When you have a trillion dollars stashed away. Then you wouldn't care about lawyer costs. That's the main reason big corps get away with doing what they are doing.
You would if laws demanded you always had to hand back users' data if you locked them out. That's the problem we don't have a proper legal framework to manage Google and other Big Tech.
In Europe there's no provision for GDPR rights to access to data to be removed on these non-grounds, so users would have the right to get access to their takeout.
Since Google's processes don't seem to give access to that, you might have to sue them. If they failed to show though, you should be able to get a default judgement eventually.
(note - GDPR is in some cases privately litigable, so you don't need to wait around for a snail's pace regulator - you can indeed sue for relief and get your legal costs back in the award. I'd expect a lawyer would take this case on a contingent basis given how clear-cut the GDPR is about your right to access your own data).
Europe has been really slow giving out fines. And even those fines are often less than a slap on the wrist. In France Google got fined $57mln for breach of GDPR. That's what Google makes in 3 hours.
That is why it is important to note that certain GDPR rights can be enforced yourself, without waiting on a regulator. Waiting on a regulator to bring the case is not your only option, since these are data subject rights, and the data subject (i.e. you) an sue directly.
Certain approved consumer groups are also able to do this as well - the regulators are too slow right now, but others are gearing up to start taking cases themselves.
You don't remember that checkbox you clicked when registering for your account affirming that you definitely 100% read, understood, and agreed to be bound by Google's Terms and Conditions and Privacy Policy?
You are not helpless as an individual. If the company wrongly disables your account and leaves you no other option, you are well within your power to fill out some paperwork and file a lawsuit. It should cost you <$1k but will cost a big company >$10k just to respond.
Tip: Get your own domain from a non-google registrar, then connect to Gmail if you prefer. If you ever are locked out, you can just move the address to another email-provider.
Another trick is to use always have forwarding enabled in Gmail, to Outlook.com or another provider. All email will be forwarded despite your account being locked, so you will not miss out on important info.
And use Google Takeout for backing up your data, at least once a year.
Would forwarding continue to work if your account is disabled or terminated? That doesn't seem likely?
I wish there was a way to pay for Google (such as Google One) and it meant Google wouldn't ban your Gmail account. Period. However from reading HN anecdotes, it seems like they don't care about you (even if you're a paying customer). I realize this could feel like extortion, but it would be well worth the peace of mind.
> Would forwarding continue to work if your account is disabled or terminated? That doesn't seem likely?
No, but the idea is that you can point the domain at a new host and at least keep receiving future email, so that you don't lose the ability to password reset accounts, etc.
As for
> I wish there was a way to pay for Google (such as Google One) and it meant Google wouldn't ban your Gmail account
There's a reason I pay, like, €50 a year for my email hosting instead of gmail's free mail. I want to be able to actually reach a human when it comes to problems with my email instead of Google's customer service void.
That's why you need to own your domain. When they lock you out, you setup a new mailbox elsewhere and point your domain to it. That covers new mail. And the archives are still accessible because you've been forwarding mail all along.
Not op, but what you described is called a catchall address. Easily done with custom domain. Basically a regex for *@domain.tld, every mail sent to (anything)@domain.tld will arrive at a preconfigured mailbox, say admin@domain.tld etc
Yes, and (for example) Fastmail allows you to do that very easily. So does Google if you prefer to keep the Gmail interface & are willing to pay for G Suite.
And, if your mail client’s UI allows, you can even send from <whatever>@yourdoma.in to avoid disclosing your “real” address when you reply.
My favorite use-case: you sign up for foo.com with foo@yourdomain.com. Then foo sells their contact database, and now you’re getting viagra spam all day. Ok, just add a filter to auto-trash anything addressed to foo@, and the problem is solved.
I've used a custom domain + gmail for the last decade. Earier this year I got sufficiently spooked and decided to switch email.
The migration to fastmail.fm , including a decade of old mail messages, was flawless (if slow, but it's a lot of data!). I highly recommend this route.
Another problem is that for many years, a user will have been signing up to accounts with their gmail email address. If this address is locked, password resets become impossible. I'm hoping that address reuse never becomes a thing.
> I'm hoping that address reuse never becomes a thing.
FYI, it already is for yahoo. I got lucky that they _only_ deleted all my emails after I didn’t log in for a while, and nobody else managed to hijack the account while I was gone and password-reset all my services...
I have always used a custom domain for this exact reason. I ran my own mailserver for over a decade but that got increasingly harder with DKIM, SPF, etc and the big boys (MS, Google) blocking more and more aggressively. I moved everything over to Soverin.net last year and I'm very happy wwi them.
Just wondering if there are any trade-offs to consider if I were to use Google Workspace (G Suite) instead of a provider like ProtonMail.
Using a custom domain with Google's paid service seems like the least drastic change and you get to keep using all their services. Maybe the support won't be as good, but the products and integrations are probably better than any other provider.
And as long as you do regular backups of your Google data, I think this seems like a good solution.
I had a commercial GSuite for an organization I was running. A Google bug wiped my domain and all my data. Support was automated systems all the way down.
I think the downside of Google is this happens about 100x as often as other organizations.
Google security also cares about Google's security, not your security. Your odds of account compromise go way up dealing with Google.
I do this but there are pros and cons to every solution. I once forgot to renew a domain and let it expire completely. It wasn't one that I used very often but a few accounts used it and someone else registered the domain. Now they could very easily gain access to my accounts if they wanted to before I get around to fixing it.
I’ve used Namecheap for many years without issue. My favorite feature is catch-all email forwarding for domains so you can use any number of email addresses for logins.
The funny (er, scary) thing is I was actually thinking of switching to Google registrar for my domain after namecheap messed up their CNAME records and dropped a few days of emails (I already use GSuite). Google reliability, the promise of fair pricing and a free WHOIS protection was very attractive to me.
After this, fuck that.
Google has so many services that you could lead a reasonably diverse online life without going to another provider, without the accountability that typically comes with that sort of power. They really need to be checked.
Only use Google SSO for things you don't care about.
While in would be a pain if I lost my google account, I can still access Twitter, Discord, GitHub, Bitbucket, stack overflow etc as they aren't bound to Google.
My emails/hangouts chats however would be lost unless I took a backup (I haven't but I might one day when I decide to go ad-free)
No, they're not describing New Zealand. NZ doesn't have a national ID card. Also, they have their own system for SSO to government portals that doesn't use Google.
Most WINZ/StudyLink and IRD interactions are online now, and I got my passport 100% online using RealMe. I can't remember the last time I posted anything to government in NZ.
I've had a ton of paperwork done in recent years (voting, child passport, visas). Most of the conveniences stops when you don't have NZ's drivers licence...
Don't do that. Do almost anything other than that.
If you make them public utilities, they'll get even worse, become more politically tangled, become even more entrenched, impossible to remove and impossible to compete with. You'll put the government directly into the business of preventing competition against them via intense regulation and government-lobby protection.
There are a lot of ways to restrain big tech before you get to the public uiltity option.
If you make them public utilities, they'll get even worse, become more politically tangled, become even more entrenched, impossible to remove and impossible to compete with. You'll put the government directly into the business of preventing competition against them via intense regulation and government-lobby protection.
I think your fears are overblown, when was the last time the power company, the phone company, the sewer company, the train operator, the postal service decided on a whim to un-person someone? Sure those organisations aren't perfect by a long shot but by and large they are trustworthy and accountable.
Yeah but it's a short step from that to being forced to exclusively use the state-mandated email provider in order to be able to communicate with the government or big businesses... at a cost.
That's already true. Look at how Google is banning accounts without recourse. Or how Twitter and Facebook are censoring personal and public discourse to push their political agenda. Why are they able to do so? Because it is already impossible to compete with them.
I second the idea of declaring them as public utilities.
No, no, no, no, no, let's not go there. Small independent hosters is a more compelling solution.
Yes, our culture is perfectly capable of delivering essential (and nonessential but nonetheless everyday) services through regulated private independent companies. Typically some sort of exclusive license is granted, yet to maintain that license certain standards must be adhered to. You can see a dozen examples of this on any high street, any business handling food for example.
Being locked out from google account is one of my biggest fears in practical computer usage. Over the years I can't even tell how much I'm sunk into using tiny pieces of google's services, even though for most crucial things I tend to omit google and look for alternatives that are easier to handle in problematic situation.
Do a google takeout ASAP if you haven’t done so already. This mitigates against data loss through being banned. You then just need to change your email in myriad places!
I went through this recently and... It's not actually as many as I thought. I've got 454 entries in bitwarden, but anything past 20 or so most common entries, I can completely ignore / wouldn't care if they disappeared.
ebay's stupid about this. you can reset your password but then they'll still send you an SMS(!) to verify it's you when you try to use your successfully reset password.
I no longer have access to that old number, i ditched that particular account cos it didn't mean much to me and opened a new one, wasn't worth the hassle.
> Mail is one of the things I'm most worried about.
Use an IMAP client. It would keep all your mail on your device, so at least you don't have to rely on having uninterrupted access to your account for your old conversations.
Actually, I'm surprised just how many people use email through web interfaces for some reason.
Search and find old emails.. that's where gmail works. I guess that's why I keep using it. For work I use Thunderbird (the best of the bad alternatives), and search is horrible and extremely slow (and usually never find what I want to find). If I had something which was as easy as gmail for handling tens of thousands of emails I would switch.
You can use an imap client as “backup” and continue using the gmail web interface for day-to-day usage. Or the other way round, depending on how much you rely on gmaial search. There’s also a few mail backup tools that effectively let you create a local copy of your mails.
People constantly bash on thunderbird search, when it is actually the opposite.
Gmail will often fail on exact-match searches. Unbelievable frustrating and next to useless.
Thunderbird is a bit clunky but does what you ask of it and has much better+simpler filtering options.
Which makes sense, gmail is in the cloud so it can't perform intensive search queries because that would cost way to much.
Thunderbird has a dedicated machine for it, no matter how old and slow it is it will have way more resources at hand than google will ever allocate to you, even if you pay.
I use Thunderbird but I only do so as it's the best of a bad lot (before that I used Eudora before Qualcomm dropped it - Eudora users know everything else is a letdown).
Thunderbird has forks but they too need much work. The trouble with email started when free email was included in Windows thus taking the incentive away from development. Same goes for Thunderbird nowadays with free Gmail being available.
I was working in a College's IT Dept when they were migrating everyone from Eudora. Lots of the professors were of the "You can pry it from my cold, dead hands" opinion. They often had 10s of gigabytes of email dating back to the early 90s, some even earlier.
Yeah, and converting old mail wasn't easy even when Thunderbird had an importer. 10s of GB were a problem as the importer often broke at about 2GB. Even TB's own native boxes broke when about that size.
So could Eudora's for that matter. Crashes were a particular problem with large boxes (.MBX files) as they often had crosslinks from users shutting down too quickly. Trouble was that when the mailer reindexed/compressed the box it would often stop at the crosslink and the remaining mail lost (I used to advise everybody never to reindex unless they'd backed up immediately beforehand). No doubt if you were in the IT at the time then I'm preaching to the converted. ;-)
I often use this example to illustrate bad design and the need for data hardening. If the time you're mentioning was before Qualcomm announced an end of Eudora then this may have been one of the reasons to move away. That said, mail clients haven't progressed much since. The MBOX is simple and still predominates but that's a mixed blessing when we need separate index files. Essentially, those who've many GBs of mail still have a problem. Little wonder many have turned from POP/IMAP to web mail.
Search and find old emails, that's where a CLI shows its merits. I can use grep or agrep (approximate grep, to search for spelling variations) on mailboxes, or mutt to have a tool which handles the base64-encoded stuff.
I have to use Thunderbird at work too, but every so often I'm glad that mutt handles IMAP as well and helps me find stuff that Thunderbird will not.
This! My biggest issue migrating away from GMail is that I’ve archived 8GB of mails from the last 20 years there. If anybody has a suggestion for a self-hosted email archive with fulltext search, I’m all ears.
Backups of emails are OK, got a few of them. It's the constant need to receive emails as others have noted below is my fear.
If I'll get locked out will I be able to reset my password to the other bank account I almost forgot about? How long will it take for my old recruters to figure out not to mail me there? etc.
I run Thunderbird sometimes on desktop to cache all emails locally. I also have a NAS wich is downloading emails 24/7 and I can browse all locally from backup. This also gets backed up to 2 other locations :)
You can keep an offline copy of all your mail by using a mail client like Outlook or Thunderbird and leave it running while it downloads all mail through IMAP.
As one who's never trusted my data to Google I really am curious why so many actually do so.
Is the convenience truly that great that people are even prepared to gamble the loss of their data? Alternatively, why is it that some of us have always been mistrustful of Big Tech and most others not?
It grows and compounds. I started using gmail an google a long time ago, when I was not enough of an expert and a big tech enthusiast. The Google cloud ecosystem has been ahead of its time for a long time. Now that alternatives are available and I understand the lock in risk, I am way too entrenched into the ecosystem to consider getting out as an easy and painless option.
Yes. The convenience is truly that great and the ratio of users to locked out users is large enough that I am prepared to gamble like that. We gamble all the time with any service we use or retailer we buy from.
OK, that's fine. But as I said elsewhere you should always be entitled to get your data back if you are locked out and the law should guarantee that entitlement.
Absolutely. If we bring the law into it, one should also know why they are being locked out and have a valid human-lead channel to contest it. I'm in no way condoning what's going on sometimes. It's terrible.
Fully agree. The law should also enforce an arbitration process onto Big Tech at it's expense (it can afford it as it's selling user's info). Moreover, those arbitrators ought to be independent of Big Tech.
> As one who's never trusted my data to Google I really am curious why so many actually do so.
I expect that most users think on the same level as they do with metadata: "I have nothing to hide so can't be a possible target." And if an algorithm suddenly marks them as a target (for whatever I transparent reason) they do not understand that they might just be "collateral damage" …
My IT world view was formed in the 90s when various proprietary file formats became more or less inaccessible due to "software obsolescence"). Which told me that only more or less plain text (mark-up is fine, as it is text too) will guarantee that I can access my data years later. People who started their live with Big Tech (so-called digital natives -- or is that naives? ;-) might have to learn this sooner or later.
Right, having managed IT I understand the proprietary formats problem well. My two axioms are - use plaintext wherever possible, and second, before you commit to a new program always check its export features to ensue you don't get locked in.
There was a time, maybe up until 10 years ago, when Google was cool. Everyone wanted a GMail address, it started out as invite only, like Facebook. "Do no evil" was the motto. And they ramped it up slowly like boiling a frog. The evil, I mean. And here we are today.
I think they started off at a good spot. Then realized they wanted more control of the data going through them. Then they realized they wanted to control the way the data flowed in an ideological way. It is a natural reaction to someone who gets a decent amount of wealth. They think 'how can I make the world a better place'. But the mistake many make is not realizing that their way is not the best way for others. Sometimes the best way is just to kick the actual trolls and just let everyone be they way they are. They are no longer satisfied with that. Doing what they are doing is going to 'dismantle' their people network. In 10 years people may be saying 'oh yeah remember google'. It can happen. At one point a lot of people were on AOL now it is a ghosttown of what it was.
Absolutely, with AOL the paradigm shifted and it couldn't change quickly enough. Google will likely predominate until another shift of similar magnitude occurs.
Seems it's impossible to make predictions in this area with any certainty.
Remember, Bill Gates was paranoid about this and about Microsoft getting caught out for similar reasons especially so around the time Windows 95 came out. Even so, MS missed the boat with search, smartphones and Android.
I remember when I first got my Gmail address, what... 18? 19? years ago. Google was hot shit and everyone was like "Well if Google makes it it's got to be good!"
I don't think people actually believe that anymore they just feel they have no other alternative. Google had this wellspring of good will that they have simply burned over the last 10 years or so.
It was developers who originally made Google what it was - first to search, first to Chrome.
We can unmake it as well and I think it's about time we do.
Most people don't see these articles, or know how to buy and manage their own domain. Most people want email that is easy enough to use and generally functional and stops them having to see spam. We're all in a bit of a bubble where we've seen enough to be wary, but most people haven't.
I switched to gmail in the early '00s when I was a kid after previously having an email on a friend's private server that he decided to take down. That was back when Google only offered POP email. That was back when Google was only an email service and search site. Luckily I was an Apple user however and haven't migrated my personal photos, data storage, and many other things to Google.
The idea of losing all of my email access, etc, is terrifying, much like the idea of getting in a car accident, or getting cancer, or one of a million bad things that can happen to a person.
But what are the actual odds that a bad thing is going to happen to me?
1.8 billion people are currently using GMail. If 1000 "real" (ie, not bots) accounts were closed every day for the next 80 years, there's a 98% chance that I (or any other individual user) would never have a problem.
Obviously, if some number of people are having problems that's, well, a problem, but as an individual user I mostly assume that it's not going to happen to me, much like I largely don't think about the 1-in-103 chance that I'll die in a car accident.
There's surprisingly little you truly need a google account for. Gmail was one of the last things I hadn't moved before I was locked out of my Gmail account because of their bad password reset heuristic. Thankfully I had it set up to forward to my own domain.
If you don't use Google then you can't get locked out. I don't.
I've never understood why people would actually trust their data to Google or any Big Tech company when there's no guarantee one will always have access to it.
That said, we need laws to guarantee people can always reclaim their data even if their account is closed or the company goes bust.
I think it's a matter of convenience - running your own gsuite like application (eg nextcloud) safely and securely is out of reach for most users, either for want of education or time
LOL, that is enormously out of the reach of most users...
What you mean to say is that it isn't out of the reach for anyone visiting YCombinator.
Most "users" have less understanding now, many of them having lived with this technology their entire lives, than I did at 14 when I got my first computer... A Pentium 75 with 8 MB of RAM and a 540 MB hard drive.
The second person lives in Britain. I wonder if he tried submitting a GDPR request, and if Google has any obligation to keep the data, or if they delete it immediately?
If they want a full access to the EU market they will have to use the EU regulations like Norway does. However they may prefer a hard brexit for some reasons.
The GDPR regulation is implemented into British law as the Data Protection Act 2018 [1]. It must remain until the end of the year. If there's "no deal" then, next year, the UK Parliament may repeal or modify it as it wishes.
However, there were data protection acts in 1998 and 1984, and it seems unlikely the general principle of access to personal data -- which was there before GDPR -- would be removed.
Under GDPR right to access your own data (in Europe), you could sue over Google's refusal to honour your data rights. Your request to use data rights can be made through any means, including social media message funnily enough!
You can privately litigate breaches of GDPR, and I imagine the court would be keen to award you costs when the judge discovers the kafka-esque situation going down. Oh, and ensuring you receive your takeout as they are legally required to give.
Not sure if there's grounds for loss, as the terms and conditions are pretty tightly wrapped to say they can block you at any time and you're fine with that... Not to say that should be allowed either!
GDPR article 22 (Automated decision-making and profiling) may also apply here - I would think for many people this kind of situation has the kind of ‘similarly significant effect‘ which would trigger a right for human intervention.
Absolutely. I suspect if this hit a court, Google would decline to say why the account was banned. A judge would then struggle to see this as not being an automated unaccountable decision.
I was thinking the exact same thing, but Google isn't stupid either. So far all of these lockouts have happening to US folks, but this one is from UK.
I'm not sure if Google made a misstep in this case or they found a loophole and no longer care about GDPR.
The UK's Data Protection Act (2018) is pretty much a copy-paste of the GDPR, and it is to remain in effect - the UK had a fair hand in writing the GDPR itself, and has passed it as its own implementing law. So while it's not "the GDPR", the rights it gives are almost word-for-word identical.
Welcome to vendor locked-in world where you have willing-fully decided to become prisoners in exchange for few sweets that you dont really need.
I hope you dont also own some google router or even better, "home security" device. This would make it a real pain. I am explaining this to people since the birth of gmail, but no one listens.
Let me think for a moment, what would happen if google does this to me...
[x] No google email (I have my own mail server - it is just a $90 motherboard with onboard cpu with disks)
[x] Modified ROM, no google on android
[x] No google cloud (Nextcloud is just fine, for virtualization I have bhyve. They are both just great)
[x] No applications bought from google play (If application doesnt provide "off google" licensing, I am not buying it - voting with my money)
[x] No content served by google (If I want to share video, I just upload it to my server. No annoyances about copyrights or anything else. It just works.)
[x] No data whatsoever stored in google ecosystem (actually actively fighting against them storing any information about me)
Not the person you are responding to but for the HTML5 video tag to work how does server have to be set up? What are you serving the video over? What protocol are you using? New to this so curious about your implementation.
Not the person you were asking, but you can host it the same way you host the HTML file containing the <video> tag. Both files are served as static content by any web server you choose (eg nginx, Apache). You also get "streaming" for free because the browser will request the video file in portions instead of "the whole thing at the same time." Web servers support this out of the box.
There’s no need for lock-in though. I have almost all those benefits without google, the only difference is, that I need to install TitaniumBackup first before I can restore everything on my phone.
But unlike you, I don’t care if google locks me out.
You can also benefit from the cloud while still avoid putting all your eggs in one basket.
A few years ago I was happy to have all my life on Google because it's was so integrated, but recently because of (1) privacy issues are (2) risks of being banned arbitrarily, I decided to reduce my exposure to Google.
So my email is Protonmail, my browser is Firefox and my search engine is Duckduckgo. I'm still looking for alternative for my calendar and files hosting. I might shell out a pro Dropbox account.
What might be harder is Android and Play Services. I don't like the iPhone, and I don't want to bother with de-googlized custom ROMs either.
You could compromise by using Auroa Store. At least you'd then have access to all the free Play store apps. Paid ones would still be a problem of course.
You don't have to run your server at home. You can also rent VPS from a large number of providers that have much better customer service than Google. And if you don't like your current provider, it's easy to switch.
Or just upload backups of your home server's disk to the VPS.
I know that it is possible, but think that ensuring correct backups can be difficult and that a VPS is actually quite pricy. (Especially if I want my data outside of a place which the NSA can touch, that is, no DigitalOcean or Azure.) Do you have tips for that?
We are talking about alternatives to Google services. They are very likely infiltrated by the NSA already. So using Google over small VPS providers will give your data to them far more likely. I doubt that the NSA has "everyone surveillance" contracts with every VPS provider out there, even ones in the US... they might only just send letters about individuals they are interested about. Every additional person who has to keep the secret makes exposure more risky.
Anyways, if you do distrust your VPS provider, you can just use it for encrypted backups, and then you'll only have to manage the key.
As for suggested alternatives to DO, there are plenty VPS providers in Europe. 1&1 or Hetzner come to mind. Maye they don't have DDoS protection, but you aren't trying to build a public website anyways.
TOTP being an open standard doesn't really help, though, if the only place you have the key for a given site is Google's authenticator.
You need to actively take advantage of it being an open standard.
There are a few ways you can do this.
1. When you set up TOTP for a site, scan that QR code or enter the text version of the code in two different TOTP authenticator apps.
You might even consider scanning the code on different devices, too.
2. You can save the QR code or text version of the code, so that you can set up another authenticator app later if you lose access to the one(s) you scanned the code in originally.
Only consider this approach if you are confident you can protect the saves code, such as with strong encryption.
3. Many sites will give you one or more one-time codes that can be used to bypass TOTP. These are meant to allow you to get in so you can set up a new TOTP authenticator if you lose access to your current authenticator.
As with #2, you need to be confident that you can securely store these codes if you want to safely use this approach.
For #2, I recommend both saving both the QR code and the text version of the code. You can get command line tools that do TOTP, such as oathtool [1]. Having the text version of the code will make it easier to use such tools, which might come in handy if your phone gets lost or destroyed and you need to generate TOTP codes before you can get a new phone.
Use Authy if you're into online synced services, use WinAuth otherwise (local, encrypted. No longer in development, but still works, and depends on windows for encryption; supports encrypted backups)
I created that data, so it's mine by law. Or it is data that was never mine in the first place. Plus, my google data is stored in 3 places: Google, Dropbox and local system. If 2 of them fail, I still have the other.
As to who can access that data, well, that's a question for everybody isn't it? If I would run my own server on the internet that would also be the same question.
So yes, I'm pretty sure it's MY data. I'm also protected by EU laws.
Have you actually tried connecting a new phone to your google account without access to any old "burned down" device?
You might want to try this before you feel secure enough. My mother's phone got stolen and I had a lot of trouble trying to get into here Google account for her. I was lucky enough to have logged into it once in Safari of all things on my personal laptop. Google seemed to have placed a cookie to 'remember' the device. Otherwise her google account would have been gone forever.
I now disabled all the trusted device related settings. Sure it is less secure versus hackers, but getting completely locked out isn't a great prospect either.
> Have you actually tried connecting a new phone to your google account without access to any old "burned down" device?
Yes
> My mother's phone got stolen and I had a lot of trouble trying to get into here Google account for her
The first time, my phone bricked itself (you get what you pay for. Don't buy $30 smartphones). I have 2fa. I use both Authy (syncing) and WinAuth (local, with encrypted backups) to manage my secrets. Entering the code is enough to sign in.
The second time, I was moving from an old phone to a new phone; I turned off the old phone to remove the SD card before turning on the new one, and it worked fine without turning on the old one until after signing into accounts, when I needed to transfer data for some FOSS apps (termux, Fdroid, etc).
I am also self-hosting using the excellent yunohost.org it allows me to painlessly maintain my email and nextcloud instance.
To solve the issue you mentioned (disaster recovery), I am using rsync.net borg service.
Another 'trick' I do which considerably help is to use my gandi.net free email accounts as secondary MX and relay for my emails:
- I bought my domain through gandi, I get 5 free emails account
- I put gandi mail as secondary mx and I mirror the important email account as gandi mail accounts. For example, if my email is abc@example.com, I create a gandi mail account for this address
- I run fetchmail on my server to fetch mails from gandi
- I setup a specific email account for relay (eg. postmaster@example.com), and I configure my postfix to relay emails through gandi using this account
That way, if my server is unreachable, all emails are delivered to gandi and I can access them through gandi webmail. When everything works fine, most emails (99+% in my experience) go through the primary MX (my server). In case some are delivered to gandi or when my server is back up, fetchmail will just get them back locally.
This 'trick' helped me in numerous occasions, esp. when moving from a location to another, but it should also helped in case my house burns down.
The relay part alleviates most delivery issues: I used to have a lot of rejection (ISP MX rejecting residential IPs) or spam classification (gmail I hate you). I no longer does.
Let me explain what happens when you buy a new smartphone (or use a new, cookie-less, browser profile) and connect it to Google because your old phone doesn't work anymore:
- Google detects the new phone as a suspicious device and locks your account until you can authenticate using your old phone.
- You can't authenticate using your old phone because it doesn't work anymore.
- You lose all your Google-connected data.
You don't need a house fire to fall victim to Google; merely dropping your phone will be more than enough.
tbh not all people can run their own infrastructure (let alone manage/maintain it). I'm not sure about you but most non-techie people I know rely on online services to keep their data safe. some (maybe) have a USB drive to keep a copy.
talking about the setup I'm a bit more flexible in some regards to save bandwidth
Cloud/data storage/services
XCP-NG + NextCloud + 3TB NAS (24/7) -local
mail server+ Dynamic DNS on VPS (for mail - local sync)-online
a few small VM's for various services-local
Archiving/Backup:
40TB archive NAS for daily backups of all stuff that I keep online+offline including phones,tablets, etc
Video/Audio content:
local private copies + shared though youtube (as alternatives for content blocked on youtube I use RuTube or Youku)
Edit: Forgot about the off-site backup (different country 40TB NAS as offsite mirror)
I noticed a lots of people are doing this after they got a NAS. I think there is a business opportunity: NAS vendors can turn their NAS service to a platform that allows it's users to rent "apps" from the platform by paying a small amount of money every month or year. Most of the money goes to the app developers to support their development. When the developer updates the app, the NAS will then automatically download and apply the update.
There is no vendor lock-in as long as the user has the root control of the NAS device (Or at least get their data out of the machine). If the user decided to switch to another NAS vendor, they can simply migrate the data to the new machine.
> I hope you dont also own some google router or even better, "home security" device. This would make it a real pain. I am explaining this to people since the birth of gmail, but no one listens.
> Let me think for a moment, what would happen if google does this to me...
> {lots of stuff that is impossible for the average person}
If you're making the same comments to those who "don't listen" then I can see why. Honestly this comes off more as a gloat post than pragmatic suggestions. And this is coming from someone who used to run all of the above.
The problem is, hosting your own email is actually really hard. Not only much harder to set up than it should be Particularly so considering how old the technology is -- you'd think there would be a GitLab-like solution that is a single package for all the components but no, the end user is left working out what MTA to select, then there is choices between the DB backend, user authentication, POP3 vs IMAP, and possible a web server and web site code itself (if you want web mail as well as POP / IMAP). And that's before you get as far as SSL, login attacks (eg fail2ban), spam protection, setting up your DNS records in the exact combination to protect yourself from being identified as spam and then finally creating your user accounts. And even after all of that, you're still likely to find that Google and Microsoft just assume you to be spam because you're not running on a known trusted service. It's ridiculously hard to get right and that's before you've concerned yourself with the weekly upkeep (security updates, application updates, back ups, etc). There's a reason a great many skilled sysadmins -- including myself -- have given up bothering to run their own mail server. It's easier to trust $COMPANY and make regular backups in case of emergency than it is to run the process in reverse.
...and that's just email. Running your own cloud is also problematic -- not as difficult as email but it is still a considerable hassle and still out of the question for the average Joe.
About the first part of your post, actually there is a single package for all the components: mailu does that in the form of a set of docker images. I've also heard about iRedMail but I don't know it. For the rest of your comment you're right, after launching mailu you still have to configure the DNS and deal with some providers still thinking you're a spammer. But at least you can avoid the painful traditional setup which requires to install multiple pieces of software and configure them to make them talk each other, and mailu also helps you with DNS by telling you which value you should put to have dkim working (and maybe also something else that I'm not recalling right now). Personally the problem that stopped me from having my own mail server was the difficulty to have a reverse PTR record configured for your vps. I was trying to get it with an Oracle Cloud server, but after a rather time consuming process of trying to gather information about this, I found out that Oracle didn't offer the option to have a reverse PTR record.
"The problem is, hosting your own email is actually really hard. Not only much harder to set up than it should be... "
This is the very crux of the problem. We need newer protocols so this is dead easy for anyone to do but I don't see it happening anytime soon. As Google and other Big Tech are on internet standards bodies they'd almost certainty oppose it as a more distributed internet would be bad if not ultimately devastating for their businesses.
Unfortunately, we naively let the Trojan horse into the internet years ago now we're paying a terrible penalty for our foolhardiness.
I'm in the process of Degoogling my life so I have installed GrapheneOS on my phone and use FDroid as an app store.
It works but I have the impression of living in the dark ages:
- I had to ask my contacts to install Signal on their phones, some just didn't follow up (we were having long conversations on WhatsApp the week before), some don't even see my messages. I receive much less messages than before, I'm left out of the cool conversations happening in WhatsApp groups).
- I thought Google's keyboard could use some improvements, but the AOSP one is much worse.
- I can't use my banking app, and their mobile web app doesn't work with KeepassDX so I have to manually enter my account infos each time.
- notifications are hit and miss. The reminder app that I found on FDroid didn't fire a reminder this morning. I had to get another Clock app, the AOSP one insisted to make an audible notification 1.5h before any alarm (it was silent on Google's).
- email clients: FairEmail is good but lacks ergonomy.K-9 mail is a joke. (I like to separate my email accounts in separate clients).
- the icons are ugly and I didn't find any way to change them.
All in all I'm not exactly living the dream right now. I don't use social medias (except YouTube on my desktop where I can block ads) I think I would have a much harder time if I had to use web apps to connect to social medias.
This is the issue with this giants, say you get banned because something weird happened on your console now your entire life is destroyed. I own a PlayStation and I am concerned that if my kid does something stupid I will lose access to all the games now imagine if you ownede a Google or Microsoft console , you could lose not only the games but access to everything else.
Any usable suggestions on (1) what to do to get out of a Gmail account with many years of history unscathed and (2) how to prepare for disaster with an Android phone?
1. There are several alternatives, but usually not free. One example is protonmail, that I use with a custom domain so I can still switch provider without having to get everyone to change the address they use to contact me.
- You can import your emails, but it might not be realistic to import all your history. It's going to take ages and fill up your new account quota. So what I did is first do a cleanup of my gmail history (remove things like mailing lists, promotion emails, etc) then export only the last year. I can still log to gmail if I need to access an older email.
- You can't expect everyone who has your old gmail address to know your new email address, so you need to accept to live with a forward from gmail potentially forever
- Most services will let you change your login email address, some won't. In this case you can either create a new account or accept to keep the gmail account as login.
"You can't expect everyone who has your old gmail address to know your new email address, so you need to accept to live with a forward from gmail potentially forever"
You wouldn't if there were an international telephone-like directory. We seem to have forgotten that this was the actual function of old fashioned paper based telephone books.
As I see it, it's imperative that something like this be established as it's the first step in unshackling ourselves from being permanently locked in to Big Tech. Similarly, we need portable email addresses and
portable IDs that we can use anywhere and with any service. As this HN news story illustrates, we need these more than ever and we need them soon.
These won't be easy to implement as Big Tech will oppose them every inch of the way. For starters, we'd need legislation that would enforce Big Tech to compulsorily use these IDs. As Big Tech is in the pocket of governments, this won't be easy.
Thank you! I'm aware most alternatives are paid, also aware that I'm paying Google in other ways for their free service. I became honestly a bit vary about any provider - including ProtonMail - but I guess I can only choose from what is being offered :)
> He received a response the next day: Google had determined he had broken their terms of service, though they didn't explain exactly what had happened, and his account wouldn't be reinstated.
This is such a shitty behaviour, it makes me angry. I hope he'll follow up with a court case.
If you need to migrate out of Google Apps or for that matter from any IMAP server I highly recommend IMAPSync.
It has a number of features built in when having to go in/out of Google.
All of the advice after fact would not help a person who actually lost his account. Nor if you are among 99.9 % of population who don’t know how to setup your own mailserver etc. Lots of advice here seems like victim blaming. If you have lost your google account then somehow it’s your fault. For me it seems a nightmare if it does happen to me as well. Can we discuss solutions that can help general public in these situations.
It's not victim blaming to recommend that people who know how ought to switch to more self-managed solutions, but I agree with you that doing so is not an option for the vast majority of people. I've always promoted the idea that anti-monopoly laws should be upgraded to be especially sensitive to network effects, now that so much of the economy is becoming networked. The bigger a tech company gets, the less power they should have to decide whose account gets suspended, what you can say, what videos you can show, etc.
"We're a private company" is no defense against traditional anti-monopoly enforcement. New powers that make Big Tech so big should be explicitly added to the dangers anti-monopoly regulation was created to defend against.
If Google wants to lure you in, they should end up being as stuck with you as you are with them.
Even if you don't know how to setup your own mailserver, you can still decide to pay for your email (protonmail, fastmail, etc.) to have it managed by a smaller company who makes money directly from their users hence have an incentive to treat them well.
Also not putting all your eggs in one bag is a good idea.
The real problem is that most users don't understand why they should pay for a service that Google provides them for free.
It seems more like a reminder that watch-out - it may happen to you too. I use personal domain that I prepay for 5 years in advance. I recently started using gmail account more and more, but this is another reminder that I may lose access to important business emails if I continue to rely on Google.
This is genuinely scary. Photos, Yale locks, Fi, WiFi and Nest thermostat can all be poof gone because I made a silly YouTube comment? How is this not regulated?
Google photos also 'helpfully' offers to delete your uploaded photos with 'some guarantee'!!!
If this isn't an indication of a giant shitty monopoly that doesn't care about its customers at all, I don't what is.
They have some AI ML fucking crap but can't figure basic user trust because that won't get anyone promoted nor grow some Director-level person's headcount.
Large promo-manufacturing teams that casually handle all your data. Pray to God that some L4 didn't get promoted doing some impactful work because they sure ain't gonna do maintenance work protecting your shit. Their motivations are not users, product nor team: manipulate some metrics to get promoted and move out. Horrible.
I'm trying to not make this sound harsh; but you really don't need a government regulator to tell you that centralising all your data with Google, who are providing largely free services, is risky.
It is like building a house on the edge of a cliff then falling off the cliff one day. It was always a real possibility. Being locked out of your stuff is quite a likely end of the story with Google.
If Google only locked you out of the functionality you seem to have violated somehow, it would still be a viable strategy to use their services.
Imagine losing the ability to comment or upload videos on YouTube because you wrote something offensive or published a video with copyrighted materials.
Potentially bad for YouTube creators, but definitely not dangerous for normal users which also use other services.
Reports like this were the reason why I removed almost all Google services from my life a few years ago, but I wouldn't have done it if the bans had been granular.
That's not theft in the least. They kept the data that you gave them while using their service. Should banks throw out records for people who close accounts?
At some point companies are large enough that not having an account is an handicap. IIRC, the supreme court of Canada mentioned in a ruling that Facebook terms are unenforceable because they can't be negotiated and because not having an account in too consequential. In essence, it's not a agreement you freely enter in. It was about forced arbitration.
My point is there are limits that what private companies can do. Stretching the boundaries like that is sure to cause a strong regulatory reaction at some point.
When you have governments using Google logins or schools communicating with parents via Facebook groups, or state broadcasters reporting on Twitter as news, then the line between private company and public utility has been crossed.
Global bans "seem" to be new. I've read many stories of shell scripts randomly permanently banning android developers for life from their platform, but those stories always involved being banned from the play console and so forth, not being banned from search / maps / gmail / youtube / etc.
It seems to be news that if you tell people in public youtube comments that you vote for Trump, or whatever it is they're enforcing today, google will fight back by disabling your thermostat or whatever.
Google+ banned accounts globally if they discovered a fake name. Fun way to roll out a facebook killer. Kind of killed Google+ but that's a story for another day.
I used to work at Google on stuff related to account bans.
Global bans are not new. They were standard a decade ago. The reason is due to the structure of the various spam/abuse industries that plague any service that allows user generated content. What happens is this:
1. Accounts get harder to create as signup security improves
2. Black/grey-market account sellers come in and start creating accounts that get bought by spammers/fraudsters.
3. Spammer/fraudster abuses an account on service X, it gets locked for service X. They sell the accounts _back_ to the seller, who then resells the account once again with a note that it can't be used for YouTube or whatever.
4. Different spammer/fraudster buys the account, abuses it on a different service, goto step 3.
Their systems have some notion of why accounts were suspended or blocked, and the tech does support individual service level blocks. But they weren't used much back then because the pattern of a user being bad on one service and then being bad on every other service was too strong.
The problem of false positives was well known a long time ago, and the noise:FP rate is very good - if a script accidentally disabled good users with even quite low volume the people in question would be on Twitter or HN within hours making articles like this one, which did get noticed. So false account blocks were pretty rare.
Back then and still now, I think Google need to make it easier to handle this situation. Strong end-user support in these situations is hard because genuine fraudsters will happily file support tickets and socially engineer support to get their accounts back - I even witnessed auto-generated pleas to support once. They were quite convincing individually, only when you saw a few thousand of them with re-arranged sentences all begging for help with identical language was it clear they were spam. However they could still make it a lot easier, and in particular, could improve Google Takeout to be easier to use (e.g. automatically uploading the backups to various non-Google services).
> Back then and still now, I think Google need to make it easier to handle this situation. Strong end-user support in these situations is hard because genuine fraudsters will happily file support tickets and socially engineer support to get their accounts back - I even witnessed auto-generated pleas to support once.
How much are accounts currently worth on the market? It seems that making the recovery procedure more expensive than the worth of the account should resolve that issue. At the same time legitimate users are probably willing to invest some money in order to recover their account.
For example offer a $20 option to send a registered letter to an address provided by the user. Then Google can check if: 1) The name on the credit card matches the name on the account, 2) a given address hasn't been used too often, 3) the identity check done by the postal service (checking if the recipient actually has a given name) succeeded.
This won't be a perfect solution and there are definitely edge cases for which it won't work (in countries without registered mail, if someone doesn't have a credit card, etc.). But it should be able to cover the majority of cases where legitimate accounts have been locked.
Most users don't have a credit card - they're not all in the USA. A big chunk don't even have bank accounts at all.
However that's basically what phone verification does. In case of suspicion someone has to provide their mobile phone number. It's texted with a code and a counter increased. The same number can't be used over and over. Unlike credit cards, the assumption of universal mobile phone access (amongst people who have internet access) is very strong. It works very well. In this case, the account was shut down without this being possible, which is only used normally for very clear cut cases. Don't assume the full story is public.
Then what you do is set up some sort of monetary charge, to verify that the person you are dealing with is real. Someone willing to pay for support is highly likely to be an actual customer, not a fraudster; and you can even have their local bank or notary to verify their identity, if you are worried about identity theft.
This is a problem that is largely solved at government scale, which is what Google is now, and there's no reason not to take advantage of existing infrastructure to do so.
The vast majority of Google accounts have no real identity associated with them. Also, this doesn't help if an account was NOT a false positive. You're assuming this guy is truly innocent of all problems, but from past experience, unfortunately I can say that sometimes when obviously non-spammy accounts go poof overnight and nobody is willing to explain why, it's because it's related to a criminal investigation.
I'm confused. The goal of my proposal was that someone who was wrongly flagged (a false positive) could identify themselves as such by being willing to put up a (cash) bounty, or identify themselves with a financial/government institution that is set to handle such things at scale. Someone who is committing fraud, or trying to steal anonymously, or is involved in other criminal activities, is extremely unlikely to do such things. Legitimate people, however would have a route out of this kafkaesque maze. That system could even be automated, and it would work better than what's going on now. At a certain point, some problems just cannot be solved with just code.
Why are accounts suspected of TOS violations not simply put into read-only mode instead of shutting out users completely? If the identity/authorisation of the user is not in doubt it makes zero sense to not let people download their data before closing the account.
This simple change would fix all the consumer related horror stories with zero cost to Google. In fact it would become cheaper for Google because people would stop pleading with them.
Also, why is there no one-off paid support option that covers the cost of a human checking evidence and is expensive enough to deter mass abuse by fraudsters? Why is there no option to provide a photo ID upfront so that there is always a last resort to check whether a user is who they say they are?
A lot of abuse is things like posted comments. The locks are retroactive and "account disabled" is a signal to each service to hide content generated by that user.
Read only mode would make sense for content that's truly private, or which can be made private. Nothing stops them allowing Google Takeout for disabled accounts, heck maybe they do these days.
Paid support:
1. the optics of false positives being held to ransom to get their account back is terrible. Giving the money back isn't always easy (credit cards support this sometimes but many users don't have them). And this is made worse by:
2. many accounts aren't easily verifiable. People imagine that every Google/FB user puts their entire life on these accounts. A very small number do. For those, expensive ad-hoc processes could maybe increase the account verification rate by a little bit. But most accounts that get disabled are accounts with fake names, that use exclusively one service, etc. It's extraordinarily difficult to come up with reliable ways to verify the identity of the holder of accounts that required no identity to sign up.
Why should a customer be punished for buying products that are not banned by the government and for tripping up on an invisible tripwire within said product?
If there were a definition for "set up to fail" it would be that customer... Or are we to assume google is a potentially hostile force, whenever it feels like being one.
We used to ban the sales of products that harmed customers.
What do you expect your average person to do? Set up their own mail provider?
A tiny number of companies set out to have an unbreakable joint monopoly over the Internet, and succeeded. Now you're blaming the average person for this - like the average person has the skills or the time to do anything about it.
You need a government regulator to stop large companies from buying up lots of small companies and adding them to this risk pool.
I bought 3 Nest thermostats long before Google bought them. I wouldn’t have done so after the buyout.
If google bricks my thermostats because my kid does something dumb on YouTube (through the linked tv accounts) that will suck.
I suppose regulators could also prevent companies from bundling lockouts in that shutting down gmail for YouTube problems. Or shutting down Nest for gmail problems, etc.
The phone company can’t just randomly cut off service and ghost me. Regulators are the reason for that, as I’m sure they’d love to if they could.
>The phone company can’t just randomly cut off service and ghost me. Regulators are the reason for that, as I’m sure they’d love to if they could.
If you're paying your bill, why would they care?
Regulation is part of the answer, but it's also part of the problem. If a YouTube comment wasn't at risk of "being mean" or breaking arbitrary rules (pushed by regulators, Google isn't doing it on their own), you couldn't be locked out. Corporations don't gain by cancelling their customers.
There are a lot of stories of people paying for Google Services getting locked out too.
Personal experience, once I created an Adword ad using one of the image that Google Ad creator had suggested. It was nothing, just a woman in bikini. It was approved and then rejected with warning that I violated their guidelines. I wanted protest but thought probably not worth it. This could have perma banned me from Google, I stopped using AdWords.
Do you think Google really cares about this, or do they get pressure from "outside" forces to impose such rules?
I seriously doubt Google cares one wink about people posting bikini photos. These rules exist because activists put pressure on the company to enforce such rules, for better or worse.
> Corporations don't gain by cancelling their customers.
Sure they do. If a certain customer's behaviour is alienating or obstructing other customers, then that customer gets cancelled, because they are having a negative impact (on the business - not the users!) that is larger than the benefit they provide.
That's a net positive result.
Ignoring your whole concept of "mean", it is 100% up to the company to decide what the negative behaviour is, which is part of the problem.
Sure some of it might be "mean behaviour" and so we look at it as Google doing a good thing perhaps.
But what if you went around Google's services and informed people of better alternatives to their services, and you started to actual gain traction and cause people to stop using Google?
There's nothing mean about that, in fact you're providing a good service to those people. But in Google's eyes your actions are negative, and they could just cancel your account at their discretion because they don't like what you're saying.
That is the kind of thing that regulation protects from, when dealing with essential services - and I think there's a stronger and stronger case to be made that these large providers are in fact essential services.
p.s. Devil's advocate: the theoretical actions I described above (recommending alternatives) could so easily cross the line into spam. But who decides where that line is, if Google was to be regulated?
I was specifically addressing the other rather broad statement that I actually quoted.
To address your point too though, there are definitely customers that the phone company is required to serve that they would rather not serve, because the costs are higher than the revenue.
Remote rural customers, customers who need accessibility-related support, certain outdated services that people are grandfathered into and don't want to cancel, etc...
And again that's where regulation protects the customer from the corporation that doesn't care about the customer's needs, unless they align with their own needs or are forced to via regulation.
The blurring of and overlap/cooperation between corporation and gov't also shifts incentives. For example, you can skirt fiduciary responsibility by appealing to regulation.
Nest sold you a poorly designed product. If they had sold you something that could be plugged into any network then you could reuse it. From the start the product had a big fault google buying it just highlights that design flaw.
For the record, there have been cases of companies (IIRC Cisco wifi routers) that attempted to do this retroactively - pushing a firmware update that "helpfully" made the hardware cloud managed only.
So indeed, buying open API stuff only is a good start, unfortunately one still needs to be vigilant.
> but you really don't need a government regulator to tell you that centralising all your data with Google, who are providing largely free services, is risky.
>You need a government regulator to stop large companies from buying up lots of small companies and adding them to this risk pool.
These two statements are not even close to arguing the same thing.
The previous commenter is saying that it's common sense that "centralizing all your data with Google" may not be a great idea, especially if you don't have any backup of that data and keep all of it in Google.
They are being downvoted, wrongly, by people who knee-jerk about the "don't need a government regulator" bit. But they only used that phrase as a kind illustration of the common sense that people should have about not having a backup of their data.
Yes, Google does need some government regulation. And yes, people shouldn't need a government regulator to tell them not to keep all their data in the cloud without any local backup at all.
The people on HN with ability to downvote are some the biggest assholes on the internet. Seriously worse than reddit. I guess I shouldn't be surprised.
Google is huge and they run a vast portion of the internet now. If they were to suddenly decide that all FastMail accounts should go to spam tomorrow, any users of FastMail would be SoL—they would be unable to communicate with a huge majority of the internet.
They could decide to randomly throw every 5th email that is not a gmail into spam and blame it on other providers having low reliability. Make it random enough to gently encourage you to get a gmail account again.
These are extreme examples, but Google could easily do these kinds of things and there is nothing any of us could do whether we use Gmail or not; it will affect us because they control so much.
> That would backfire spectacularly, and would probably kill gmail.
How would that kill gmail? It's not like they're going to lose any real part of their user base. Short of a press release from google confirming the behavior, the average user is not going to go through the hassle of finding a replacement provider and then changing every email address associated with every service they use (if it's even possible for the service) all for some nebulous and impossible-to-confirm conspiracy theory put forth by tech experts and security experts that don't get listened to even when there is proof. And it's not like other companies and services would take a stand by ceasing to offer service to customers with gmail accounts- that's an incredible way to lose a vast portion of your customer base.
I wish it weren't this way, but I just can't see that bringing down gmail. Especially not when every google service requires a gmail account- probably the same one most people have had for years.
A ton of online services, customer support services, government services, airlines, etc. etc. use e-mail but don't use gmail to send it.
They can't afford to let 20% of that go to spam without a backlash. And if they kept doing it despite the backlash, who knows what would have happened to gmail.
Lose a few thousand dollars or an entire vacation by google regularly blackholing messages from important and expensive services like airlines, when they send you email telling you your flight departure was changed, and you'll be looking for a better email service in no time.
Now imagine this happens to 1/5 of the customers of said airline, just because of google's 1/5 non-google mail go to spam policy. It would be a scandal.
Fear of leaks to the press from insiders discourage ideas that would leave a document trail -- plausible deniability is required. More likely then would be ever-tightening, subtly biased, anti-spam criteria.
If you are a “customer”. How many people pay for google services? I know it’s kind of jerky but I still agree that if you aren’t paying for the service, you have no leg to complain about it.
The thing is - google makes more per user than users are willing to pay for google services. Also, their totaling vertical integration makes things hard to disentangle. If Google were to introduce paying subscription tomorrow (just shooting, 60 USD per month), what what I would be paying? Youtube? Search? Everything? What if I were willing to drop youtube and just pay for search?
We do not pay for a home address, and yet people can still reach us there. Email is just as important as physical mail -- the problem is that the economic model changed. This means there is no incentive to maintain service, even though (in my mind) in the modern era an email address is possibly more important to a person for day-to-day communication.
I mean we do not pay the USPS or FedEx or UPS, etc. to agree to send mail to our address. I was making a comparison between mail and email services. Hopefully this clarifies what I meant.
Still makes no sense. We do not pay mail-providers for the address alone, but mainly for running the servers which deliver and store the mails. Which is the same for which USPS/Fedex/UPS/etc. are paid for.
You want a mail-address? Grab your own domain (thus pay "tax"), put a server there (build a "house") and you are there. Getting an address, be it physical or digital never comes for free, and there is not human right for having one.
Alright, then I take back what I said in my parent comment about how "we don't pay for a home address". I'll concede that we do pay for a home address.
However, that doesn't change the fact that the economic model has changed when it comes to email. We no longer pay with money, but we pay in other ways when we use Google. So it's actually worse than with mail, because there used to be a clear exchange of goods but it is now obfuscated. And thus, there is nothing mandating good service, which is why people can be randomly banned from using it.
More than enough ,Please check average revenue per user figurs of Google at such a large scale. They are one of the most profitable companies. We are paying by our data, actual money using value added services (google one etc.) It is very bad to say that we have no leg to complain.
People pay with their data. It suits Google very well. If they were able to make billions, lest they could do is to have a proper customer service. I see them now as a company exploiting their customers in every way possible and then giving them a middle finger if there is any problem they experience.
It should not be legal to respond to customer issues with bots or people not trained to deal with specific requests. If this means customers would have to pay extra, I am fine with that.
Also, there is no comprehensive opt-out. I cannot tell their ad networks to stop tracking all the devices I own.
(They have a page for stopping tracking of things I use my Google account for. That doesn’t count: They track me even when I am not logged into Google, and even on devices that cannot log into Google.)
Also, I can’t delete my gmail accounts. They were issued by third parties that decided to outsource email to Google.
There is nothing consensual about my use of Google services. I shouldn’t be bound by their EULA. I’m sure the courts would disagree.
Google isn't doing this out of the goodness of their heart. They're expecting to make money off of every signup in some way. Directly or indirectly. If they want to continue their dominant status, then they should be responsive in some way to their users.
Sure, they have the right to cut off users any time they like. But it's ultimately self-destructive. Once trust is lost, it's difficult to regain it. I've moved away from my Google dependencies as much as I can, and have urged friends and family to do so as well. I'm only influential with around two dozen people, but once you start multiplying people like me by the millions, then Google has a problem.
And I'd argue it's at least a little immoral. Their services, especially Gmail, were set up in a way to make users highly dependent upon them. Google wanted that dependency for their path to near-monopoly status. To suddenly cut them off without the option of support or a clean exit creates real world chaos as the users try to pick up the pieces. Your email address might not be used much socially these days, but it's crucial for business contacts. For logins and customer interactions. The loss of it can cause serious damage. Google may not be legally responsible for the damage caused by a user's loss of their free services, but they're arguably morally responsible. Maybe they should pop up a warning to everyone using Gmail: "Don't rely on us. We're not going to do anything to help you if you can't use it one day."
Or more precisely: Why do you think any outsider could understand Google's rational?
History is littered with the corpses of successful companies that lost their way.
Today's Google reminds me of General Motors. Utterly dominant, untouchable. But needed to keep making more money. So they bring auto loan financing in house, GMAC. Woot, more money. But they forgot how to make money making cars. So upstarts ate their lunch.
It's a rough analog. Maybe IBM is closer.
The point is Google's rolling in cash despite their antipathy towards their end users (note that I did not say "customers"). Which will continue to be fine, until it isn't. And then it'll be too late.
Everyone pays with their data and the ads they and others are seeing. Just because you pay no cash, does not mean ther is no payment at all.
Addtionally, it's used to be quite hard to even pay in cash for googles services. Though, this changde in the last years, as there is now youtube premium and google one. But still not possible for all their services.
Why should people have to pay money for a product to expect fair treatment? Is an exchange of services without money not subject to rules and regulations? Google chooses not to charge people because they've found it more beneficial to offer many of them for free. It's a model many tech companies have followed to great success. That doesn't mean they should have free reign to do whatever they please.
> Is an exchange of services without money not subject to rules and regulations?
A contract without consideration is not a valid contract. There are a few laws in some places that require companies to provide service outside of a contractual service agreement, but those are typically limited to public utilities, emergency services, etc.
GP said without money, not without consideration. Google derives a great deal of value by having your attention and data in its various products. The fact that users exchange attention and data rather than dollars doesn't give Google the right to stomp all over them.
I got gmail accounts for my kids after they were born. My youngest, 12, attempted to sign in from a Windows PC in our house and was told that they could not verify that it was her.
Keep in mind, this is the same public IP address that we've had for ages. I am the recovery contact for the account since she is a minor, and have filled out the forms several times now, even giving the exact date and the "verification code" from when the account was created. We are now stuck in an endless loop.
She can still access her account from a macbook and from a linux desktop, but I fear once she is signed out that she will be locked out forever.
All of my important stuff (finance, etc) is in protonmail now, and I'm happy that I made that move.
I love protonmail! I made the switch a couple years back and haven't looked back, with one exception- my city's utilities company blacklists protonmail, so in the handful of times I've emailed them (specifically there were three times they've shut off my water because someone with a very similar looking address didn't pay their bill) with proof of something-or-other, it supposedly doesn't make it to their communal or "personal" inboxes. This is the only time I've had this kind of problem though- protonmail has served me well.
> with one exception- my city's utilities company blacklists protonmail
Why do they do this? Did you contact them about it? I would say it seems, at face value, that your city's utilities company did not serve you while Protonmail did.
> that your city's utilities company did not serve you while Protonmail did.
That's fair- that's a better way of saying it. Every time I've had to email them (which admittedly has only been a handful of times) with proof of something, I always end up calling them up and they'll say "but protonmail isn't on the blacklist that IT posted, so you're lying or you sent it to the wrong place," then I'll send screenshots from a different email provider proving that I sent the protonmail email(s) to the right place, then they'll say "oh, I promise to talk to IT to get this straightened out."
There are a few things that protonmail is not good at, but I guess I've learned to live with them.
1. You can't search message content. gmail is very good at this, so I've had to become more organized to make sure that I can find a particular message in protonmail.
2. Notifications on mobile do not clear if I've read the message on another device. I have to open up the app and sync to stop them from popping up with outdated information.
3. I wish that there was a way to mark a message as archived and read from the mobile notification.
all these issues sound more like client issues than protonmail service issues. why not just use a different email client to connect to protonmail, such as Spark?
If they’re incorrectly shutting off your water, read up on your legal rights, and then send a polite letter to their legal department and the local utility regulatory board.
Public utilities are highly regulated, and do not have the right to interrupt your service.
The only issue I've ever encountered with Protonmail was Digital Ocean. For some reason receiving a password reset email through Protonmail took forever. I thought I'd entered my email incorrectly, but nope. Eventually came through, but from what I could find, it was a known problem.
Of course not -- Family Link was introduced in 2017 and this account was created in 2008. I don't remember the specifics, but I do recall having to provide my information since she was under 13.
edit: Family Link is also for android devices and chromebooks. She doesn't have a phone / android device or a chomebook.
I did sign mine up using fake birthdates well over ten years ago, my children are 13 and 16 now.
Long story but fairly serious legal issues issues with their mother making false claims of care/activities etc and needed things like calander and location tracking services and this was just by far the easies way at the time. For safety reasons I put a forward to my gmail of all their incoming emails, once again best known option at the time.
I sense a problem possibly looming, but not seeing that coming clean and engaging with Google likely to be a happy experience.
Anyone got any advice, other than abandon current accounts?
God, the dreaded endless loops. I've had it in Music, Play and several others. More fun is when a human enters the "loop." Yes, I've cleared cache and cookies, yes I've rebooted. In fact, with Music I'd even bought a new computer in the meanwhile, since the loop happened for literally years.
The only thing worse than hanging your identity on @gmail.com is @comcast and the like.
If you can, your own domain backed by a fastmail or a proton is the sweet spot of easy and flexible, or at least an @fastmail, @proton or similar. With payment comes the possibility of human support, which I have received easily from fastmail.
I have my email going to my own domain, but can’t figure out how to ground it out in anything other than someone else’s tld.
So, now I’m in a situation where, if my gmail account gets banned, and the DNS provider decides to reset my password, then I’m permanently locked out of everything. I could point my DNS provider at my “real” email address, but that’s even worse, since needing to update the MX record could lock me out.
Does anyone have any creative solutions to this problem?
> I have my email going to my own domain, but can’t figure out how to ground it out in anything other than someone else’s tld.
What do you mean "ground it out"?
As a consumer, I suspect hosting a "holding" domain, and possibly email, with AWS Route53 DNS might be a sensible approach that wouldn't break the bank. AWS has policies on account and password recovery that even include a notarised affidavit.
It might help to further separate your AWS account from the Amazon account you use to shop with, since there's a chance Amazon might be trigger-happy with banning if you violate one of their shopping policies with too many returns.
> As a consumer, I suspect hosting a "holding" domain, and possibly email, with AWS Route53 DNS might be a sensible approach that wouldn't break the bank.
This is what I do.
Totally isolated AWS account that owns `my-account-recovery.com` in my country-code TLD (because I have legal rights and strong and easy access to appeals processes with that, so unlikely the domain could be wrestled from me and likely I could eventually regain ownership if lost).
I use Amazon SES for incoming email to simply drop all incoming messages as objects in a S3 bucket.
I have SNS notifications going out to my regular operational email whenever a new message comes in with the metadata (sender, subject, etc but not the body as that could contain actual reset/account recovery links) so I can keep an eye on what's coming in.
Haven't looked at my bills lately, but including domain renewal and stuff this is maybe $100/yr to establish this as a root of trust/access. Even if other accounts are breached/suspended/etc, I will still have access to this account and can recover my way down from there.
I'm putting all my eggs into the AWS basket here, but I've had a good experience with them in the past and I really can't find any examples of people being locked out of their accounts in the same way I can with Google. And I know from experience that it's not impossible to get in contact with a real live person when it's required to resolve an issue.
Shouldn't you still be able to prove your identity to your DNS provider through your name, address, birth date, security questions, past correspondence, bank statements etc.?
I would probably recommend two things: 1. Move away from Gmail as soon as possible, to a service like Fastmail or Proton Mail; 2. Have an email from that provider as the “last resort”, i.e. hedora@fastmail.com, while using your domain name based emails for most other things.
This doesn’t solve the “everything is in one basket” issue, but you don’t hear stories of these email providers just “closing” an account and causing immense trouble for the person, at least in part because they have actual support.
Without going to the step of moving photos, mail, contacts, etc. off of Google services. Are there automated tools available to periodically export that data?
You can use the "download your data" feature of Google to download a copy. However you have to manually trigger the export. Also no incremental download so it can be a lot of data being transferred.
Unfortunately, you still need to manually download the data each time. There's no way to automate this. There's also no way I know of to directly upload a takeout zip to another service and continue. There's also a (generally long enough, except when you forget) time limit on downloads, as well as a download limit (have a crappy internet connection, and lost access to a file? Start a new takeout, wait for it to be available, and try again)
If takeouts could be configured to download automatically through Google drive, that would be amazing.
This raises a question. If you're well marinated in Google services, like me, what do you do? Is there a comprehensive, simple, and easy way to port everything?
Perhaps there's some authoritative site about what exactly you need to do?
I'm not sure there's an easy way to port everything (few services integrate across so many fields as seamlessly as Google does), but this Reddit post has a huge thread of alternatives to common Google services: https://www.reddit.com/r/degoogle/comments/g1yu01/google_alt...
For me, I've switched to DDG full-time for search and I'm veeery gradually swapping over to Protonmail for email (using Thunderbird as the client to ease the transition). Once email's over, I'll be able to rest a lot easier.
However, if you're a heavy Docs user, NextCloud is a Google-like suite with a few hosting options (self-hosted, third-party host, or enterprise).
You can export a lot of your content at takeout.google.com. Debundling these into other services is the main challenge, you have to shop around.
If nothing else you should set up your own email address, even if it is just a simple forward to your gmail. Google blocking access to your mailbox would be pretty bad, having control of your MX record gives you an out.
One key point is that you do not want a single all-encompassing alternative, at least one that is a remote corporate-run service, as this simply replicates the risk elsewhere.
The principle options are:
- Integrated replacement services. Don't do this.
- Multiple independent free services. At least you've diversified risk. Mind that these may (and likely will) consolidate with time. Skype, WebMeeting, Instagram, YouTube, GitHub, and Blogger were once freestanding companies. They no longer are.
- Self-hosted solutions. NextCloud, FreedomBox, etc., or DIY service bundles on your home, office, and/or a hosted service can avoid the problem entirely at least for highly stateful services (email, contacts, files, documents)
My two cents would be don't worry about a comprehensive degoogling plan. Just chip away at stuff until you feel like the risk level is acceptable to you.
For me, that started with email. Email is a root for a lot of your digital identity.
I can't guarantee access to @gmail addresses going forward, but I can at least _start_ fixing that problem. I picked up a new domain, hosted the email with someone else, and set all my other accounts to forward to it. I updated a few really critical things right away, but for the most part it's just as I go log into various accounts with the old email address, I update it.
I didn't really bother trying to migrate the email out of my gmail account. Instead I did a bulk download from Google Takeout so I know I _can_ access that old email if I really need to find something.
Six months or so in, the bulk of my identity is now tied to a domain that _I_ own, and email hosted with someone I can trust more than Google.
It's not perfect, but already the impact if Google were to suspend my account has dropped immensely.
Cutting Google completely is something you do on principle. Instead, just look at what the impact of losing access to various services would be and address those specifically. (E.g., losing drive? Switch to NextCloud if availability is a concern; or set up a regular Takeout download if data loss only is a concern but an interruption in availability is okay, etc)
I've never actually used it for editing documents, I just use it more as a Dropbox replacement for backing up / syncing files.
In that case, depending what your actual acceptable risk/goal is... continue using Google Docs and set up a regular backup? Your worst case is that Google Docs goes away tomorrow, and you still have all your data you just need to spend a bit of time restoring to a different account / setting up alternative software / etc and move forward from there. For most people I expect that's more than enough.
It doesn't need to be (and shouldn't be). Just use an email provider that respects you as a customer and don't put all your eggs into one corporate basket (especially not one that treats you as nothing more than data cattle). Horror stories like this one will, over time, educate people that this behavior pattern is dangerous.
IMO self-hosting is the ideal because that aligns responsibility with incentive (and it can be done extremely cheaply), but if not, there are paid email services that actually treat the user as a customer.
This victim-blaming needs to stop before the tech industry backlash hits. This is exactly why we need regulation. I swear, if "just go somewhere else" were good advice (and it's not), we wouldn't be having this conversation. How many years has it been, though, that Google and other consumer-ignorant companies have been able to get away with this, helped along by people who tell victims to just "go somewhere else"?
Normal people will only put up with this for so long. Either regulate it intelligently now, or expect actually scary regulation a decade or two from now.
There's nothing wrong with a law that says: "You cannot close a customer's account with no remediation, no recourse, and no explanation." What is Silicon Valley so afraid of there? How is that unreasonable?
> Normal people will only put up with this for so long.
Agreed. Then they will learn that Google is not to be trusted with email and move to a provider that is (sort of like how kids migrated away from Facebook when their parents showed up, even though Facebook remains a dominant brand). Disruption occurs when an incumbent is bad at something which the disruptor beats them at. In this case, there is an opportunity for an email provider to disrupt Google by providing actual customer service. Protonmail is already making waves in this space (in addition to the encryption).
The reason I'm anti-regulation is that every law is a headache waiting to happen (and one more barrier to entry) where to me -the- beauty of the internet is that there's almost no barrier to entry once you have an internet-capable device. The more we regulate the internet, the more difficult doing something as simple as running a personal discussion forum becomes. Regulation is, at its best, a necessary evil, to be avoided until no other solution has proven viable. And there are plenty of other solutions for this particular problem.
And to clarify, I'm anti-Silicon Valley (IMO venture capital's expectation of high returns is the direct cause of many of the "evils of tech"). But I do tend to agree with the anti-regulation stance. IMO the problems people want to solve with regulation (even including GDPR) are better solved by better tech and organizations that align their incentives with those of their users.
For real. If we don't do this ourselves, then the hammer is gonna come down much harsher and with much more reckless abandon in the future. It'll look closer to SOPA than anything reasonable. I don't want 80 year-old dinosaurs in Congress making these decisions 10-15 years from now because we couldn't get our shit together.
What do we expect to change between now and 10-15 years from now that will make regulation harsher? Assuming bad behavior from tech giants continues (and, crucially, continues to be publicized), I would assume by then a competitor will have come along to take the bad-behaver's business.
After all, 15 years ago we still thought Google was "not evil". A lot can change in that time.
I think it is reasonable to have the position that Google is big and powerful enough that it cannot and will not be regulated by, say, the US government. Or rather, that it has enough permanent influence such that any regulations will be watered down to be de-facto meaningless, or in most cases, strategically beneficial to Google themselves (substitute chosen megacorp here).
How do you change people's mindsets from 'free is good' to 'free is bad' though? They're not planning on being customers of Google.
>This victim-blaming needs to stop before the tech industry backlash hits. This is exactly why we need regulation.
Google will simply dilute the language of the regulation, to the point where they will simply add a "your account can be deleted at any time for any reason, proceed at your own risk" popup during sign-up, and people will happily hit continue/next.
Systemic reform can't exclusively happen top-down or bottom-up. There needs to be some of both. We need to stop giving Google free good-will on HN. Stop up-voting Google product launches, stop promoting Chrome, etc, etc.
Cue the "businesses can choose who they do business with!" and "if you don't like it, build your own!" people.
We signed up for many of those things individually and they've connected them more and more. Now we have a single point of failure that can take down everything across all your sytems.
And it's not just those. Don't forget about Google Voice, Android, and every service where you used "sign in with Google"
Business should be allowed to choose who they do business with, they already choose to do business with these people. The problem here is they want to unilaterally have the power to termination the business relationship
This is a problem with one sided none negotiable terms of service being considered valid contracts under the law
They should not be.
We need to change data ownership laws, and force companies to do vetting on Account Creation, and put in provisions on how accounts can be terminated once a company accepts a user owned data. i.e Accounts must have a human reviewed appeal process, with full and articulated reporting as to exactly which rules were violated, and exactly what activity was the violation. And have a View Only data Take-Out period
Exactly. This isn't so much an issue of "Companies have the right to do what they want (within reason)". It's a typical issue of monopolies and dealing with a large, faceless corporation. Anyone who's ever dealt with any corporation of any significant size can tell you similar stories to this.
One of the big problems is that if you have all of your eggs in one basket, there are much more chances to fuck up and get banned. If I post some shit on YouTube, that is unconnected to my Fastmail account. However, it is connected to my Gmail account. If I get Zucked from Facebook for posting dumb shit, and dependent on Messenger to communicate with people, I'm fucked. By diversifying your compartmentalise your risk.
Moved to Fastmail years ago, because my spider sensors were telling me for years that I need to fear companies where I can’t reach a human to resolve conflicts / problems. - They have an excellent Email service, calendar and contacts management. Most important: At fastmail I get a very quick response from a human who will always help me very quickly. Also I use my own domain name so that I can move my Emails to a new service provider whenever I want.
And while I was at it, I replaced Chrome with Firefox on my Mac and never looked back.
Finally I moved all my photos to iCloud, replaced my Android phone with an iPhone, got a paid account at Dropbox, started doing backups like there won‘t be cloud services tomorrow (Carbon Copy Cloner ftw!)
I have a google account, only for using Youtube (paid). And I like their search results. Even that is too much google for my taste.
Edit: Ahh, Gsuite. I migrated to office365 (microsoft). But I use it mostly offline (Word, Excel). Actually for legacy stuff. Because I started writing my documents with Emacs + Org and export to whatever format my recipient needs, doc, html, markdown (using pandoc extensively).
I had a bit of an argument with a good guy who just couldn't understand why I wasn't willing to put all our new company's documents on Google. I convinced him (grudgingly) to use a setup much like this (we ended up with Box instead of Dropbox because I got sick of Dropbox trying to grab all my data).
Seeing things from his perspective, I was amazed at how successful Google has been in convincing other businesses to take on Gmail, Google Docs, etc. When I think about the enterprise focus of Google, as well as the continuous rebranding, product EOLs, and crappy user interfaces, it's hard for me not to see Google as the new Microsoft. As a former Linux desktop user who lived through the whole MS antitrust thing, I find it absolutely bizarre that today, I'm much happier with Office 365 on the web, than I was with Google Docs.
I still worry about all my photos being in iCloud, but it seems like less of a risk since I'm a customer of Apple, rather than a product of Google.
It was a minor issue with Outlook.com web mail a few years ago. I contacted support, they asked to see the problem through remote access. My problem was escalated and fixed. Maybe their spam filter is not as good as Gmail, but customer support is another league.
"As a former Linux desktop user who lived through the whole MS antitrust thing, I find it absolutely bizarre that today, I'm much happier with Office 365 on the web, than I was with Google Docs."
Identially the same with me. Damn terrible turn up for the books, isn't it. It just illustrates how messy things have gotten and how we need to bring major change to the internet.
That said, for me Office 365 is a step too far. On Windows I still ocassionally use the 2003 version along with LibreOffice and the latter on all my Linux machines.
I always use cloud services as a secondary fallback in case of data backup. The more you entrust your operations to external agents, the more you are at risk when they fail to deliver. I hope to eventually shift away from their e-mail services too.
The absence of reason makes me wonder a lot of possibilities. Maybe google bans people who use ad-blockers, maybe they didn't explicitly set that way but some of their algorithms must have figured out these users should go. I know, it is extremely unlikely but we're free to come up with reasons if google doesn't give one. Don't sit there thinking it won't happen to you(I was like that up until recently), get a domain name and transfer all important accounts to it. And do a Google takeout.
I imagine a "social dilemma" scene with the little guys inside the computers:
> His actions over the past 15 years lead to a 76.9% chance that he will break our ToS. Furthermore,he has clicked only on 0.000001% of the ads. Terminating him now will increase the average profit per user by 0.00000000000000000291%.
My twitter account was banned in March without warning (the reason they provided was "due to multiple or severe violations of our platform manipulation rules). Frankly, I'm way too boring on the site for me to be guilty of this so I appealed 5 times over ~4 months.
I must have gotten through to a person eventually because I was unsuspended with the message:
> We’re writing to let you know that we've unsuspended your account. We’re sorry for the inconvenience and hope to see you back on Twitter soon.
> A little background: we have systems that find and remove multiple automated spam accounts in bulk, and yours was flagged as spam by mistake. Please note that it may take an hour or so for your follower and following numbers to return to normal.
Well, only if you set aside the cost of the education you went through in order to be able to do all that stuff... while your advice is fine for the HN crowd, unfortunately this problem affects everybody.
Better advice IMO is to tell people to use a smaller provider, like Fastmail.
719 comments
[ 4.3 ms ] story [ 357 ms ] threadSince Google's processes don't seem to give access to that, you might have to sue them. If they failed to show though, you should be able to get a default judgement eventually.
(note - GDPR is in some cases privately litigable, so you don't need to wait around for a snail's pace regulator - you can indeed sue for relief and get your legal costs back in the award. I'd expect a lawyer would take this case on a contingent basis given how clear-cut the GDPR is about your right to access your own data).
Certain approved consumer groups are also able to do this as well - the regulators are too slow right now, but others are gearing up to start taking cases themselves.
Check your local laws.
And... let's just compare my personal finances to Google's finances.... carry the 1...
Today, denial of access to one's data ought to be a human rights matter.
Another trick is to use always have forwarding enabled in Gmail, to Outlook.com or another provider. All email will be forwarded despite your account being locked, so you will not miss out on important info.
And use Google Takeout for backing up your data, at least once a year.
I wish there was a way to pay for Google (such as Google One) and it meant Google wouldn't ban your Gmail account. Period. However from reading HN anecdotes, it seems like they don't care about you (even if you're a paying customer). I realize this could feel like extortion, but it would be well worth the peace of mind.
No, but the idea is that you can point the domain at a new host and at least keep receiving future email, so that you don't lose the ability to password reset accounts, etc.
As for
> I wish there was a way to pay for Google (such as Google One) and it meant Google wouldn't ban your Gmail account
There's a reason I pay, like, €50 a year for my email hosting instead of gmail's free mail. I want to be able to actually reach a human when it comes to problems with my email instead of Google's customer service void.
And, if your mail client’s UI allows, you can even send from <whatever>@yourdoma.in to avoid disclosing your “real” address when you reply.
My favorite use-case: you sign up for foo.com with foo@yourdomain.com. Then foo sells their contact database, and now you’re getting viagra spam all day. Ok, just add a filter to auto-trash anything addressed to foo@, and the problem is solved.
The migration to fastmail.fm , including a decade of old mail messages, was flawless (if slow, but it's a lot of data!). I highly recommend this route.
And that's why I think the GDPR is one of the best things the EU has ever done.
The rate limits won't stop someone from eventually migrating out, but it might take a while.
FYI, it already is for yahoo. I got lucky that they _only_ deleted all my emails after I didn’t log in for a while, and nobody else managed to hijack the account while I was gone and password-reset all my services...
Using a custom domain with Google's paid service seems like the least drastic change and you get to keep using all their services. Maybe the support won't be as good, but the products and integrations are probably better than any other provider.
And as long as you do regular backups of your Google data, I think this seems like a good solution.
I think the downside of Google is this happens about 100x as often as other organizations.
Google security also cares about Google's security, not your security. Your odds of account compromise go way up dealing with Google.
E.g. website@yourdomain.com
The funny (er, scary) thing is I was actually thinking of switching to Google registrar for my domain after namecheap messed up their CNAME records and dropped a few days of emails (I already use GSuite). Google reliability, the promise of fair pricing and a free WHOIS protection was very attractive to me.
After this, fuck that.
Google has so many services that you could lead a reasonably diverse online life without going to another provider, without the accountability that typically comes with that sort of power. They really need to be checked.
Only use Google SSO for things you don't care about.
While in would be a pain if I lost my google account, I can still access Twitter, Discord, GitHub, Bitbucket, stack overflow etc as they aren't bound to Google.
My emails/hangouts chats however would be lost unless I took a backup (I haven't but I might one day when I decide to go ad-free)
- Bank (requires subscription)
- SIM card (requires subscription)
- National ID card (requires reader plus a maze of Java applets)
All of them suck badly. At least national ID has NFC so technically in future can be a bit easier.
https://www.epaslaugos.lt/portal/nlogin
If this is true, then as in my other comment, your government really ought to be regulating Google as a public utility.
Edit: yes NZ has RealMe but there isn’t much use for it (in my xp).
p.s. IRD has it's own login system.
If you make them public utilities, they'll get even worse, become more politically tangled, become even more entrenched, impossible to remove and impossible to compete with. You'll put the government directly into the business of preventing competition against them via intense regulation and government-lobby protection.
There are a lot of ways to restrain big tech before you get to the public uiltity option.
I think your fears are overblown, when was the last time the power company, the phone company, the sewer company, the train operator, the postal service decided on a whim to un-person someone? Sure those organisations aren't perfect by a long shot but by and large they are trustworthy and accountable.
That's already true. Look at how Google is banning accounts without recourse. Or how Twitter and Facebook are censoring personal and public discourse to push their political agenda. Why are they able to do so? Because it is already impossible to compete with them.
I second the idea of declaring them as public utilities.
I guess we'll have to wait for some high profile people in the EU administration to be mistakenly banned by Google so they look into it.
Which kinda suggest governments should run their own email services.
No, no, no, no, no, let's not go there. Small independent hosters is a more compelling solution.
Yes, our culture is perfectly capable of delivering essential (and nonessential but nonetheless everyday) services through regulated private independent companies. Typically some sort of exclusive license is granted, yet to maintain that license certain standards must be adhered to. You can see a dozen examples of this on any high street, any business handling food for example.
Mail is one of the things I'm most worried about.
And many services will be like, oh, haven't seen you in a while so we sent you this code to your email to verify it really is you.
Do it now.
I no longer have access to that old number, i ditched that particular account cos it didn't mean much to me and opened a new one, wasn't worth the hassle.
Use an IMAP client. It would keep all your mail on your device, so at least you don't have to rely on having uninterrupted access to your account for your old conversations.
Actually, I'm surprised just how many people use email through web interfaces for some reason.
Gmail will often fail on exact-match searches. Unbelievable frustrating and next to useless.
Thunderbird is a bit clunky but does what you ask of it and has much better+simpler filtering options.
Which makes sense, gmail is in the cloud so it can't perform intensive search queries because that would cost way to much.
Thunderbird has a dedicated machine for it, no matter how old and slow it is it will have way more resources at hand than google will ever allocate to you, even if you pay.
Thunderbird has forks but they too need much work. The trouble with email started when free email was included in Windows thus taking the incentive away from development. Same goes for Thunderbird nowadays with free Gmail being available.
So could Eudora's for that matter. Crashes were a particular problem with large boxes (.MBX files) as they often had crosslinks from users shutting down too quickly. Trouble was that when the mailer reindexed/compressed the box it would often stop at the crosslink and the remaining mail lost (I used to advise everybody never to reindex unless they'd backed up immediately beforehand). No doubt if you were in the IT at the time then I'm preaching to the converted. ;-)
I often use this example to illustrate bad design and the need for data hardening. If the time you're mentioning was before Qualcomm announced an end of Eudora then this may have been one of the reasons to move away. That said, mail clients haven't progressed much since. The MBOX is simple and still predominates but that's a mixed blessing when we need separate index files. Essentially, those who've many GBs of mail still have a problem. Little wonder many have turned from POP/IMAP to web mail.
I have to use Thunderbird at work too, but every so often I'm glad that mutt handles IMAP as well and helps me find stuff that Thunderbird will not.
If I'll get locked out will I be able to reset my password to the other bank account I almost forgot about? How long will it take for my old recruters to figure out not to mail me there? etc.
I run Thunderbird sometimes on desktop to cache all emails locally. I also have a NAS wich is downloading emails 24/7 and I can browse all locally from backup. This also gets backed up to 2 other locations :)
Is the convenience truly that great that people are even prepared to gamble the loss of their data? Alternatively, why is it that some of us have always been mistrustful of Big Tech and most others not?
They're completely opposite worldviews.
I expect that most users think on the same level as they do with metadata: "I have nothing to hide so can't be a possible target." And if an algorithm suddenly marks them as a target (for whatever I transparent reason) they do not understand that they might just be "collateral damage" …
My IT world view was formed in the 90s when various proprietary file formats became more or less inaccessible due to "software obsolescence"). Which told me that only more or less plain text (mark-up is fine, as it is text too) will guarantee that I can access my data years later. People who started their live with Big Tech (so-called digital natives -- or is that naives? ;-) might have to learn this sooner or later.
There was a time, maybe up until 10 years ago, when Google was cool. Everyone wanted a GMail address, it started out as invite only, like Facebook. "Do no evil" was the motto. And they ramped it up slowly like boiling a frog. The evil, I mean. And here we are today.
Seems it's impossible to make predictions in this area with any certainty.
Remember, Bill Gates was paranoid about this and about Microsoft getting caught out for similar reasons especially so around the time Windows 95 came out. Even so, MS missed the boat with search, smartphones and Android.
I don't think people actually believe that anymore they just feel they have no other alternative. Google had this wellspring of good will that they have simply burned over the last 10 years or so.
It was developers who originally made Google what it was - first to search, first to Chrome.
We can unmake it as well and I think it's about time we do.
But what are the actual odds that a bad thing is going to happen to me?
1.8 billion people are currently using GMail. If 1000 "real" (ie, not bots) accounts were closed every day for the next 80 years, there's a 98% chance that I (or any other individual user) would never have a problem.
Obviously, if some number of people are having problems that's, well, a problem, but as an individual user I mostly assume that it's not going to happen to me, much like I largely don't think about the 1-in-103 chance that I'll die in a car accident.
I've never understood why people would actually trust their data to Google or any Big Tech company when there's no guarantee one will always have access to it.
That said, we need laws to guarantee people can always reclaim their data even if their account is closed or the company goes bust.
What you mean to say is that it isn't out of the reach for anyone visiting YCombinator.
Most "users" have less understanding now, many of them having lived with this technology their entire lives, than I did at 14 when I got my first computer... A Pentium 75 with 8 MB of RAM and a 540 MB hard drive.
Then I got an Android phone and used the account for it. Then I used the calendar app which used the same account.
So it vendor lock-in all the way.
But I already migrated my email to a VPS and will migrate my calendar and contacts as well.
But this is not something everybody knows how to do.
I hope contacts would still be on my phone if I lost access, or is that hoping too much?
Brexit allows them to start again on that side of the Atlantic, albeit on a smaller scale.
However, there were data protection acts in 1998 and 1984, and it seems unlikely the general principle of access to personal data -- which was there before GDPR -- would be removed.
[1] https://en.wikipedia.org/wiki/Data_Protection_Act_2018
You can privately litigate breaches of GDPR, and I imagine the court would be keen to award you costs when the judge discovers the kafka-esque situation going down. Oh, and ensuring you receive your takeout as they are legally required to give.
Not sure if there's grounds for loss, as the terms and conditions are pretty tightly wrapped to say they can block you at any time and you're fine with that... Not to say that should be allowed either!
A good point well made. Several grounds here.
https://www.news.com.au/technology/online/social/gold-coast-...
I hope you dont also own some google router or even better, "home security" device. This would make it a real pain. I am explaining this to people since the birth of gmail, but no one listens.
Let me think for a moment, what would happen if google does this to me...
[x] No google email (I have my own mail server - it is just a $90 motherboard with onboard cpu with disks)
[x] Modified ROM, no google on android
[x] No google cloud (Nextcloud is just fine, for virtualization I have bhyve. They are both just great)
[x] No applications bought from google play (If application doesnt provide "off google" licensing, I am not buying it - voting with my money)
[x] No content served by google (If I want to share video, I just upload it to my server. No annoyances about copyrights or anything else. It just works.)
[x] No data whatsoever stored in google ecosystem (actually actively fighting against them storing any information about me)
Hm, looks like - nothing?
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/vi...
- I buy another laptop and install Linux.
- I connect my Google, Dropbox (which contains google backups) and Github, and they contain all data I own.
- I buy a new smartphone and connect it to Google
Simple as that. And my house doesn't need to burn down for this, when I buy a new laptop or smartphone I do the same.
Plus, all my email, documents, source code is accessible from anywhere, for when I don't have my hardware with me but have access to another device.
Everything has benefits and drawbacks, my approach definitely has drawbacks, but running your own server at home also has drawbacks.
But unlike you, I don’t care if google locks me out.
A few years ago I was happy to have all my life on Google because it's was so integrated, but recently because of (1) privacy issues are (2) risks of being banned arbitrarily, I decided to reduce my exposure to Google.
So my email is Protonmail, my browser is Firefox and my search engine is Duckduckgo. I'm still looking for alternative for my calendar and files hosting. I might shell out a pro Dropbox account.
What might be harder is Android and Play Services. I don't like the iPhone, and I don't want to bother with de-googlized custom ROMs either.
You might want to consider Nextcloud (https://nextcloud.com ) for that.
Or just upload backups of your home server's disk to the VPS.
Anyways, if you do distrust your VPS provider, you can just use it for encrypted backups, and then you'll only have to manage the key.
As for suggested alternatives to DO, there are plenty VPS providers in Europe. 1&1 or Hetzner come to mind. Maye they don't have DDoS protection, but you aren't trying to build a public website anyways.
It's called TOTP:
https://en.m.wikipedia.org/wiki/Time-based_One-time_Password...
It's an open standard, RFC 6238:
Calling it "google authenticator" is like saying "I'm going to GMail that document to you".You need to actively take advantage of it being an open standard.
There are a few ways you can do this.
1. When you set up TOTP for a site, scan that QR code or enter the text version of the code in two different TOTP authenticator apps.
You might even consider scanning the code on different devices, too.
2. You can save the QR code or text version of the code, so that you can set up another authenticator app later if you lose access to the one(s) you scanned the code in originally.
Only consider this approach if you are confident you can protect the saves code, such as with strong encryption.
3. Many sites will give you one or more one-time codes that can be used to bypass TOTP. These are meant to allow you to get in so you can set up a new TOTP authenticator if you lose access to your current authenticator.
As with #2, you need to be confident that you can securely store these codes if you want to safely use this approach.
For #2, I recommend both saving both the QR code and the text version of the code. You can get command line tools that do TOTP, such as oathtool [1]. Having the text version of the code will make it easier to use such tools, which might come in handy if your phone gets lost or destroyed and you need to generate TOTP codes before you can get a new phone.
[1] https://www.nongnu.org/oath-toolkit/
Does your house burn down that often?
Frankly, getting deplatformmed is a much higher-probability event.
> and they contain all data I own.
No, they contain all data you think you own.
I think you've got the probability backwards, in reality.
I created that data, so it's mine by law. Or it is data that was never mine in the first place. Plus, my google data is stored in 3 places: Google, Dropbox and local system. If 2 of them fail, I still have the other.
As to who can access that data, well, that's a question for everybody isn't it? If I would run my own server on the internet that would also be the same question.
So yes, I'm pretty sure it's MY data. I'm also protected by EU laws.
You might want to try this before you feel secure enough. My mother's phone got stolen and I had a lot of trouble trying to get into here Google account for her. I was lucky enough to have logged into it once in Safari of all things on my personal laptop. Google seemed to have placed a cookie to 'remember' the device. Otherwise her google account would have been gone forever.
I now disabled all the trusted device related settings. Sure it is less secure versus hackers, but getting completely locked out isn't a great prospect either.
Yes
> My mother's phone got stolen and I had a lot of trouble trying to get into here Google account for her
The first time, my phone bricked itself (you get what you pay for. Don't buy $30 smartphones). I have 2fa. I use both Authy (syncing) and WinAuth (local, with encrypted backups) to manage my secrets. Entering the code is enough to sign in.
The second time, I was moving from an old phone to a new phone; I turned off the old phone to remove the SD card before turning on the new one, and it worked fine without turning on the old one until after signing into accounts, when I needed to transfer data for some FOSS apps (termux, Fdroid, etc).
To solve the issue you mentioned (disaster recovery), I am using rsync.net borg service.
Another 'trick' I do which considerably help is to use my gandi.net free email accounts as secondary MX and relay for my emails: - I bought my domain through gandi, I get 5 free emails account - I put gandi mail as secondary mx and I mirror the important email account as gandi mail accounts. For example, if my email is abc@example.com, I create a gandi mail account for this address - I run fetchmail on my server to fetch mails from gandi - I setup a specific email account for relay (eg. postmaster@example.com), and I configure my postfix to relay emails through gandi using this account
That way, if my server is unreachable, all emails are delivered to gandi and I can access them through gandi webmail. When everything works fine, most emails (99+% in my experience) go through the primary MX (my server). In case some are delivered to gandi or when my server is back up, fetchmail will just get them back locally.
This 'trick' helped me in numerous occasions, esp. when moving from a location to another, but it should also helped in case my house burns down.
The relay part alleviates most delivery issues: I used to have a lot of rejection (ISP MX rejecting residential IPs) or spam classification (gmail I hate you). I no longer does.
- Google detects the new phone as a suspicious device and locks your account until you can authenticate using your old phone.
- You can't authenticate using your old phone because it doesn't work anymore.
- You lose all your Google-connected data.
You don't need a house fire to fall victim to Google; merely dropping your phone will be more than enough.
This is one of the classic guys who has his own mail server.
> No google email (I have my own mail server - it is just a $90 motherboard with onboard cpu with disks)
I knew it
talking about the setup I'm a bit more flexible in some regards to save bandwidth
Cloud/data storage/services
XCP-NG + NextCloud + 3TB NAS (24/7) -local mail server+ Dynamic DNS on VPS (for mail - local sync)-online a few small VM's for various services-local
Archiving/Backup:
40TB archive NAS for daily backups of all stuff that I keep online+offline including phones,tablets, etc
Video/Audio content:
local private copies + shared though youtube (as alternatives for content blocked on youtube I use RuTube or Youku)
Edit: Forgot about the off-site backup (different country 40TB NAS as offsite mirror)
There is no vendor lock-in as long as the user has the root control of the NAS device (Or at least get their data out of the machine). If the user decided to switch to another NAS vendor, they can simply migrate the data to the new machine.
> Let me think for a moment, what would happen if google does this to me...
> {lots of stuff that is impossible for the average person}
If you're making the same comments to those who "don't listen" then I can see why. Honestly this comes off more as a gloat post than pragmatic suggestions. And this is coming from someone who used to run all of the above.
The problem is, hosting your own email is actually really hard. Not only much harder to set up than it should be Particularly so considering how old the technology is -- you'd think there would be a GitLab-like solution that is a single package for all the components but no, the end user is left working out what MTA to select, then there is choices between the DB backend, user authentication, POP3 vs IMAP, and possible a web server and web site code itself (if you want web mail as well as POP / IMAP). And that's before you get as far as SSL, login attacks (eg fail2ban), spam protection, setting up your DNS records in the exact combination to protect yourself from being identified as spam and then finally creating your user accounts. And even after all of that, you're still likely to find that Google and Microsoft just assume you to be spam because you're not running on a known trusted service. It's ridiculously hard to get right and that's before you've concerned yourself with the weekly upkeep (security updates, application updates, back ups, etc). There's a reason a great many skilled sysadmins -- including myself -- have given up bothering to run their own mail server. It's easier to trust $COMPANY and make regular backups in case of emergency than it is to run the process in reverse.
...and that's just email. Running your own cloud is also problematic -- not as difficult as email but it is still a considerable hassle and still out of the question for the average Joe.
This is the very crux of the problem. We need newer protocols so this is dead easy for anyone to do but I don't see it happening anytime soon. As Google and other Big Tech are on internet standards bodies they'd almost certainty oppose it as a more distributed internet would be bad if not ultimately devastating for their businesses.
Unfortunately, we naively let the Trojan horse into the internet years ago now we're paying a terrible penalty for our foolhardiness.
It works but I have the impression of living in the dark ages:
- I had to ask my contacts to install Signal on their phones, some just didn't follow up (we were having long conversations on WhatsApp the week before), some don't even see my messages. I receive much less messages than before, I'm left out of the cool conversations happening in WhatsApp groups).
- I thought Google's keyboard could use some improvements, but the AOSP one is much worse.
- I can't use my banking app, and their mobile web app doesn't work with KeepassDX so I have to manually enter my account infos each time.
- notifications are hit and miss. The reminder app that I found on FDroid didn't fire a reminder this morning. I had to get another Clock app, the AOSP one insisted to make an audible notification 1.5h before any alarm (it was silent on Google's).
- email clients: FairEmail is good but lacks ergonomy.K-9 mail is a joke. (I like to separate my email accounts in separate clients).
- the icons are ugly and I didn't find any way to change them.
All in all I'm not exactly living the dream right now. I don't use social medias (except YouTube on my desktop where I can block ads) I think I would have a much harder time if I had to use web apps to connect to social medias.
https://f-droid.org/en/packages/org.pocketworkstation.pckeyb...
I wouldn't recommend doing banking on a phone anyway, although GrapheneOS should be fairly secure (and I'd use a browser, not an app).
As for security I'm not sure my desktop is more secure than my phone! Anyway I'm more concerned by privacy than security.
- You can import your emails, but it might not be realistic to import all your history. It's going to take ages and fill up your new account quota. So what I did is first do a cleanup of my gmail history (remove things like mailing lists, promotion emails, etc) then export only the last year. I can still log to gmail if I need to access an older email.
- You can't expect everyone who has your old gmail address to know your new email address, so you need to accept to live with a forward from gmail potentially forever
- Most services will let you change your login email address, some won't. In this case you can either create a new account or accept to keep the gmail account as login.
2. I really want to know more about that too!
You wouldn't if there were an international telephone-like directory. We seem to have forgotten that this was the actual function of old fashioned paper based telephone books.
As I see it, it's imperative that something like this be established as it's the first step in unshackling ourselves from being permanently locked in to Big Tech. Similarly, we need portable email addresses and portable IDs that we can use anywhere and with any service. As this HN news story illustrates, we need these more than ever and we need them soon.
These won't be easy to implement as Big Tech will oppose them every inch of the way. For starters, we'd need legislation that would enforce Big Tech to compulsorily use these IDs. As Big Tech is in the pocket of governments, this won't be easy.
This is such a shitty behaviour, it makes me angry. I hope he'll follow up with a court case.
https://imapsync.lamiral.info/
"We're a private company" is no defense against traditional anti-monopoly enforcement. New powers that make Big Tech so big should be explicitly added to the dangers anti-monopoly regulation was created to defend against.
If Google wants to lure you in, they should end up being as stuck with you as you are with them.
Also not putting all your eggs in one bag is a good idea.
The real problem is that most users don't understand why they should pay for a service that Google provides them for free.
Google photos also 'helpfully' offers to delete your uploaded photos with 'some guarantee'!!!
If this isn't an indication of a giant shitty monopoly that doesn't care about its customers at all, I don't what is.
They have some AI ML fucking crap but can't figure basic user trust because that won't get anyone promoted nor grow some Director-level person's headcount.
Large promo-manufacturing teams that casually handle all your data. Pray to God that some L4 didn't get promoted doing some impactful work because they sure ain't gonna do maintenance work protecting your shit. Their motivations are not users, product nor team: manipulate some metrics to get promoted and move out. Horrible.
It is like building a house on the edge of a cliff then falling off the cliff one day. It was always a real possibility. Being locked out of your stuff is quite a likely end of the story with Google.
The issue seems to me that it's a global ban.
If Google only locked you out of the functionality you seem to have violated somehow, it would still be a viable strategy to use their services.
Imagine losing the ability to comment or upload videos on YouTube because you wrote something offensive or published a video with copyrighted materials.
Potentially bad for YouTube creators, but definitely not dangerous for normal users which also use other services.
Reports like this were the reason why I removed almost all Google services from my life a few years ago, but I wouldn't have done it if the bans had been granular.
The worst is that they are certainly keeping your data, because they never throw anything out, while they are preventing you from getting to it.
That is theft, pure and simple.
My point is there are limits that what private companies can do. Stretching the boundaries like that is sure to cause a strong regulatory reaction at some point.
And we are free to complain and vote to change those rules. Guess what happens then?
I do love these sorts of arguments. There is a modern expression that goes "f* around and find out". Like Standard Oil did.
https://www.britannica.com/event/Sherman-Antitrust-Act
When you have governments using Google logins or schools communicating with parents via Facebook groups, or state broadcasters reporting on Twitter as news, then the line between private company and public utility has been crossed.
Global bans "seem" to be new. I've read many stories of shell scripts randomly permanently banning android developers for life from their platform, but those stories always involved being banned from the play console and so forth, not being banned from search / maps / gmail / youtube / etc.
It seems to be news that if you tell people in public youtube comments that you vote for Trump, or whatever it is they're enforcing today, google will fight back by disabling your thermostat or whatever.
Global bans are not new. They were standard a decade ago. The reason is due to the structure of the various spam/abuse industries that plague any service that allows user generated content. What happens is this:
1. Accounts get harder to create as signup security improves
2. Black/grey-market account sellers come in and start creating accounts that get bought by spammers/fraudsters.
3. Spammer/fraudster abuses an account on service X, it gets locked for service X. They sell the accounts _back_ to the seller, who then resells the account once again with a note that it can't be used for YouTube or whatever.
4. Different spammer/fraudster buys the account, abuses it on a different service, goto step 3.
Their systems have some notion of why accounts were suspended or blocked, and the tech does support individual service level blocks. But they weren't used much back then because the pattern of a user being bad on one service and then being bad on every other service was too strong.
The problem of false positives was well known a long time ago, and the noise:FP rate is very good - if a script accidentally disabled good users with even quite low volume the people in question would be on Twitter or HN within hours making articles like this one, which did get noticed. So false account blocks were pretty rare.
Back then and still now, I think Google need to make it easier to handle this situation. Strong end-user support in these situations is hard because genuine fraudsters will happily file support tickets and socially engineer support to get their accounts back - I even witnessed auto-generated pleas to support once. They were quite convincing individually, only when you saw a few thousand of them with re-arranged sentences all begging for help with identical language was it clear they were spam. However they could still make it a lot easier, and in particular, could improve Google Takeout to be easier to use (e.g. automatically uploading the backups to various non-Google services).
How much are accounts currently worth on the market? It seems that making the recovery procedure more expensive than the worth of the account should resolve that issue. At the same time legitimate users are probably willing to invest some money in order to recover their account.
For example offer a $20 option to send a registered letter to an address provided by the user. Then Google can check if: 1) The name on the credit card matches the name on the account, 2) a given address hasn't been used too often, 3) the identity check done by the postal service (checking if the recipient actually has a given name) succeeded.
This won't be a perfect solution and there are definitely edge cases for which it won't work (in countries without registered mail, if someone doesn't have a credit card, etc.). But it should be able to cover the majority of cases where legitimate accounts have been locked.
However that's basically what phone verification does. In case of suspicion someone has to provide their mobile phone number. It's texted with a code and a counter increased. The same number can't be used over and over. Unlike credit cards, the assumption of universal mobile phone access (amongst people who have internet access) is very strong. It works very well. In this case, the account was shut down without this being possible, which is only used normally for very clear cut cases. Don't assume the full story is public.
This is a problem that is largely solved at government scale, which is what Google is now, and there's no reason not to take advantage of existing infrastructure to do so.
Why are accounts suspected of TOS violations not simply put into read-only mode instead of shutting out users completely? If the identity/authorisation of the user is not in doubt it makes zero sense to not let people download their data before closing the account.
This simple change would fix all the consumer related horror stories with zero cost to Google. In fact it would become cheaper for Google because people would stop pleading with them.
Also, why is there no one-off paid support option that covers the cost of a human checking evidence and is expensive enough to deter mass abuse by fraudsters? Why is there no option to provide a photo ID upfront so that there is always a last resort to check whether a user is who they say they are?
Read only mode would make sense for content that's truly private, or which can be made private. Nothing stops them allowing Google Takeout for disabled accounts, heck maybe they do these days.
Paid support:
1. the optics of false positives being held to ransom to get their account back is terrible. Giving the money back isn't always easy (credit cards support this sometimes but many users don't have them). And this is made worse by:
2. many accounts aren't easily verifiable. People imagine that every Google/FB user puts their entire life on these accounts. A very small number do. For those, expensive ad-hoc processes could maybe increase the account verification rate by a little bit. But most accounts that get disabled are accounts with fake names, that use exclusively one service, etc. It's extraordinarily difficult to come up with reliable ways to verify the identity of the holder of accounts that required no identity to sign up.
Right, but removing an offending comment can easily be done indepenently of any other action against the account.
>the optics of false positives being held to ransom to get their account back is terrible.
That's true and I had that thought as well, but it's clearly the lesser evil compared to stories of people losing irreplaceable data.
>many accounts aren't easily verifiable.
True, but as I said, users could be given an option to make their account easily verifiable.
If there were a definition for "set up to fail" it would be that customer... Or are we to assume google is a potentially hostile force, whenever it feels like being one.
We used to ban the sales of products that harmed customers.
What do you expect your average person to do? Set up their own mail provider?
A tiny number of companies set out to have an unbreakable joint monopoly over the Internet, and succeeded. Now you're blaming the average person for this - like the average person has the skills or the time to do anything about it.
I bought 3 Nest thermostats long before Google bought them. I wouldn’t have done so after the buyout.
If google bricks my thermostats because my kid does something dumb on YouTube (through the linked tv accounts) that will suck.
I suppose regulators could also prevent companies from bundling lockouts in that shutting down gmail for YouTube problems. Or shutting down Nest for gmail problems, etc.
The phone company can’t just randomly cut off service and ghost me. Regulators are the reason for that, as I’m sure they’d love to if they could.
If you're paying your bill, why would they care?
Regulation is part of the answer, but it's also part of the problem. If a YouTube comment wasn't at risk of "being mean" or breaking arbitrary rules (pushed by regulators, Google isn't doing it on their own), you couldn't be locked out. Corporations don't gain by cancelling their customers.
Personal experience, once I created an Adword ad using one of the image that Google Ad creator had suggested. It was nothing, just a woman in bikini. It was approved and then rejected with warning that I violated their guidelines. I wanted protest but thought probably not worth it. This could have perma banned me from Google, I stopped using AdWords.
Do you think Google really cares about this, or do they get pressure from "outside" forces to impose such rules?
I seriously doubt Google cares one wink about people posting bikini photos. These rules exist because activists put pressure on the company to enforce such rules, for better or worse.
Sure they do. If a certain customer's behaviour is alienating or obstructing other customers, then that customer gets cancelled, because they are having a negative impact (on the business - not the users!) that is larger than the benefit they provide.
That's a net positive result.
Ignoring your whole concept of "mean", it is 100% up to the company to decide what the negative behaviour is, which is part of the problem.
Sure some of it might be "mean behaviour" and so we look at it as Google doing a good thing perhaps.
But what if you went around Google's services and informed people of better alternatives to their services, and you started to actual gain traction and cause people to stop using Google?
There's nothing mean about that, in fact you're providing a good service to those people. But in Google's eyes your actions are negative, and they could just cancel your account at their discretion because they don't like what you're saying.
That is the kind of thing that regulation protects from, when dealing with essential services - and I think there's a stronger and stronger case to be made that these large providers are in fact essential services.
p.s. Devil's advocate: the theoretical actions I described above (recommending alternatives) could so easily cross the line into spam. But who decides where that line is, if Google was to be regulated?
This is not a random cancellation.
There is zero incentive for your phone company to cancel an account in good standing otherwise.
The OP said "they'd love to [cancel my account] if they could". Why would a phone company "love" to cancel accounts?
To address your point too though, there are definitely customers that the phone company is required to serve that they would rather not serve, because the costs are higher than the revenue.
Remote rural customers, customers who need accessibility-related support, certain outdated services that people are grandfathered into and don't want to cancel, etc...
And again that's where regulation protects the customer from the corporation that doesn't care about the customer's needs, unless they align with their own needs or are forced to via regulation.
So indeed, buying open API stuff only is a good start, unfortunately one still needs to be vigilant.
>You need a government regulator to stop large companies from buying up lots of small companies and adding them to this risk pool.
These two statements are not even close to arguing the same thing.
The previous commenter is saying that it's common sense that "centralizing all your data with Google" may not be a great idea, especially if you don't have any backup of that data and keep all of it in Google.
They are being downvoted, wrongly, by people who knee-jerk about the "don't need a government regulator" bit. But they only used that phrase as a kind illustration of the common sense that people should have about not having a backup of their data.
Yes, Google does need some government regulation. And yes, people shouldn't need a government regulator to tell them not to keep all their data in the cloud without any local backup at all.
They could decide to randomly throw every 5th email that is not a gmail into spam and blame it on other providers having low reliability. Make it random enough to gently encourage you to get a gmail account again.
These are extreme examples, but Google could easily do these kinds of things and there is nothing any of us could do whether we use Gmail or not; it will affect us because they control so much.
The scenario you describe does not seem so unlikely to occur...
How would that kill gmail? It's not like they're going to lose any real part of their user base. Short of a press release from google confirming the behavior, the average user is not going to go through the hassle of finding a replacement provider and then changing every email address associated with every service they use (if it's even possible for the service) all for some nebulous and impossible-to-confirm conspiracy theory put forth by tech experts and security experts that don't get listened to even when there is proof. And it's not like other companies and services would take a stand by ceasing to offer service to customers with gmail accounts- that's an incredible way to lose a vast portion of your customer base.
I wish it weren't this way, but I just can't see that bringing down gmail. Especially not when every google service requires a gmail account- probably the same one most people have had for years.
They can't afford to let 20% of that go to spam without a backlash. And if they kept doing it despite the backlash, who knows what would have happened to gmail.
Lose a few thousand dollars or an entire vacation by google regularly blackholing messages from important and expensive services like airlines, when they send you email telling you your flight departure was changed, and you'll be looking for a better email service in no time.
Now imagine this happens to 1/5 of the customers of said airline, just because of google's 1/5 non-google mail go to spam policy. It would be a scandal.
They will launch a 'secured sender' program where you pay Google a monthly fee so your company's email doesn't fall into spam.
It hasn't kill gmail. How could it unless other providers refused to route gmail emails the way google refuses to route your personal server's email.
What? You don't pay paxes in your country? No rent to the owner of your house or paid for owning the house yourself? What country is that?
Someone always pays.
You want a mail-address? Grab your own domain (thus pay "tax"), put a server there (build a "house") and you are there. Getting an address, be it physical or digital never comes for free, and there is not human right for having one.
However, that doesn't change the fact that the economic model has changed when it comes to email. We no longer pay with money, but we pay in other ways when we use Google. So it's actually worse than with mail, because there used to be a clear exchange of goods but it is now obfuscated. And thus, there is nothing mandating good service, which is why people can be randomly banned from using it.
In google's view if I accept the terms google will treat me as a customer internally and using that relationship will sell my data.
Is google not in a legal position to do this?
The acceptance of the terms creates a customer relationship
I say “steal”, because they are not opt-in.
Also, there is no comprehensive opt-out. I cannot tell their ad networks to stop tracking all the devices I own.
(They have a page for stopping tracking of things I use my Google account for. That doesn’t count: They track me even when I am not logged into Google, and even on devices that cannot log into Google.)
Also, I can’t delete my gmail accounts. They were issued by third parties that decided to outsource email to Google.
There is nothing consensual about my use of Google services. I shouldn’t be bound by their EULA. I’m sure the courts would disagree.
Sure, they have the right to cut off users any time they like. But it's ultimately self-destructive. Once trust is lost, it's difficult to regain it. I've moved away from my Google dependencies as much as I can, and have urged friends and family to do so as well. I'm only influential with around two dozen people, but once you start multiplying people like me by the millions, then Google has a problem.
And I'd argue it's at least a little immoral. Their services, especially Gmail, were set up in a way to make users highly dependent upon them. Google wanted that dependency for their path to near-monopoly status. To suddenly cut them off without the option of support or a clean exit creates real world chaos as the users try to pick up the pieces. Your email address might not be used much socially these days, but it's crucial for business contacts. For logins and customer interactions. The loss of it can cause serious damage. Google may not be legally responsible for the damage caused by a user's loss of their free services, but they're arguably morally responsible. Maybe they should pop up a warning to everyone using Gmail: "Don't rely on us. We're not going to do anything to help you if you can't use it one day."
Or more precisely: Why do you think any outsider could understand Google's rational?
History is littered with the corpses of successful companies that lost their way.
Today's Google reminds me of General Motors. Utterly dominant, untouchable. But needed to keep making more money. So they bring auto loan financing in house, GMAC. Woot, more money. But they forgot how to make money making cars. So upstarts ate their lunch.
It's a rough analog. Maybe IBM is closer.
The point is Google's rolling in cash despite their antipathy towards their end users (note that I did not say "customers"). Which will continue to be fine, until it isn't. And then it'll be too late.
Everyone pays with their data and the ads they and others are seeing. Just because you pay no cash, does not mean ther is no payment at all.
Addtionally, it's used to be quite hard to even pay in cash for googles services. Though, this changde in the last years, as there is now youtube premium and google one. But still not possible for all their services.
A contract without consideration is not a valid contract. There are a few laws in some places that require companies to provide service outside of a contractual service agreement, but those are typically limited to public utilities, emergency services, etc.
They do. But does their ToS say that your data and attention is consideration for use of their services? I do not believe it does. In fact, it says:
> You have no obligation to provide any content to our services
Throughout their terms, I don't see anything that implies an obligation of exchange.
There are certainly other rights that exist... But contractual rights to a service is not a right you'd have without a valid contract.
You can sue your caterer if they run out of food, but not the soup kitchen.
Keep in mind, this is the same public IP address that we've had for ages. I am the recovery contact for the account since she is a minor, and have filled out the forms several times now, even giving the exact date and the "verification code" from when the account was created. We are now stuck in an endless loop.
She can still access her account from a macbook and from a linux desktop, but I fear once she is signed out that she will be locked out forever.
All of my important stuff (finance, etc) is in protonmail now, and I'm happy that I made that move.
Why do they do this? Did you contact them about it? I would say it seems, at face value, that your city's utilities company did not serve you while Protonmail did.
That's fair- that's a better way of saying it. Every time I've had to email them (which admittedly has only been a handful of times) with proof of something, I always end up calling them up and they'll say "but protonmail isn't on the blacklist that IT posted, so you're lying or you sent it to the wrong place," then I'll send screenshots from a different email provider proving that I sent the protonmail email(s) to the right place, then they'll say "oh, I promise to talk to IT to get this straightened out."
It's pretty obnoxious.
1. You can't search message content. gmail is very good at this, so I've had to become more organized to make sure that I can find a particular message in protonmail.
2. Notifications on mobile do not clear if I've read the message on another device. I have to open up the app and sync to stop them from popping up with outdated information.
3. I wish that there was a way to mark a message as archived and read from the mobile notification.
Other than that, I can't complain.
(They do have Protonmail Bridge now, but it doesn't work great for alternate mobile clients unless they've changed it)
Public utilities are highly regulated, and do not have the right to interrupt your service.
0: https://families.google.com/familylink/
edit: Family Link is also for android devices and chromebooks. She doesn't have a phone / android device or a chomebook.
Long story but fairly serious legal issues issues with their mother making false claims of care/activities etc and needed things like calander and location tracking services and this was just by far the easies way at the time. For safety reasons I put a forward to my gmail of all their incoming emails, once again best known option at the time.
I sense a problem possibly looming, but not seeing that coming clean and engaging with Google likely to be a happy experience.
Anyone got any advice, other than abandon current accounts?
If you can, your own domain backed by a fastmail or a proton is the sweet spot of easy and flexible, or at least an @fastmail, @proton or similar. With payment comes the possibility of human support, which I have received easily from fastmail.
So, now I’m in a situation where, if my gmail account gets banned, and the DNS provider decides to reset my password, then I’m permanently locked out of everything. I could point my DNS provider at my “real” email address, but that’s even worse, since needing to update the MX record could lock me out.
Does anyone have any creative solutions to this problem?
What do you mean "ground it out"?
As a consumer, I suspect hosting a "holding" domain, and possibly email, with AWS Route53 DNS might be a sensible approach that wouldn't break the bank. AWS has policies on account and password recovery that even include a notarised affidavit.
It might help to further separate your AWS account from the Amazon account you use to shop with, since there's a chance Amazon might be trigger-happy with banning if you violate one of their shopping policies with too many returns.
This is what I do.
Totally isolated AWS account that owns `my-account-recovery.com` in my country-code TLD (because I have legal rights and strong and easy access to appeals processes with that, so unlikely the domain could be wrestled from me and likely I could eventually regain ownership if lost).
I use Amazon SES for incoming email to simply drop all incoming messages as objects in a S3 bucket.
I have SNS notifications going out to my regular operational email whenever a new message comes in with the metadata (sender, subject, etc but not the body as that could contain actual reset/account recovery links) so I can keep an eye on what's coming in.
Haven't looked at my bills lately, but including domain renewal and stuff this is maybe $100/yr to establish this as a root of trust/access. Even if other accounts are breached/suspended/etc, I will still have access to this account and can recover my way down from there.
I'm putting all my eggs into the AWS basket here, but I've had a good experience with them in the past and I really can't find any examples of people being locked out of their accounts in the same way I can with Google. And I know from experience that it's not impossible to get in contact with a real live person when it's required to resolve an issue.
This doesn’t solve the “everything is in one basket” issue, but you don’t hear stories of these email providers just “closing” an account and causing immense trouble for the person, at least in part because they have actual support.
https://support.google.com/accounts/answer/3024190?hl=en
Edit: Looks like Google Takeout lets you schedule the download (ie once every month)
If takeouts could be configured to download automatically through Google drive, that would be amazing.
They can. And Dropbox, and various other cloud providers.
https://support.google.com/accounts/answer/3024190?hl=en
Perhaps there's some authoritative site about what exactly you need to do?
For me, I've switched to DDG full-time for search and I'm veeery gradually swapping over to Protonmail for email (using Thunderbird as the client to ease the transition). Once email's over, I'll be able to rest a lot easier.
However, if you're a heavy Docs user, NextCloud is a Google-like suite with a few hosting options (self-hosted, third-party host, or enterprise).
If nothing else you should set up your own email address, even if it is just a simple forward to your gmail. Google blocking access to your mailbox would be pretty bad, having control of your MX record gives you an out.
The principle options are:
- Integrated replacement services. Don't do this.
- Multiple independent free services. At least you've diversified risk. Mind that these may (and likely will) consolidate with time. Skype, WebMeeting, Instagram, YouTube, GitHub, and Blogger were once freestanding companies. They no longer are.
- Self-hosted solutions. NextCloud, FreedomBox, etc., or DIY service bundles on your home, office, and/or a hosted service can avoid the problem entirely at least for highly stateful services (email, contacts, files, documents)
https://duckduckgo.com/?q=google+alternatives
https://en.wikipedia.org/wiki/Nextcloud
https://nomoregoogle.com
https://alternativeto.net
For me, that started with email. Email is a root for a lot of your digital identity.
I can't guarantee access to @gmail addresses going forward, but I can at least _start_ fixing that problem. I picked up a new domain, hosted the email with someone else, and set all my other accounts to forward to it. I updated a few really critical things right away, but for the most part it's just as I go log into various accounts with the old email address, I update it.
I didn't really bother trying to migrate the email out of my gmail account. Instead I did a bulk download from Google Takeout so I know I _can_ access that old email if I really need to find something.
Six months or so in, the bulk of my identity is now tied to a domain that _I_ own, and email hosted with someone I can trust more than Google.
It's not perfect, but already the impact if Google were to suspend my account has dropped immensely.
Cutting Google completely is something you do on principle. Instead, just look at what the impact of losing access to various services would be and address those specifically. (E.g., losing drive? Switch to NextCloud if availability is a concern; or set up a regular Takeout download if data loss only is a concern but an interruption in availability is okay, etc)
It's like pulling teeth to work with that interface to edit documents. It's hard for me to believe that anyone actually uses it.
In that case, depending what your actual acceptable risk/goal is... continue using Google Docs and set up a regular backup? Your worst case is that Google Docs goes away tomorrow, and you still have all your data you just need to spend a bit of time restoring to a different account / setting up alternative software / etc and move forward from there. For most people I expect that's more than enough.
It doesn't need to be (and shouldn't be). Just use an email provider that respects you as a customer and don't put all your eggs into one corporate basket (especially not one that treats you as nothing more than data cattle). Horror stories like this one will, over time, educate people that this behavior pattern is dangerous.
IMO self-hosting is the ideal because that aligns responsibility with incentive (and it can be done extremely cheaply), but if not, there are paid email services that actually treat the user as a customer.
Normal people will only put up with this for so long. Either regulate it intelligently now, or expect actually scary regulation a decade or two from now.
There's nothing wrong with a law that says: "You cannot close a customer's account with no remediation, no recourse, and no explanation." What is Silicon Valley so afraid of there? How is that unreasonable?
Agreed. Then they will learn that Google is not to be trusted with email and move to a provider that is (sort of like how kids migrated away from Facebook when their parents showed up, even though Facebook remains a dominant brand). Disruption occurs when an incumbent is bad at something which the disruptor beats them at. In this case, there is an opportunity for an email provider to disrupt Google by providing actual customer service. Protonmail is already making waves in this space (in addition to the encryption).
The reason I'm anti-regulation is that every law is a headache waiting to happen (and one more barrier to entry) where to me -the- beauty of the internet is that there's almost no barrier to entry once you have an internet-capable device. The more we regulate the internet, the more difficult doing something as simple as running a personal discussion forum becomes. Regulation is, at its best, a necessary evil, to be avoided until no other solution has proven viable. And there are plenty of other solutions for this particular problem.
And to clarify, I'm anti-Silicon Valley (IMO venture capital's expectation of high returns is the direct cause of many of the "evils of tech"). But I do tend to agree with the anti-regulation stance. IMO the problems people want to solve with regulation (even including GDPR) are better solved by better tech and organizations that align their incentives with those of their users.
After all, 15 years ago we still thought Google was "not evil". A lot can change in that time.
>This victim-blaming needs to stop before the tech industry backlash hits. This is exactly why we need regulation.
Google will simply dilute the language of the regulation, to the point where they will simply add a "your account can be deleted at any time for any reason, proceed at your own risk" popup during sign-up, and people will happily hit continue/next.
Systemic reform can't exclusively happen top-down or bottom-up. There needs to be some of both. We need to stop giving Google free good-will on HN. Stop up-voting Google product launches, stop promoting Chrome, etc, etc.
Cue the "businesses can choose who they do business with!" and "if you don't like it, build your own!" people.
We signed up for many of those things individually and they've connected them more and more. Now we have a single point of failure that can take down everything across all your sytems.
And it's not just those. Don't forget about Google Voice, Android, and every service where you used "sign in with Google"
eCommerce and ad supported businesses that want to avoid Google are screwed though.
This is a problem with one sided none negotiable terms of service being considered valid contracts under the law
They should not be.
We need to change data ownership laws, and force companies to do vetting on Account Creation, and put in provisions on how accounts can be terminated once a company accepts a user owned data. i.e Accounts must have a human reviewed appeal process, with full and articulated reporting as to exactly which rules were violated, and exactly what activity was the violation. And have a View Only data Take-Out period
At a minimum
Are they even valid contracts now? Many gmail accounts are missing consideration or capacity -- which are required elements of a valid contract.
If anybody has not downloaded their data - https://takeout.google.com
And while I was at it, I replaced Chrome with Firefox on my Mac and never looked back.
Finally I moved all my photos to iCloud, replaced my Android phone with an iPhone, got a paid account at Dropbox, started doing backups like there won‘t be cloud services tomorrow (Carbon Copy Cloner ftw!)
I have a google account, only for using Youtube (paid). And I like their search results. Even that is too much google for my taste.
Edit: Ahh, Gsuite. I migrated to office365 (microsoft). But I use it mostly offline (Word, Excel). Actually for legacy stuff. Because I started writing my documents with Emacs + Org and export to whatever format my recipient needs, doc, html, markdown (using pandoc extensively).
Ironically I'm now permanently locked out of my old Gmail address despite knowing the password, sounds like I've made the right choice.
Seeing things from his perspective, I was amazed at how successful Google has been in convincing other businesses to take on Gmail, Google Docs, etc. When I think about the enterprise focus of Google, as well as the continuous rebranding, product EOLs, and crappy user interfaces, it's hard for me not to see Google as the new Microsoft. As a former Linux desktop user who lived through the whole MS antitrust thing, I find it absolutely bizarre that today, I'm much happier with Office 365 on the web, than I was with Google Docs.
I still worry about all my photos being in iCloud, but it seems like less of a risk since I'm a customer of Apple, rather than a product of Google.
Surely, you don't still have problems with it. Do you?
Identially the same with me. Damn terrible turn up for the books, isn't it. It just illustrates how messy things have gotten and how we need to bring major change to the internet.
That said, for me Office 365 is a step too far. On Windows I still ocassionally use the 2003 version along with LibreOffice and the latter on all my Linux machines.
Incidentally, you can download your google data:
https://takeout.google.com/
Set a reminder and do it on a regular basis. It will give you some protection from the Google Yank. (Until they yank this.)
BTW, does anyone know if this can be automated?
* Mail
* Google Drive
* Dropbox
* OneDrive
* Box
The absence of reason makes me wonder a lot of possibilities. Maybe google bans people who use ad-blockers, maybe they didn't explicitly set that way but some of their algorithms must have figured out these users should go. I know, it is extremely unlikely but we're free to come up with reasons if google doesn't give one. Don't sit there thinking it won't happen to you(I was like that up until recently), get a domain name and transfer all important accounts to it. And do a Google takeout.
> His actions over the past 15 years lead to a 76.9% chance that he will break our ToS. Furthermore,he has clicked only on 0.000001% of the ads. Terminating him now will increase the average profit per user by 0.00000000000000000291%.
I must have gotten through to a person eventually because I was unsuspended with the message:
> We’re writing to let you know that we've unsuspended your account. We’re sorry for the inconvenience and hope to see you back on Twitter soon.
> A little background: we have systems that find and remove multiple automated spam accounts in bulk, and yours was flagged as spam by mistake. Please note that it may take an hour or so for your follower and following numbers to return to normal.
Better advice IMO is to tell people to use a smaller provider, like Fastmail.
Since I never trusted Google, I use a well known mail provider that I pay for.