewPipe on an Android device without Google Play Services and a Google account.
And if you do that, does it fail to render ads coming from YouTube?
Itt doesn't render the ads, but Google should have no idea how to associate the downloads with a Google account that it can punish. The fact that (the poster alleges) Google has managed to associate his account with his NewPipe activity seems draconian of Google...
For this and other reasons, I don't use my Gmail account for any sort of long term storage. It's not sometime I own. I could be locked out of it, and lose a lot.I try to keep fewer than 30 emails in there at any given time. When my life is going well and up to date, I make sure to keep it at zero messages.
Serious question, which I'm hijacking this thread to ask since it's on everyone's mind:

- What's the best way to fully back up a G-Suite instance, so you could get back on your feet really quickly if something like this happened?

I use G-Suite for email and docs and a bunch of stuff for my company, and I'm willing to pay money to have it all backed up in real time and ready to switch in the event of a disaster.

What's the best way to do that? I know Spanning and Backupify are two popular solutions. Would be curious if anyone has experience.

Maybe the Google Takeout-Feature? It lets you downloaded all of your data. Mails are stored in mbox-files, I don't know which other file formats are used for other Google services.
Many are suggestion Google takeout but I would prefer something I can run automated on a server that will make a continues backup.

Using takeout manually every so often is a pain.

I frequently export my data just in case. 'Google Take out'
I have a lot of third party accounts tied to gmail.

I don't really want to host my own mail server, what's a good mail alternative (free or paid) for an European user?

You can always use Outlook.com

Some domain registrars also offers free email services with domain purchase, Gandi.net being one of them.

zoho.com has a free tier that includes the ability to use your own domain, which gives you the flexibility to change providers if ever necessary.
I've been extremely happy with zoho.com for all my business email. If I had any problems with Gmail I'd probably move everything over, but if there's one other service I'd recommend it'd definitely be Zoho.
By commenting that you are European, are you trying to stay out of the US hosting megalith entirely?

Fastmail has been a great provider for me but, despite being Australian, I believe they are US hosted.

I'm not trying to protect against a governmental entity, so I'm happy to use an US based provider. I provided the extra info in case any US provider requires additional steps for non US customers.
Posteo (which i use) and mailbox are great paid options For free e-mail you'd go with protomail or tutanota