408 comments

[ 4.1 ms ] story [ 136 ms ] thread
Every subdivision of Google needs to be broken up, advertising and search especially. Too much in our economy is at stake.
How would that address this situation?
Why would a smaller company be any more responsive to issues like this? This seems like a technological problem rather than a political one.
Because it's easier for competition to arise for the smaller company when it doesn't have the clout of a behemoth behind it.
I consider myself anti-monopolist but lately I've been thinking...wouldn't breaking up American big tech companies put the US in a worse position to compete against Chinese tech companies?
Not if you remove China's swiftcode which the USGOV can do and China is very nervous because it would lead to mass unrest.

How do you compete when nobody is buying Yuan and the demand disappears overnight in the foreign exchange markets?

Not in search or advertising.
Being in a more competitive industry generally reduces margins but increases the size of the market. Vertically integrated companies lose to aggressively competitive non-integrated competitors when they exist (and a monopolist is proscribed from buying them all up), because the existence of that competition means they can't be abusive or collect monopoly rents.

Vertically integrated monopolies are sticky because you can't replace any individual part of the stack by itself. You can't compete with iMessage just by creating your own messaging app, because to be on a level playing field you would also have to create your own mobile operating system and design your own phone hardware and microprocessors and convince all the customers to switch despite the existing network effect.

If we made it to a market where anybody could create a new OS and have it run on the existing installed base of hardware, or create a new app in a write once run anywhere language and it could run on every existing device, vertically integrated competitors are at a disadvantage because they have to be best in class in all of their individual markets or else customers find themselves better off to have the ability to mix and match.

I'll give an example of a Canadian vertically integrated monopoly: BCE (Bell Canada Enterprises). BCE grew out of the incumbent phone company (Bell) in most of Ontario and Quebec. Over the years it has used the massive profits from telecom to extends its reach into other sectors of the economy. Over the past 10-15 years, it has made quite a few acquisition of various content producers. Most notably to me was the purchase of CTV and Discovery Channel.

Back in the 1980s, Ottawa had a local independent broadcast named CJOH. They produced their own local news at 6pm and late night. The CJOH news team was well respected and an active participant in the community. CJOH eventually got purchased by CTV and ultimately landed under the control of BCE / Bell Media. Shortly after Bell Media gained control a few years ago, they laid off longtime anchor Carol Anne Meehan. Not a good move in my view, as they brought on an entirely new and young team. Further cuts to the news staff have happened over the last few years as increasing use of technology has allowed further staff cuts -- everyone from camerapeople to editors and technical support staff. Each cut means one less means by which the news organization can learn about things that are happening in our community.

The acquisition of Discovery Channel was even worse in my opinion. From 1995 to 2018 Discovery Channel ran a show called Daily Planet, which was one of the only daily science news shows. This was a wonderful way to find out about all kinds of cool things going on in the world of science and technology. It aired on weekdays at 7pm after the 6 o'clock news. Bell Media cancelled the show on May 23, 2018.

The loss of Daily Planet is, in my opion, worse than that of a local news channel. Daily Planet was part of the reason for the existence of Discovery Channel. There are no real replacements being broadcast that I know of.

The reason I bring all this up is to show how the priorities of a monopoly impact existing services that are a public benefit. In my opinion, the BCE layoffs were not the result of the company losing money. The reasons were to free up cash flow to pay for Bell Canada's massive investments in building out its Fibre To The Home network. Bell has spent billions of dollars thus far building out FTTH across Ontario and Quebec, acquired the incumbent in Manitoba. Purchasing content producers that were once separate entities, then gutting them and using the savings to pay for FTTH construction is a brilliant strategy. Money that was previously an expense gets turned into capex that builds a new asset.

Sadly, our phone and TV bills don't go down in price despite us getting less new content. I had the chance to speak to folks at Discovery Channel at a conference back in the 1990s when I was a teenager, and their enthusiasm about bringing real science content to the public was amazing. I'm sad this has been lost at the alter of corporate greed.

Your alternative is YouTube science channels like scishow
Daily Planet was indeed a great show. I wasn't aware it was cancelled.

But, I'd be surprised if many science-minded people from Gen-X or later, were still watching cable in large numbers. Same for the local 6:00 news for that matter.

I despise Bell as much as the next Canadian, but this shift is likely more due to the increased competition (internet, wireless phones) for mindshare.

>Sadly, our phone and TV bills don't go down in price despite us getting less new content

I was thinking about this recently. Every other area of technology gets cheaper and cheaper (relative to their capabilities) but internet keeps getting more expensive. At least in Canada.

If you break advertising and search into two entities they would still be massive regardless. That would not solve anything.
At the very least it would solve the massive conflict of interest where a service that you can pay to make people find your webpage is strongly intertwined with another service people use to find webpages.
It's impossible to remove that conflict of interest. The search engine maximizes expected utility when serving ads: argmax(predicted-click-through-rate * cost-per-click). That's the only rational thing to ask for from an advertising network, and it's what the advertiser optimizes for as well by running the ad auction in the first place. It doesn't matter who computes the ad-quality score (the predictor of click-through rate); rational actors with sufficient information will agree on the value.

One could artificially prevent the search engine from e.g. sending keywords and viewer profiles to the ad network, but that is a completely separate regulatory approach from monopoly-busting.

While we're stumbling around the regulatory possibility landscape why not just ban advertising altogether? It's a ~1% drain on the economy that people who know better go out of their way to block.

AT&T / Bell was broken up in the 1980s into multiple entities. Splitting local and long distance services resulted in significant competition for long distance, while local phone service remained / remains heavily regulated in many markets. Here in Canada I remember having to pay $0.34 per minute to Bell in the 1980s to call a friend that was a 30 km drive away. Overseas long distance was in the dollars per minute ballpark.

This wasn't without some losses. Bell Labs lost a lot of funding once the Bell monopoly was split up. The amount of R&D that the telecom giants funded over the years resulted in massive public benefits, creating the tech industry we all know and love.

And search would tank until it spun up a new advertising division.
How would that even work? Search and search ads are one product.
The company that makes the search engine and the company that sells the ads to the advertiser can be different companies, in the same way that you can put Ad Words on your website and they'll show ads based on the content of the site even though you aren't Google.
So assuming the company is splits into Google and AdWords, would Google be forced to work with AdWords or are they allowed to use different providers? Are they allowed to create their own competitor to AdWords? Which problem is this solving?
Yes, they'd be allowed to use other ad providers, and hopefully it would be illegal to penalize them for constantly running some multi-armed-bandit trials across multiple ad providers.
Then AdWords would draw the short end of the stick because their product would become commoditized. Google would still hold the same market power as before. Ad quality might go down because there are multiple providers. Overall I don't see the upside.

Maybe something that would make more sense is if Google was split into two or more search engines, each of them would get a copy of the current source code and data.

The existence of google adwords on other webpages suggests otherwise.
Exactly. That's like saying Tesla should be divided into a part making cars, and another part taking payments from buyers.
That is how most of the (American) retail auto market works, though, so it's not a strange idea.
More like car manufacturer and car purchase loan provider (if that were something it were offering in-house).

We could create our own search engine, funded by showing Google Ads, today; the suggestion is that that Ads business be separate to Google's own Search business which happens to use it, but which might easily (except obviously it doesn't) use Facebook Ads or whatever instead.

You can already create your own search engine, and have Google serve the same ads on it as they would for their own search. I don't know what the product is called, or what the requirements for signing up for it are, but it is how a lot (most?) of the smaller search engines monetize.

(I just checked Ask Jeeves and Startpage, and they were both serving ads from Google.)

Yes, that's what I said.
Sorry, your use of "could" instead of "can" made it look like a hypothetical.
Google should reveal it's algorithms to make it transparent and fair to everyone. So we can game the system. [not really!]
Search is not making profit and only exists to show ads.
...isn't showing ads what makes it profitable?

Edit: Oh, I see where you're coming from in light of the parent. Well, Google could place ads inside their product without actually running an ad network—that is in fact what most websites on the internet do.

This wouldn't necessarily make sense at Google's scale though, so I don't think that's what GP meant. Rather, Google shouldn't be able to own most of the ad networks on the web while also running massive ad-supported properties in house.

Ad networks were separate years ago! Strangely enough they were acquired. Google bought AdSense and Sprinks in 2003, dMark Broadcasting in 2006, AdScape and DoubleClick in 2007, AdMob in 2009, Invite Media in 2010, mDialog in 2014, Red Hot Labs in 2015... I'm sure there are more.
Sounds like theres a good business in making ad networks and selling them to google
Cross market subsidies make this possible once you've killed off all the competition. Therein lies the danger of monopolies.

To be honest, I'm disappointed that no micropayment schemes have taken off yet. I'm perfectly willing to contribute a few pennies to every site that I visit, but there's no good way to do that today. Instead, every time I read an interesting news article that gets forwarded to me by any of a couple of dozen separate paths, I end up at a different news site that I don't have a subscription to. Should I really have to have 100 subscriptions to news sites that I only read 1 or 2 articles from each month? Some entity needs to aggregate this into a single convenient $30/month subscription. Ideally it would be standardised and be added on to my monthly internet bill (IETF standards ftw).

I think there might be psychological issues at play here, sadly. If you click onto a news website from a search engine, and it ends up being for the wrong thing, people feel cheated and will want their money back.

This is probably silly, because if you're paying a couple cents per view, you should be concentrating on the value you receive in the aggregate... but people aren't rational, and personally, I don't think I'd be immune to feeling a sense of regret when I spent money on the wrong link.

I'm not going to remember the episode, but I'm pretty sure Planet Money said this is what happened when micropayments were tried in the 90s.

I subscribe to Scroll.com, and I think they've probably got a better model down. Make agreements with lots of sites from different companies, and then offer a bulk subscription which removes ads from all of them. It doesn't let you through paywalls, mind you, but you could imagine a variation on the concept which did.

Agreed, but there is a "cheap enough" threshold where that doesn't matter. Netflix was like that ~5-6 years ago where there was all kinds of content available. Today I need Netflix + Amazon Prime + Disney+ + who knows what next to get the mix of content that I previously had in that one subscription. I'm at the threshold of no more streaming services now. Fragmentation can destroy markets. Striking a balance between competition and mergers is non-trivial.
A side note: one of the reasons I don't subscribe to more online news sites is that I can't handle changing my credit card number with more vendors than I already do today. I've had 3 card replacements in the past year due to data breaches. This is truly annoying.
I’ve had similar experiences with other google products:

My mom forgot her gmail password and no longer had the same mobile number for a reset, the secondary reset option was set to my email but would not send a reset despite this. We had a live session via thunderbird but there were no channels of support. Luckily we were able to register her old mobile number to achieve a password reset, thanks to a helpful phone provider and NOT google.

My mailserver is marked as spam by gmail, a helpful HN commentor pointed out it may be my lack of ipv6 which appears to be the cause. I have no idea why ipv6 would indicate that I’m not a spammer, I can’t ask google because they don’t have a support line.

I understand others have far more expensive (read: >1m$) problems with google specifically, and I know I’m not alone here.

I just hope that by continually airing grievances with lack of (useful) customer service by major providers, they end up caving and investing in customer support.

Until then, fuck you google.

Wow. I'm you in both respects.

I just had the same problem with my dad and even though he can send and receive email from his gmail account they still won't tell him the password. All he has is the fragile oauth token on mail.app on his apple smart phone that can only connect via wifi due to the loss of the old phone number.

Additionally, my mail from my independent mailserver just started being marked as spam by google (exactly when I sent mail to noaa.gov and fireeye's internal system was borked due to their solarwinds problems http://superkuh.com/spf-google-fuckery.txt). I signed up for google's postmaster tools set my DNS TXT records but apparently I don't send enough mass mail to not be a mass mailer.

> they still won't tell him the password

The Google support people should have mentioned it, but hopefully, they wouldn't be able to tell him the password without investing tens to hundreds of thousands of dollars in cracking the hash.

https://plaintextoffenders.com/

If it was important

People would WRITE IT DOWN

People would RECORD IT

People would BACK IT UP

Its not the job of companies, corporations or tech repair stuff to remember stuff for you

Is google really encrypting each individuals email based on a password they have no knowledge of? I know privacy oriented email hosts have tried to achieve this, but google?

I'd hope the phone tech support understand the goal was to regain access to the account, through a reset or whatever mechanism, and not to just know the password. But maybe if my dad worded it like I did the same confusion could've happened.

> Is google really encrypting each individuals email based on a password they have no knowledge of?

We're talking about giving out a forgotten password, not getting access to email contents.

I used to work on the indexing system, not GMail, but my vague recollection is there are some master private keys (necessary for lawful intercept, etc.) locked in hardware modules for email storage, where very few binaries are able to get the hardware modules to perform public key decryptions. There are strong safeguards on humans using some of the binaries that do have access. Access to these encryption keys is orthogonal to access to the account password. My recollection of the Aurora attacks is that the intruders got access to some systems that were able to decrypt/display senders and subjects, but we believed they were unable to get at the email bodies.

They mean google does not have access to the password, as that is done via a one-way hash.

They can do a password reset, however would need sufficient proof of account ownership. Having access to the account is unfortunately not enough proof to show ownership, as that could be achieved with access to someone else’s device.

You just have to wonder why this is.

And I have a theory. My theory is they did the risk benefit analysis of all this and decided this was the best way to go. I think the the hole that opens up when you are open to appeals and special cases is too great, the bad press from one bad case is so bad that it's ok to ignore all the folks who have lost their accounts. I mean, what other explanation, what other reason can there possibly be for this?

I honestly wish the US government was banned from using Gmail. It has caused more problems than any usefulness warrants. Also, NSF is a pain too.

[edit: I wonder how many of the down voters have actually sent email to a government agency using Gmail or dealt with some of NSF email issues firsthand?]

Having access to a logged in account is definitely not sufficient evidence for a support team (at Google or anywhere else) to allow for a password reset on that account.

If it was, then someone forgetting to log out on a machine they didn't own could be a much more serious problem than it is. Rather than just temporary access to the account that the true owner has the ability to revoke, it could result in a completely stolen account.

I would recommend ensuring the phone is backed up, that’ll reduce failure to deauthentication (as opposed to deauthentication and lost access to the phone)

Edit: also consider setting up a mail forwarder to another address you own if you can from the app UI, I would do this on a test account first in case it forces you to reauthenticate, as it can be a suspicious action.

> My mom forgot her gmail password and no longer had the same mobile number for a reset, the secondary reset option was set to my email but would not send a reset despite this.

I’m in a similar position except I know my password. Google decided for whatever reason that my location was too different and now requires that I verify via a phone number I no longer have. I have access to the recovery email and even get ‘suspicious login prevented emails’ at the recovery address. I tried working through google support and was given a form to fill out but never heard back.

I should have kept that number until I updated it yes... but I thought knowing the password and having the recovery email would be enough.... guess not.

But yeah... fuck you google.

I've had that problem too, multiple times, where I knew the password but Google wouldn't let me use it (I almost lost my account). Google doesn't like users that clear cookies, block trackers, etc...

I wish that there was a way to disable those "protections".

There is a really really simple one (at least for your private life but if your company uses G-Suite, you always have the admin to take care of things you forget):

Do not use Google! It's as simple as that. I have never had a Gmail account until an Android device sort of forced it on me, because I definitely didn't want to link things up to my real email address, so I just signed up for the whole thing. Do I ever use that email address? Definitely not! Why would I?

What happens if I ever loose access to that account? I have to register a new one for my Android device(s). Boohoo.

Some of this obviously requires 'abstinence' and not having the same 'cool toys' as other people. I.e. if I buy lots of fancy apps that I actually rely on for my daily life, then loosing this Google Account will hurt. No longer have a PC and do everything including your banking, gaming etc. with the tablet (i.e. things you really need or things you paid a lot of money for)? Well, welcome to the walled garden where Google practically owns you.

> Some of this obviously requires 'abstinence' and not having the same 'cool toys' as other people. I.e. if I buy lots of fancy apps that I actually rely on for my daily life, then loosing this Google Account will hurt.

Pleco is a necessity for me, but it's not tied to the Google account. It has its own registration system.

Same goes for WeChat.

The Android Kindle app isn't really a necessity, but it's desirable. It, too, has its own registration system. It's certainly tied to my Amazon account, but not to my Google account.

This is part of why I try to stay away from apps; once you become reliant, you're stuck. It's best if there's a desktop client, (and particularly one that is not bad for privacy, but usually these things work better on a desktop) since it will not keep you tied to a device or ecosystem.
That is absolutely the right way to deal with it. Bravo! Use the apps that have their own accounts, don't require an account etc.

I do the same actually and don't use apps or services that will only allow you to "Login with Facebook", "Login with Google" etc.

Google's screwed over more than a few g suite admins. Caution is advised in all things Google.
You should keep it all on paper instead, because nothing ever happens to that. ;)

I do think there is substantial room for a kind of "major provider reset" service, similar (at least) to what banks do physically. Lost your account access? You need to GO to a place, be on video, have an ID check done, multiple forms of whatever identification. It costs to do this kind of thing, and as a last resort I'm pretty sure most people would want to pay it, instead of losing account access.

Your argument seems to be "It would be massively inconvenient to lose access to these things so instead I will not have these things."

Yes. Google should have an office in the capital of every state/country and maybe every city of over 1 million people where you can go and get things fixed when you really need to. Charge $50 to cover cost an I would be happy to pay it if needed (although the PR hit for doing that would be high).

I really need to transition more things off of the Google ecosystem.

Yes exactly, I will just not have these things and the more people do that instead of giving in, the more alternatives can survive and thrive. See the other post of using apps that are actually free to install on Google Play, but you sign up for an account that you might also pay money for. Now the thing that you rely on for your life is no longer tied to a specific Google account.

If you loose access to the account for that 'thing', sure you're screwed with regards to that 'thing'. But it's just one of the eggs in your basket.

If you do _everything_ through Google, then Google is your basket full of eggs and if you don't play ball with the basket, it will take away all your eggs.

Do you have 2FA enabled? I suspect that if you have either an authenticator app or a security key, it will use that instead of random heuristics.

(This isn't a defense of Google's behavior, just a comment on things that are actually within the end user's control.)

I don't want 2FA and I have it disabled but they often ask me for more than my password which is like forcing 2FA on me (but what you say may be true).
Why don't you want 2fa? What concern do you have? You can use fido key if you have concerns about the software authenticator. and you don't need to use your phone number.
I tried to setup 2FA, Google would not let me setup an authenticator app without first giving Google a phone number.
It’s phone number -> auth app -> umbikey -> remove phone number. None of my google accounts use my number for 2fa anymore
I wonder if that last step shouldn't be followed by a GDPR notice to stop processing your phone number, if you're in Europe - because I don't imagine they aren't storing your number anyway, after you remove it from auth options.
I have a Twilio number I use as my Google recovery number (which is only used for that purpose). In my case, it's because I want to protect against SIM swapping attacks on my real phone number, but it also works for people who don't want to give out their real number.

This doesn't work for services that send SMS 2FA codes and the like from a shortcode (as Twilio does not support receiving those), but Google appears to send from a longcode, so it works there.

As someone who occasionally moves countries, this is horrifying. Did you enable 2FA and still need to authenticate via text? I used to enable 2FA, but got worried about phone loss/damage.
Do they even let you enable non-SMA 2FA anymore? Last I checked the TOTP option was gone.
On Google? Both totp and second device authentication are still supported.
Recovery email, SMS, TOTP, other 2FA. Now there are 4 ways to compromise your account. Awesome! And the solution, according to Google, is to pair those methods with some other arbitrary factors to make it really secure.

Just ignore the fact that almost every option is vulnerable to real time MitM via phishing if a user doesn't understand they're at the wrong URL. So what does Google do? They deemphasize the URL and train users to randomly enter their 2FA codes everywhere a million times per day. Brilliant!

In fairness to Google, the one mechanism that isn't vulnerable to phishing is the one that Google put a lot of work into designing, implementing, standardizing, and evangelizing, and the others were existing and easy-to-implement options.
> Now there are 4 ways to compromise your account.

No, there's 1 way which existed with just the email/password. But it's reduced by the number of people who do realise it's not the right page.

They also support FIDO/U2F, which does the site verification for you, and 2nd device auth which I don't believe you can trigger from a spoofed site.

Yes, but first you have to enable SMS 2FA.

When you set up MFA, it doesn't provide TOTP as an option. If you enable it with a phone number/SMS MFA, you can go back into the MFA options and add a TOTP device then remove the SMS option.

Of course, at that point they still have your phone number...

It's been a couple of years but I was able to set up 2FA for security keys (Yubikey and HyperSecu) and Authy (same as Google Authenticator but allows me to user more than one device to authorize). I then removed the phone number and backup email address.
They ask you regularly if the data is still up to date and have disclaimers about situations like this when you register the phone number as an actual authentication factor.

Not saying that this isn't at least partly on Google, they should have responsive customer service that can verify accounts - but you could have easily prevented that by being less lazy with keeping your data up to date. Security and account recovery is the one thing you shouldn't cheap out on.

I moved across a border like 20 minutes away and got a new number - it is extremely common that both things change at the same time for people. It wasn’t a months old number or anything.
Wait, is this a mobile (cell) phone number? Why is this tied to where you live?

In the UK you can take your mobile number with you between network providers and they're not tied to your location.

Not everyone moves in the same country. I moved from Ireland to the UK 8 years ago and the process of updating phone numbers and addresses is just flat out impossible on certain services.
Not sure about Irish/UK rules regarding this, and it might not be possible everywhere, but if anyone else happens to be in that situation in the future then I can wholeheartedly recommend transferring the old number to a prepaid card, and then simply bringing that along.

That way, you can keep your old number for as long as you keep the SIM topped up (once per year where I lived).

So long as I moved within the US, I could use the same number - and so I had the same number for years. I can move anywhere in Norway and have the same number, and have had the same number for years. When I moved from the US to Norway, though, I had to change the number.

And I don't think this is unreasonable. The country code and phone number format is different (10 vs 8 numbers). Most non-spam calls I get are from somewhere else in Norway. I'm going to guess you could keep the same base number so long as the format is the same (between Canada and US, for example) - but that country code would still change

Yikes. I've logged into my gmail account from 55 different countries, and I've never had a problem. Some of those countries must have set some flags - Nigeria, Sudan, Mali, Rep. Congo, Bolivia, El Salvador.

Maybe I'm on thin ice..

Did you clear cookies before signing in from the other country? As I remember, Google made me re-authenticate via text the last time I cleared cookies, despite connecting from the same IP address as my last login.
No, often used an existing session, though back in the day I was also using computers in internet cafes around the world, so totally new sessions each time
Android devices get a pass. I'm guessing Google verifies some ID on the phone.

This, btw, is what I think caused me to lose a Google account.

It was an old one I was checking very rarely, someone reset my (strong!) password from a phone. I reset it again, along with the questions, thought I was fine.

They once again reset it and then Google's recovery page was not letting me do anything, apparently I was the suspicious person. Oook Google.

This is one reason I will not give out a phone number for the vast majority of services. If that means I can't use something, so be it.

Building proprietary, impossible-to-understand Rube Goldberg mechanisms based on associations between accidental aspects of my life (location:phone number pairs, for instance) is not a security system, it is a design for randomly fucking me over. If your system is designed to fuck me over, I would prefer to use something else, thanks.

This is a great point.

I'm going to try and onboard this thinking into my life.

I'm locked out of a Google account I configured without a phone number. It won't let me reset to email, and when I provide a new number it does no good.

The capriciousness that one often finds on a company like Google that means whatever they allow now isn't necessarily going to be honored in six months.

Same thing happened to me when I changed ISPs. I never lost my password, but Gmail locked me out anyway.
"Building proprietary, impossible-to-understand Rube Goldberg mechanisms based on associations between accidental aspects of my life (location:phone number pairs, for instance) is not a security system."

It is a system for building better profiles of potential targets for advertising. Gathering data is a means to improve online advertising services to Google's customers. The more data you volunteer, the more their online advertising services can potentially improve. That is one way to look at it.

From another perspective, all the "security" measures are a red flag for me that Gmail accounts are high risk if using for important, personal matters. (And that people are increasingly using it for such things.) The available solutions to that problem from the user's perspective should include the option to stop using Gmail, not simply to support Google's rollout of the next set of Kafkaesque "security" processes that incidentally always require more privacy sacrafices.

Giving me a notice that a User-Agent header changed (by suggesting they have detected a "new device") is not my idea of "security", but it reminds me that this data point is among the ones they are collecting for their online advertising services. It makes me wonder what assumptions and proclamations someone might be making based on such "evidence". I did an experiment where I saved a session cookie for an account I registered and used it outside the browser weeks later, without any User-Agent header. It worked flawlessly and I got no warnings of a "new device". Makes one wonder what is in that cookie and how long it will last. Is it restricted to IP address/location. If it never expires, then if an attacker ever gets a session cookie and the user never logs out of that session, the attacker will be able to "silently" use the account, forever. Yikes.

since the user agent is supposed to be locked (soon if not already) for newer agents, and Google is probably most responsible for this feature, you would think they did not detect new devices by user header changes?
Ironically, Google likely has enough data that they could conclusively prove you are who you say you are and own the target account, just by looking at your Chrome's telemetry for the past 10 minutes...
> I would prefer to use something else, thanks.

What is the alternative to Gmail? Genuinely interested. I'd be willing to switch if I found a future-proof email solution for both personal and business usage.

There are so many email providers you'll have to explain in a bit more detail why you think the alternatives you've seen aren't appropriate for you.
Fastmail, Protonmail, Microsoft365
Seriously? Fastmail is awesome and so much better than gmail. And I'm sure there are plenty of good alternatives as well, this just happens to be the one I use.
I just use my own domain and then forward incoming email to whatever service. This way it doesn't really matter what I use: if I get locked out I simply change the forwarding email. It's free with most providers.
I use Office365. Yes it costs money, and yes they provide good support. I also use Outlook so ALL my mail, both sent and received are stored locally and remotely. If my mail bombs I lose max a couple hours' worth of email.
Protonmail is a really solid solution as long as you have your own domain. It's pretty privacy focused and has worked well for me for a decent while. They've got a decent VPN service as well (I think it comes bundled with Protonmail at some tier level) and they just recently rolled out a beta for their Google Drive replacement.

All in all I've enjoyed their services. Their security/E2E Encryption support is nice (could still use a bit more functionality though) and they are definitely a lot more FOSS friendly than Google when it comes to actually using their services.

And, to boot, as frustratingly low as their free usage tier limits are, the fact that they openly publish them and that they are quite low tells me that they're at least being realistic about what they can offer without monetizing the service in other ways.

I actually pay for ProtonMail now and I'm in the process of moving all my communication to it. My Google account will stick around, but I'm diversifying my dependencies and it feels so good.

Step 1, get a custom domain so you can migrate providers easily. It costs like 6€ a year, definitely worth it.

Step 2, Fastmail, Protonmail M$, ... will be happy to offer you email for few € a month. If you'd desperately need to save money on that, there is Czech provider Seznam.cz that offers email on custom domain for free. Only issue is that the registration is in Czech, but Google Translate your friend: https://emailprofi.seznam.cz/login It's like a biggest local internet company, not totally random provider, so should not just steal data or disappear right away and works reasonably.

Thanks, will have to make some time to do the switch, but at least I will sleep well at night knowing that Google doesn't own my life.
I've been using iCloud Mail for 10 years now.

Never had a problem, and allows up to 3 aliases at a time that can actually be completely different instead of Gmail's useless HeyLookAtMyRealAddressEveryone+Alias@gmail.com

Protonmail seems to work pretty good for me, although I still have a gmail address as well.
> future-proof email solution for both personal and business usage

Apple iCloud for personal use.

I've been very happy with kolabnow.com services for a biz email acct, and I'm likely to switch personal over there too. Not free, but inexpensive, FOSS, Private, Swiss-located, and really solid service and support. Among a ~dozen others I've tried or still using, Kolab is the best of the lot.

(&yes, I use Gmail for junk or transactional stuff; need the acct for an Android mobile, and their UI is a horrific kludge of UI conceits trying to showcase their 'mad design skilz' - yuk!)

When this question is asked, there's always a hundred people eagerly telling you to switch to Fastmail, forgetting that 14 years ago, everyone was saying switch to Gmail because it was the good option.

I would just suggest people think about what might happen if Fastmail gets enough of a userbase to be the next Gmail.

Fastmail is monetized in a completely different way from gmail.
14 years ago, Google was a very different company. I don't think it's reasonable to criticise people for not seeing what they would become that far in advance.
I agree with you, I just caution that they may not have become what they are today if we didn't all flock to Google. Fastmail is good today, will they be good if they become the dominant player?
Get a domain at namecheap, plus email. Ten or twenty a year. Web and thunderbird support. Become the customer instead of the product.
If you can tolerate a completely different way of doing email, I wholeheartedly recommend HEY[0]. I've been a customer since it went live and their business model is very straightforward. You pay $99, you get email for a year. Their track record running Basecamp instills confidence in the longevity of the service and that they won't sell out their customers.

I honestly think it's a much better approach to email. One of the key issues with having an email address is that anyone who knows it is granted permission to get your attention, whereas with HEY you get rid of that problem for the most part but without having to 'program' your inbox.

[0]: https://hey.com

I keep a phone number I never answer, with a voip provider I've used for decades. That number forwards to whatever number I care about. I give out only the movable voip number, never my physical cellphone number, when it comes to services.

This is what iNUM was supposed to solve. Sadly it didn't take off.

Does that mean you could be screwed if that voip provider disappears before you have time to change things? Or do you own the number somehow (like a domain name?) so that you can move it elsewhere in that situation?

I know nothing about voip providers and this makes the setup sound scary to me.

Yes, you'd be screwed if that happens. But it's significantly less likely that they're skiffed than a telco provider, given how they work. I know way too many people who have had the latter happen - and none the former.
Same situation here. This service is a joke.
Same thing happened to me with other services too. Sadly this is too common
I had this same problem - correct password but google wouldn’t let me in. The alternate email was from a domain I owned 10 years ago. I didn’t have access for a few years, but eventually I resorted to re purchasing that domain and setting up a mail server.

Fuck you google.

This is very scary situation
To add my voice to the ever-growing chorus: I'm in a similar situation, except in this case despite my still having session cookies stored on several devices, all of which were logged-out simultaneously, it's requiring a new phone number. When I eventually gave one grudgingly (one used on most of the other accounts listed along side this account in Google's account switcher), it still tells me I'm locked out and to "try again later".

It's been about a month.

I have a very short list of companies, the collapse of which I'd celebrate with a party, and Google is vying very successfully for that top spot against some pretty reprehensible competitors.

Yeah, I've got an account I haven't had access to in about ten years that I still can't get in to. I try and reset it from time to time and just always get the "try again later".

I'm pretty sure I even have the correct password, but it thinks my login is suspicious since it's from a new/unfamiliar device so requires me to further authenticate myself except I no longer have access to the phone number associated with it. I'm fairly sure I have the answers to the security questions as well as have succeeded at the other recovery options, but best I've been able to get is "try again later".

The email is being forwarded to another address of mine, so I can still receive email I just... can never actually get into the account ever again. Thankfully I don't/didn't ever use it for anything all that important.

Keep in mind gmail doesnt forward messages regarded as spam.
For this reason and spam calls, I have a free Google Voice number that I use for all services. I never give my cell #...
Their numbers aren't always accepted with various entities. I just tried to register with irs.gov, for example, unsuccessfully.
There are whole blocks of legitimate carriers that aren't accepted with various entities. Last time I tried to make a Facebook account I went so far as to buy a phone and a cell plan to try to get a number that would validate in their system, but they wouldn't budge.
Yup - the numbers Google Voice has are tagged as 'VoIP numbers' in some dataset somewhere and are blacklisted by a fair number of services and blocked from 2FA or Sign-up.

This has also happened to me when using MVNO carriers (Cricket, for example).

Isn't Google Voice only in the US, though?
(comment deleted)
I tried to use mine, and it is not recognized as a cellphone number, I imagine as a landline one.
How do you log into Google Voice?
https://voice.google.com/

It can be set up to forward inbound texts to another number, or you can see them via the app.

I haven't had the "blocked" issues others have, and.. in the case of the IRS, I do have someone who files my paperwork for me.

I'll echo the sentiments in this thread except for the swear words at Google. Losing access to a Gmail for similar reasons has been a net positive, though at the time it was mildly frustrating. I haven't gotten sucked into their aggressive cross-selling of all their products, and the consequences of always being logged in. Occasionally I can't view or comment on something. You can bookmark 5 YouTube channels without Subscribing, and some Twitter feeds without Following. The oligopolies of 2020 have made the internet a much more boring place than 10+ years ago. YouTube resembles cable television more and more every day. Rather than get mad and watch poor content, I now have more time to read and think.
Same here. I use Teddit.net for Reddit, Newpipe for Youtube and one of the nitter.net instances for Twitter. All the content without the clutter and fast, as well as a lower temptation to get into flamewars etc.

(In Newpipe you can subscribe to creators' channels, see the comments and their other videos. You just can't comment from there.)

freetube is another youtube alternative if anyone is more of a desktop user, and invidious is web based
> YouTube resembles cable television more and more every day.

Depends on what you're searching, there is also the perspective that YT is a vast library of content that would never have appeared on TV, such as lectures, talks, conferences, courses, demos, gameplay, cooking, home improvement, product reviews, obscure music. It's the library of Alexandria of modern age. I would be devastated if I lost access to it. Wikipedia and Arxiv are complementary collections.

>YouTube resembles cable television more and more every day.

That's just the algorithm. There's still some amazing content on Youtube, but the algorithm will always try to offer you junk food. There are various ways to avoid this, but it becomes a problem for ditching Youtube. The positives are too enticing, and don't yet, at least for me, outweigh the negatives.

I generally hate suggesting a browser plugin to solve a problem with a service, but give this a try: https://github.com/SeinopSys/YTMySubs

You can no longer visit the home screen. Any attempt always redirects you to the subscription view. And from there, it simply becomes a matter of only subscribing to worthwhile channels. I've found it improves my Youtube addiction quite a bit.

I've had the same issue twice, but it worked fine for me. I just filled the form on the login page, and after a couple of days I received an email telling me 2-fa has been disabled. The only issue I had was that 2-fa was only temporarily disabled and not permanently as I thought, so I had to do it a second time when I tried to relog a few days after and then I changed my number.
Same here. I have a Google account I can reach via POP and wanted to log into (after a very long time).

They requested to send the confirmation code to a phone I do not have anymore. I replied the "security question" correctly. Then I had to provide the recovery email I once set up. Which I forgot.

So yes, I should have kept that up to date but it would not be difficult to prove I own the account (my usual google account pulls from that unavailable on for years) - it is just that there is nobody at Google to contact and have a look.

I will seriously look into fastmail or protonmail, despite being with Google for 14 years

I see a lot of people complaining about not getting what expect out of free Google services. How about choosing a non free provider of those services that has support?
I'm facing the exact same issue on a 11 years old Google Account with Adsense, Gmail, and a lot of Google services tied to it. Since I know the password, have access to the recovery email, know the recovery questions and answers but Google doesn't even let me enter the recovery process and block me from doing so because of my "unknown device". I'm stuck and I have all the info needed...

Happy Edit: Following your post and just for the fun I tried to log back in and instead of the usual error message Google asked me to enter my full recovery email address. Then, I had to enter a valid phone number and to create a new password. I HAVE ACCESS TO MY ACCOUNT AGAIN!!!!! I don't know how the fuck it worked but if you're in the same position try to log again in a few weeks. What I did the past few months: fill out the Gmail recovery form. (no impact). Bought Google One and asked for support at least 3 times (no impact). Tried to log back in multiple times over the course of a month or two (no impact). Thought the account was toast, I was looking to alternative solutions but I tried again and it fucking worked!

Anti-monopoly laws exist for a reason. Splitting Google (and other IT monopolies) is the only remedy their monopolistic behaviour.
This is worse than monopolistic behavior. Show me where old school AT&T acted like this.
“We don’t care, we’re the phone company!” ((Elbows buttons)) ...funny Lily Tomlin skit.
In theory, yes, but in practice, especially in Google's case, that won't work. YouTube could probably survive on its own ( due to the astronomical costs associated we can't be sure unless Google share more numbers), but no other part of Google's consumer-oriented services, and even some of their business oriented ones ( G Suite/Workspace/whatever it's called this week) can't be profitable, ever, and are only subsidised by data at scale and ads.

How would you split Google into entities that won't go bankrupt within a year? ( And you wouldn't want that because it would piss off people and would help the cause of the anti-regulation and anti-government uneducated people). Maybe GCP, Android foundation, YouTube, rest of Google could work, but the "rest of Google" is still too big and too powerful.

Forcing them to open their data and platforms ( e.g. allowing other ad networks to access Google's tracking data and to serve ads via them) could diminish their monopoly, but it could also diminish their profits and force them to cut some less profitable parts of the company even more ( and that might be good).

Same thing with Facebook, just a bit easier - splitting off Instagram and Whatsapp will absolutely improve things, but the remainder is still to big and powerful. Twitter is even worse, you can't split anything.

Anti-monopoly laws and frameworks need to be updated for the modern world, because the logic that worked for physical assets, sales and infrastructure ( e.g. the US split oil companies and telcos along physical lines) no longer works for Internet companies.

That doesn't actually matter. Its a 'poor Google' argument, not an argument against breaking up a monopoly. The new divisions would have to figure out how to survive, like anybody else in the market. Definitely 'not our problem'
Why break up totally different services in the name of monopoly-cracking? What's the monopoly on? In what sector would breaking it into different services decrease monopolies?
Interesting issue. The oil companies got broken up geographically. Same with the phone company. How to break up an internet business?
Two words: forced interoperability.
You can use anti-monopoly laws to do other things besides just breaking up companies. You can force them to not use their other entities to advantage themselves over competitors (promoting google services over others in search results). You can force interoperability and prevent shutting out competitors. You can prevent buying up new companies that compete with a google product. You could enforce a minim standard for consumer protection and codify rights to access for customers.

Many power companies have government enforced monopolies across the US. They also are heavily regulated and limited in what they can do to prevent them using their monopoly to extort, abuse, or neglect consumers.

can't you just disable ssl and sniff the password via wireshark?
No. It'll be a token.
Thunderbird will store the password in password manager though. It should be accessible.
What does it being a token have to do with anything?

An unencrypted token is just as vulnerable as an unencrypted password.

Tokens have defined scope and expire, so not the same as a password that doesn’t have these limitations.
If the stream is encrypted that's great. The token is likely to expire before the stream could be decrypted.

But if the stream isn't encrypted then it doesn't matter. A robot can easily collect the token and utilize it before the token expires.

> I have no idea why ipv6 would indicate that I’m not a spammer

It's likely not about ipv6, but instead it's about your ipv4 having bad reputation in the past. Basically you changed your source address to a cleaner one.

This is very likely the case. Check the IP on a site that does IP reputation scoring [1]. They probably don't have a database of "bad" addresses for IPv6, so it squeaks by for now. I'm sure that'll change in the future though.

My current IP shows "0 - low risk" with that tool. Grabbing a random PIA IP shows "93% - Abusive IP" with a warning about being a high risk proxy connection. The random VPN IP is also on SPAM blocklists.

I'm guessing a huge portion of cheap shared hosting is the same.

1. https://www.ipqualityscore.com/ip-reputation-check

FWIW - I suspect the "IP reputation" site you referenced is utter bullshit when it comes to its "Proxy Detection". Looking at my own residential public address it calls it a 'low risk proxy' when I can assure that it most definitely is not. It doesn't help that their explanation for how they attempt to detect this is a pile of marketing word salad. I don't expect them to be completely transparent to their methodology, but they should make some attempt at presenting a bit of technical background.
It doesn't have to be bullshit. You have a sample size of 1 and realistically we can't expect 100% accuracy. We also don't know how often your IP is changing - maybe it was a proxy endpoint recently?
It's a static address that hasn't changed for 3+ years. The only thing I can think of the makes it proxy-ish, is that I have a 6 person household here.

Edit- The IP my employer uses as its outbound nat IP that we vpn from while WFH (so it actually is a proxy) gets a clean bill of health while our corporate email server (not a proxy at all) is tagged as one.

It's not just IPs that have reputation scores but IP ranges and AS entities. Residential IP ranges are often dinged by default because of the risk of infected home PCs sending spam.
There absolutely is a reputation associated with individual addresses and ranges of addresses. And that reputation can be derived from numerous legitimate means (honeypot activity, spam, reverse dns info), but whatever these folks are doing regarding "proxy/vpn detection" is indistinguishable from snake oil.
I would guess that all or nearly all residential IPs are marked as at least 'low proxy' risk because of the risk of malware on personal devices.
It says that for me too, so I tried 8.8.8.8 and it was rated as "100% abuse". I don't think this tool is very accurate.
> I suspect the "IP reputation" site you referenced is utter bullshit when it comes to its "Proxy Detection".

It very well could be. That wasn't an endorsement by any means. The problem from what I can see is if services like that are convincing CTOs to use their lists it becomes relevant (even if the info isn't accurate).

Disreputable and reputable services alike change ip all the time. The only people who don’t are home users and I suspect VPN users. I don’t fully understand how this is supposed to help you decide if something is safe
> Disreputable and reputable services alike change ip all the time.

If you're running a serious mail service your IPs don't change that much. Not only will you have a pool of IP addresses just for that reason, you'll also likely need a few unused ones for when one of your users tanks your reputation and you have to roll them.

Nobody taking real money for email will use a randomly assigned IP as source. (unless it's randomly selected and then tested for reputation before use) Mailgun and other services even allow you to book a dedicated IP just for your outgoing emails.

Interesting perspective. My primary mailserver is AWS lightsail, my test mailserver is DigitalOcean. Both have a process to request a ‘good’ IP address. The latter works with ipv6, despite being (in my opinion) a lower credibility service.
> My mom forgot her gmail password and no longer had the same mobile number for a reset, the secondary reset option was set to my email but would not send a reset despite this.

I've seen this before too. A huge problem right now is the massive tech companies want an unreasonable view into your life. They want your identity, phone number, photo id, location history, credit history, etc. before they'll treat you like a real person.

If you think I'm joking, spin up a transient environment, connect to a VPN, and try to participate online without linking all of your accounts to a piece of real world identity information that, in turn, can be linked to all the other things I listed above. You can't even get an email address without a phone number.

Part of the issue there is the huge tech companies are abusing their market positions to assign bad reputation to the IP blocks owned by everyone else. You can't use a VPS for ANYTHING but incoming connections because the IPs are flagged all by Google et al. How do you run an API server that needs to make any outbound connections if Google, Facebook, Microsoft, etc. all consider the IP block tainted? I guess you just need to buy your IPs from Google, right?

That's exactly the same tactic Google used with GMail. The original spam filtering was super aggressive and shitty and the solution, according to Google, was to use GMail instead of other providers. "Get a big provider" is a very poor answer to a question that has a technical solution IMO.

> My mailserver is marked as spam by gmail

Have you tried GSuite (or whatever they're calling it these days)? /s

Not to take away from your larger point, but you can get an email address without a phone number from ProtonMail. In the past, gmx.com also let you register privately, but I didn’t know anymore. Also, there are lots of sites that let you receive an SMS in their number.
On many (most) VPN connections, Protonmail prompts for another email or a SMS (due to abuse, presumably) or a non-disposable email (depending on severity)
Speaking of con troubles, I think Bell (in Canada) blocks Firefox VPN. I can’t connect to anything when not on wifi.
Flip it around for a second. You sign up for online banking. You use your GMail account as your e-mail address. You get banking statements in your e-mail, you can reset your password to the bank with that e-mail address, etc.

Now, a scammer is trying to access your e-mail account. What level of proof do you want them to have to offer Google to get ahold of that e-mail?

These tech companies are not asking for an "unreasonable view" into your life as long as people are using these products to interact with the real world. They are trying to strike a balance between convenience and security that meets real-world needs. And they are trying to set that balance point somewhere where it works reasonably for the majority of their non-technical users, not for the edge-cases and not for people who think LARPing as a 90's cyberpunk novel is the most important usecase. So, yes, so long as the vast majority of GMail users are using their GMail account in a number of ways that intersect with the real-world financial system, they are going to want some way to verify your real-world identity if you lose the log-in credentials to your account.

"you can reset your password to the bank with that e-mail address" - wait, what? That's not plausible at least where I live, since (a) this would be massively abused to drain people's banking accounts and (b) the bank would be fully on the hook for compensating these losses (above an initial 50 eur risk IIRC), so none of the banks would even consider permitting a risk like that, since that would cost them so much money.

If you need to reset your bank credentials (not solely a password - some form of second factor is universally required), it can't happen electronically without involving the real world; either you come to a branch with proper ID or you get mailed them to your registered physical address.

How would online-only banks work there?
The standard solution for local online-only fintech services would involve piggybacking off of the existing secure electronic ID i.e. digitally signing the agreements (and the request for credential change) with the electronic signature key on your gov't ID chipcard.

I mean, no matter what you do, you have to have some root of trust / root of identity, and it needs to be backed by (and verified in) the physical world - so you either have to do it yourself or delegate it to someone whom you'd trust a lot (i.e. not a random email provider). If a trustworthy universal government ID is available (which is a problem in some places, like USA) then that is a natural solution to that.

Alternatively, an institution is free to trust people remotely, putting effort into fraud monitoring, and taking on whatever risk their trust and processes enable - e.g. we've had some financial institutions verifying passports over videochat in such cases; I have no strong opinion on how safe or risky that is, but presumably the institution has considered the risks very carefully and found them both acceptable and necessary (in that case, sending a scan/photo/picture of the same document was not allowed, it was specifically about live videochat) - which is the key part of the whole thing, the alignment of incentives and responsibility for that risk.

If the consequences of these security risks fall on the users, then the users have to worry about security while financial institutions just wiggle their ears and blame "identity theft". If the consequences fall on the institutions, then the users can stop worrying about the things they mostly can't influence, and the institutions magically design their processes and workflows carefully so that they actually prevent fraud (since it's their own money at stake) and they're forced to implement decent solutions to any tradeoff between usability and security, since their profits depend on both.

I'd assume similar to the signing up process, a video holding a photo id and saying some words.
I certainly don't want my bank, dentist, phone company etc. to rely on a private, foreign company to decide if they trust who I am. Google are involved in stuff they shouldn't be involved in, access to an e-mail account should not be proof of identity.

Incidentally, in my country, there is a government-mandated (everyone has it) single sign-on solution that companies can use if they want to really know who someone is. The implementation isn't perfect and unfortunately they're starting to nudge people into using an app (that can only come from an app store, creating a sort of catch-22) instead of one-time pads, and there's a lot to complain about there. But I think the principle is completely reasonable, that just like we have passports, birth certificates etc., governments absolutely need to enter the digital era and provide modern forms of identity services. This is yet another area where everything moving to the internet has led to privatization through the back door, and I fear the world where some American company can turn me into a digital unperson much more than one in which my government can.

You can get support by paying for Google 0ne where a human helps you.
Hmm... my mom forgot her outlook password recently and doesn’t have a cell phone so she can’t get any auth codes. She says she can’t find a way to contact support. Any suggestions?
See if a telco will provide her the old number. If it’s owned by another entity, kindly explain the situation and ask them (though, that’ll be an awkward conversation, as the messages quite often have ‘do not share this code with anyone’)

The password reset also supports a backup email along with a ‘when did you sign up for this account’ question - for me the backup email was not working. I was able to derive the creation date via an email to my account (which was the backup email address). For me, the backup email function wasn’t working, thus sniping the mobile number from a provider was the solution.

Get your own domain for ~$13 a year and then forward your email to Gmail or another online provider you like. If Google kills your account you can forward it elsewhere.

I recently started using the startup https://hanami.run to forward my mail. It's a brand new startup that I read about here on HN and the creator is super helpful.

Edit: I realize that parents Mom and my Mom are not going to do this, but us Hacker News types should.

Looks like the Terms of Use and Privacy Policy links from the front page 404
My mailserver can’t point to gmail unless I get gmail premium I chose instead to run my own mailserver (it’s a pain, but it’s very scaleable and I use a catch all often). Gmail have created an anticompetative situation where I can chose to pay them money, or have problems communicating with their customers.
I prefer to pay someone... okay, anyone, who isn't Google. Fastmail, O365, Proton, whatever. Solves the problem and supports non-Google options.
I actually want to switch to O365/outlook for my family domain name but refuse on principle because even with O365 Premium they require you to transfer your domain to GoDaddy...

At the moment I'm with Fastmail, but the pricing isn't so competitive

>they require you to transfer your domain to GoDaddy

Not according to this page:

https://support.microsoft.com/en-us/office/use-your-own-doma...

But isn't that product ("Outlook Premium") closed off to new subscribers since 2017? (https://support.microsoft.com/en-us/office/outlook-com-premi... ) I also had a similar experience to the parent poster, i.e. MS support required transferring the domain to godaddy before one could use it for Outlook if using a consumer-focused O365 plan.
Oh. Color me corrected. That requirement honestly sounds insane.
I've been on Mailbox.org for a while now while co-evaluating others. Apart from a few UI quirks and slow-ish support, the service has been rock solid and nice. It also supports push email for ios devices.
Ex google employee here.

I used to have two email accounts, one something I registered for fun (and my main email), other with my name+lastname@gmail. I set up forwarding from second one to first one, then I forgot the password.

I tried to login probably a decade later last year. Couldn't remember the password. Asked internally if someone could help. They said they can't(they can easily verify who I am if they wanted). I asked them to send a password reset to the same email (name+lastname@gmail.com gets password reset email for name+lastname@gmail.com), they said they can't do. This would have worked for me due to forwarding, but no...

Something's at google are great. Support is not one of them.

I have this problem with paypal:

Made an account about 10 years ago with email address x, mobile telephone number y, bank debit card z with some security questions thrown in.

I cannot remember my password from 10 years ago so I need to reset it.

If I try to reset it, they want to send me an sms otp to the mobile number from 10 years ago which I no longer have. Obviously I cannot update the mobile number if I cannot log in.

Another option they give me is to enter some portion of the debit card number that was linked to the account. I no longer have that account from that specific bank, nor have the old cards laying around.

Another thing they offered was for me to fill out the answers to the security questions, but I absolutely hate these and always fill in random characters by mashing my keyboard, so no go here.

In their help guide they say you can contact support if you cannot log in at all, but you have to log a support ticket.... which requires me to log in. Last time I gave up after 30 minutes of poking around their site to try and find a way to speak/email a human that can help me get back into the account, since almost every path leads back to the login screen which wants my debit card number from 10 years ago.

So I've started ignoring paypal now. All their emails that I still get goes in the trash and I will never use them again. Keep in mind this was a business account linked to a business bank debit card (it was the only way back then to link to an account in my country, and only one bank offered the integration, since then things have become much more reasonable (cheaper business credit cards = international ease)).

I'm fully willing (well not anymore) to send them a copy of my national id card to unlock my account while we speak on the phone, but they seem to have no path to support their clients unless logged in. Maybe its been fixed by now but I no longer care about it enough. If you build systems with an auth mechanism, please cater to all the unhappy paths your clients might fall into. I'm not one of those people who will go scream on twitter to get help, I just silently walk away and you lose a client. It's that simple. I'm not expecting them to treat me like a king, I just wanted to log into their site, that's all.

> I cannot remember my password from 10 years ago

> Another thing they offered was for me to fill out the answers to the security questions, but I absolutely hate these and always fill in random characters by mashing my keyboard, so no go here.

This should go as a cautionary tale to always use a password manager. I, too, hate insecurity questions. But instead of mashing keys, I generate unique passwords for them and use the question as a username. Then save them in there as well.

I do now, I have hundreds of logins stored as of today.. but back then, password managers were not as user friendly as they are today, and the ones that were, did not have sync/online storage, thus I have no credentials stored for paypal. I think my credentail store has items from about 2015 and newer. I remember those days where I had a text file with passwords that I would then encrypt as a zip file with the strongest encryption that the zip tool allowed.

On principle I will not ever supply Security Questions with real answers, they are rubbish. Most of them you have to answer exactly correctly (spelling/casing), so you are biased to use simple one word answers that any of you family members or close friends can guess.

I prefer 2FA, but back then offline 2FA wasn't that big of a thing and most sites only supported 2FA via an sms otp, if they even supported it (aka justified the financial costs).

> In their help guide they say you can contact support if you cannot log in at all, but you have to log a support ticket.... which requires me to log in.

I've been burned by that logic at several companies. It's really infuriating. I've even had one where they had a phone number to call for support, but the phone number was locked away behind a support login screen.

Uber!

My friend dropped her phone in the Uber vehicle about 1.5 years ago, so we phoned Uber support whom insisted that we log into their website to log a support ticket... BUT, in order to log into their site, you have to enter the otp sent via sms.. to the phone that is in the car. Took the support lady a few attempts to understand that we cannot log in.

We rand her phone twice, within 10 minutes of realising the phone is missing. First time it rang, second time he switched the phone off.

Eventually we managed to talk to the driver, but he insisted that there was no phone in his car. We never got the phone back. When we asked Uber support again what can we do, they rambled stuff about drivers being Independent Contractors etc. I personally haven't used Uber since that day. She still uses Uber.

We couldn't track her phone because it took 6 days to do a sim swap, again, needing to receive an otp from Google to login to track the phone, but by then it was off.

I used Uber Eats earlier this year and an order took 2 hours (it was obvious the guy is using more than one delivery app), same story from Uber support. Haven't used it since.

How do you know that the next passenger didn't get your phone? You cannot assume it was the Uber driver. It could even be that you dropped it in the street while getting off the Uber.
> When we asked Uber support again what can we do, they rambled stuff about drivers being Independent Contractors etc.

You tried calling the phone, and it didn't work. I guess the next step is going to the police.

I had a similar problem. I have paypal accounts in 3 countries. One my home country. Since I haven't lived in my home country for 10 years, I never use the account. However, some day I got an email asking me to login and do something, so I went to PayPal.com and logged in using my password manager (Bitwarden). But then they thought it was suspicious that I was logging from another country and they wanted to send me an SMS to my old phone, which I no longer have. In the end, I let the account die.
It would be a hilarious unintended outcome if the Google Union developed into the official unofficial Google Support Channel, because they care about public perception in a way that Google don't.
There there is me: lost access to my gmail account (and reset telephone number) and all it took was a couple of emails & phone calls over a couple of days and I had the best customer experience for a free service ever.

I was very happy with the proceedings. This happened twice over the last 10 or so years.

Kind, professional, knowledgeable & acting according a strickt rulebook that tries to prevent social engineering as good as possible.

I love google :)

You are probably then the only people on earth that had a good support experience from google.
We need to know the 10 minute work hours of this fantastic support :D
I set up my email server for reducing GMail dependency. It was a bit a pain because Outlook.com banned my address, but Microsoft offer mw a way to resolve the issue and now I am appy with it.

Now I use GMail as secondary email address along with my other emails, and avoid to use google docs.

On my home network I installed PIHole and it works quite well.

I live with no fear of banning and I am free to express my idea on my self hosted wordpress blog, and decide what to advertise in total freedom.

This is not what you want to hear, but if you pay Google you can get very quick support. The Google One product which includes cloud space and other features includes phone support for Google products.

Turns out, when you use free services, you don't get support, but when you pay them even just like ~$1/mo (I think my Google One for more photo space in the cloud is $15/yr?) they'll pick up the phone and answer anything.

I have Google One as well and while the support is quick, I don't have a good impression of their effectiveness when I asked a few basic questions (e.g. while GPhotos uses my overall quota, is its content accessible from GDrive)
That's fair, and obviously there is zero way you're going to get face time with an engineer that costs them $200k+/yr, and instead it's going to be someone they've hired at a tiny fraction of that.

But that's true of nearly all consumer level support in all industries. Businesses pay big dollars for consultants and service level agreements for access to the higher level folks.

> My mailserver is marked as spam by gmail, a helpful HN commentor pointed out it may be my lack of ipv6 which appears to be the cause. I have no idea why ipv6 would indicate that I’m not a spammer, I can’t ask google because they don’t have a support line.

It's actually a very old problem [0] introduced by Google in 2013. There are different workarounds depending on the MTA you use. Whenever you set up a new mail server you need to go through an increasingly longer checklist and it includes dealing with this issue.

[0]

FYI it could be something like ipv6 causing you to be seen as spam but I figured I'd share this tool (https://www.mail-tester.com/) which I've used successfully many times to get into inboxes (particularly gmail) with custom mail servers.
I think one part of the solution to the social media and megacorp problem is mandating that all companies must provide 24/7/365 live customer support to all users at no additional cost with mandatory minimum fines per user per day for noncompliance or bad faith efforts. For most companies this represents no problem, they already do this, or are close enough. For Facebook Amazon tiktok Google etc it should be crippling to these loathsome racketeering enterprises.
I love your website. Google sucks.
That's not true. Google is amazing. But they have issues. 1. I'm sure you google a lot 2. I'm sure you use google products 3. Google is a great company, they pay a lot of taxes and have good values, such as 100% renewable.
It's hardly far-fetched that someone might not use Google (search) or other Google products.

Just use DuckDuckGo, an iPhone, and Fastmail, say, and nothing else Google offers is that prevalent that it's hard to see, surely?

(I assume we're not counting visiting a site with Google-provided ads as 'using Google'.)

January 1st, 2020 I made a vow to ditch google entirely. I would guess 99% of my searches are now done in DuckDuckGo and Yandex and have been so for the last year. I only turn to google if I have a technical search I'm not getting any luck with otherwise.
'they pay a lot of taxes'

Firstly, they are 'minimising' their tax base[0], and second, is not committing crimes an achievement these days?

[0] - https://developer-tech.com/news/2019/apr/08/tax-google-dodge....

Everyone is doing it so investors expect it - not doing so would be a competitive disadvantage. A better and more permanent solution should be changed with legislation, not by asking individual companies to maximize their tax base, since this would also equally apply such a rule to everyone and not just companies under the public microscope.
The argument was: they are a great firm, upstanding, going above and beyongfor the good of society. Now they are cheating, but so is everyone elaw. Which is it?
Google is doing a terrible job at it’s core responsibility. I look forward to watching the company falter over the coming decade.

Switching costs for a search engine are pretty damn low. And yet their search product is littered with crap and exploits users like only a monopolist would.

Ideally they’ll continue burning goodwill by doing things like adding some fact-checking or censorship “features” into Gmail, delisting political sites, and feature hyper-partisan political infighting as a core tenant of their employee training and advancement practices.

GoodCheapFast alleges they have a 7% conversion rate from visitors to purchases. That’s insanely high, and indicates Google should be sending them as much traffic as possible if their goal is serving the end-user.

But since the site doesn’t advertise with Google, and in fact fosters a beautiful ad-free experience, its essentially an indictment of everything Google stands for and therefore must be eliminated.

suppose google was reducing traffic to websites that are not using their analytics and add network. How would we know, and how could we get recourse? The algorithm is secret and does what it wants.
> Switching costs for a search engine are pretty damn low.

Are they, though? I seem to recall conversations here where some larger sites were only allowing googlebot to crawl their site in robots.txt rules. Their thinking was that the vast majority of traffic is coming from google, and it wasn't worth it to have multiple also-ran search engines crawling their site frequently. There's a case to be made that search engines are actually a natural monopoly.

> Their thinking was that the vast majority of traffic is coming from google, and it wasn't worth it to have multiple also-ran search engines crawling their site frequently. There's a case to be made that search engines are actually a natural monopoly.

The other case to be made that people doing this sort of decisions should loose their jobs.

I meant end-user switching costs, but you raise good points.

Barrier to entry and startup costs to a competitor have never been lower. I believe recent court wins make “unauthorized” scraping more openly available, and anti-trust regulations should look at allowing competitors to ignore a Google-only robots.txt as long as reasonable throttling is enforced.

I blocked a number of non Google search bots on one of my smaller sites the other day, increasing the number of bots I have blocked from about 20 to 30. That reduced the load on my database server by over 80%. It's a small site that only generates about $5/day from AdSense, so I need to keep the expenses down on it, and I don't want all of the revenue paying for bots that don't bring in any significant traffic.

If I didn't block any search bots, I bet the bots would make up at least 95% of the traffic.

On my larger sites I don't mind serving a million page views a day to random search bots, but on that smaller one it doesn't make sense.

Web crawling is a natural monopoly, and perhaps should be treated as such. That's easily compartmentalized from search itself.
>And yet their search product is littered with crap and exploits users like only a monopolist would.

As others have pointed out this site is nearly indistinguishable from crap to a human much less a crawler. Thus Google trying to clean up the crap get's yelled at by you for hitting other sites (which is unavoidable). And if they didn't try to clean up the crap you'd yell at them for that.

> Google is doing a terrible job at it’s core responsibility

I'm not quite sure what Google's "core responsibility" here is, besides to make money while meeting some bare minimum threshold for not harming society. They certainly don't owe you a perfect search service for free, just like you don't owe it to them to use their search service.

you jumped in to make your laissez faire argument (only tool, hammer), but if you reread what you are responding to, he's making a free market argument himself so in this case he's turning a screw and you can put your hammer away.
Google has taken upon themselves to become the gatekeepers of the web, yet they have not taken the burden of responsibility that comes with such powers. You will argue that Google is just a product, that you choose to use, but the users of the author's site do not choose to use Google, it's the only alternative (Google pay big money to platforms/browsers to make sure any search goes via them). Google has the power to kill any business, so it would be fair if they where required to tell you exactly why a site was unSERPed.
This is one of several posts I've seen on HN lately following a similar trend: sudden and unexpected drops in search engine traffic. On the one hand it must be jarring to suddenly have a drop in traffic. But is it necessarily indicative of a bad administration of a search engine?

Popularity of sites shift. People's tastes change. Even without an algorithm change we would not expect search traffic to remain constant. And algorithm changes do shift attention to sites that previously weren't getting traffic. Would the world better with static search traffic? The incumbents always win, and newcomers have a tough time getting a foothold. That's what it would take to avoid situations like these, and I'm not sure if it's an improvement over the status quo. Between living in constant worry that the algorithm might change and shift search traffic, and a world where the algorithm never changes and search traffic remains rather static I'm not sure which is really better. In the latter goodcheapandfast.com might never even have existed.

Bing's blocking mechanism seems pretty crude, though, and not sharing why it was blocked seems particularly wonky. Sure it's a cat and mouse game between scammers and devs, but it'd be nice if they at least vaguely alluded to why the false positive happened.

You’re saying that user preference shifted, but in reality, Google’s preference shifted. That, to me, is the problem highlighted by this story and others.
Google shifts their algorithm also in response to people gaming it. Affiliate websites (such as this one) have been gaming the SEO system with AI/India-written articles for a long time. It seems the dude is honest and writes the content himself, but it is obviously nearly impossible to tell them apart, so they all get the chop. Sucks for him, but perhaps we're all better off.
I agree with this in concept, but it has been a bitter pill to see my site overtaken by scraper/outsourced content that I consider to be pure spam. Google doesn't always get it right (regardless of my own situation).
I'd feel the same. I manage a SEO-driven website too and know the struggle. Sadly, some business practices go out of style. Good luck with this and your future endeavours!
I'm saying both user preferences and search algorithms change. Even absent an algorithm change, it's not reasonable to expect search traffic to stay high over time. A drop in search traffic is always a potential, and one that exists regardless of any change in the search engine.

And it's also unclear whether algorithm changes - "Google's preference" as you put it - is a problem. Unchanging algorithms would likely trend towards a small set of incumbents collecting most search results. A shifting search algorithm landscape means users are more likely to see results that were previously buried. This story highlights one loser of this change, but not all the aspiring websites that would be eager to get even half of goodcheapandfast's traffic. These search results went somewhere. One site's lost traffic is another site's opportunity. Algorithm updates changing things up is not altogether an undesirable factor in a search engine.

Changing algorithms also favor a small set of incumbents. The stock of my former employer is up more than 2,000% in the last 5 years. That's amazing growth for any publisher and it's largely based on SEO.
Search engine ranking systems change from time to time.

Those whose traffic benefit from these changes attribute it to their outstanding abilities as an internet entrepreneur.

Those whose traffic suffer write blog posts like this one.

It sucks for this guy, but this is just how search engines work.

I'm not really sure what to think of that site. I think it's above average for an affiliate marketing site, but I also wonder how reliable the recommendations are if they're derived from automated analysis of other systems like reviews, pricing, etc. when we know those are garbage systems that are constantly gamed. Even filtered, it's still garbage in garbage out, right?

I think that (affiliate based monetization) is a really, really tough market to be in right now because Google and Bing are absolutely _dominated_ by low effort, garbage affiliate marketing blog spam sites. There are days where I'd pay per search if I could filter out sites that have affiliate links on them.

The review / product discovery market as a whole is a disaster right now. The last good review site (IMO) was JonnyGURU and there hasn't been a new PSU review there since early 2019 (since Corsair hired him?). The thing that made that site great was that shitty products got shitty scores. It's not like the affiliate marketing reviewers nowadays where everything is 9.5 stars with the primary goal of getting you to buy _anything_ they can slap an affiliate link on. Even the site in this article is a bit guilty of that. "Here's a list of good value products that you can just buy without thinking," right?

Off topic... If the site owner is lurking, I'd love to know why sites like Anandtech, or almost every review site from what I can tell, stopped doing endurance testing on SSDs now that manufacturers are packing them with shit quality TLC and QLC.

Wouldn’t this mean it’s a good market to be in right now?
I think reviews, especially something honest like the site in this article is aspiring towards, might be an ok market because the quality of those sites has declined so much in the last decade that I think there's room for a much better product.

However, it's the affiliate based monetization that I was calling tough. At least for me, an affiliate link is an untrustworthy link because that link is working for the manufacturers and retailers, not me.

I can't think of a decent way to monetize a review site without relying on a revenue stream that's susceptible to corruption (product access, affiliate links, advertising, etc.). Just look at the whole Hardware Unboxed / Nvidia thing that happened recently. The whole review industry must be completely FUBAR for Nvidia to think they could get away with that.

> Just look at the whole Hardware Unboxed / Nvidia thing that happened recently.

Can you expand on this? I hadn't heard of this.

I recently watched a new video on "playthrough” of Cyberpunk and it was a heavily advertising the power of a NVIDIA graphics card as he jacked up the raytracing settings and mentioning the card (which the comments section said was mean because it was impossible to find in the marketplace and/or costs thousands).

So I'm curious what you mean by this.

Nvidia cut Hardware Unboxed off from review samples because they weren't happy with the editorial. Nvidia specifically said that "should your editorial direction change, we will reconsider..."

It's not text, and it's pretty long at 40 minutes, but it's a good summary: https://www.youtube.com/watch?v=JIvuWdxClSs

> I can't think of a decent way to monetize a review site without relying on a revenue stream that's susceptible to corruption

I can. Something like the Patreon model might work.

I spent my first year scrubbing the seed corpus to minimize the GiGo effect: https://www.johnwdefeo.com/articles/amazon-review-analysis - I also review all the pricing data manually to flag and discard outliers.

Not sure about why Anandtech stopped endurance testing, but I would assume cost cutting. I left the company in Sept. 2018 which was right after it was acquired by Future PLC. They're a frugal lot.

I looked through the product listings a bit (I mentioned it elsewhere) and they look reasonable for things I've researched lately. I hope it works out for you because there's a huge lack of trustworthy product data and massive amounts of trash to sort through these days.

I'd probably be your target market. I'm usually looking for products that are good value. Ignoring the fact that I'm from Canada and all your links are US, I'm also the kind of person that would make an effort to buy via one of your affiliate links if I used your site as a source for products I want to research more in depth. However, I don't think most people would make that effort and maybe that'll be a problem.

Put another way, it looks like a great site to use as a starting point for products I don't know much about, but I'm going to jump to other in-depth review sites before buying anything and might convert through their affiliate links instead. Add in sweet (get it?) industrial scale affiliate link hijackers plus price watching services like CamelCamelCamel and all of a sudden there are a lot of ways I can use your site and never give anything back (unintentionally).

I'm also not sure I'll remember your site to go back to it (sorry). I wonder how a browser addon would work out. The no ad, no tracking design of the site lends a lot of credibility in terms of being trustworthy, so I'd consider installing an addon for the type of data you have. If you can build a reputation as the brand that filters Amazon down to the X% of products that aren't garbage, that might get some traction.

For example, if I'm browsing Amazon and could click on a GCAF addon that showed me a curated list of similar products that aren't complete trash, that would be helpful to me because there's too much garbage to sort through manually on Amazon. Once I'm on the product page (via your affiliate link in the addon), I might open a new tab to read other reviews, but I'm not going to click back through to the product page when I already have it open in another tab. Or if you sort by products that are currently on sale I might just open tabs for the ones on sale and just buy something right there.

I also manually jump from Amazon to BestBuy before buying stuff. If the pricing is close enough I buy it at BestBuy instead. If I could click an addon that linked me directly to the same product page at other stores I think you could capture that too, at least from me.

Anyway, good luck! I hope it works out for you.

Seems like he has a couple of flag words "cheap and fast" in his URL that others have used in the past as indicators of spam domains, at least I've seen that for email. Even good isn't great to use.

And looking at the page naming conventions that carries all the way through. A broad brush penalty to over generalized key words indicative of spam, and shopping site type directories would definitely account for this thing getting crushed.

Unfortunately it seems like he's the one person out there making a site like this honestly and over optimized for a search algorithm that was inevitably going to change. Building a brand and using a more personal voice instead of thinking you can win at SEO is always going to be the way to go.

Also his website is just affiliate link garbage.

I looked through like 12 categories where I consider myself very familiar with the market for what's available and the product recommendations are poor. At best. Half of the recommendations look like your standard rebadged Alibaba crap peddled on Amazon with all the fake reviews that follow.

I guess the name of the site is a tacit admission that probably the products are not good, but this page is content that's designed to match for certain search terms and not something that's organically good content.

I'm fine with Google ranking this content straight to zero.

Edit: The author is a nice guy and a decent writer. Emotionally, I want to feel for him. But not for content like this.

You can have all of the best intentions and still contribute negative value to the world.

He's competing with a huge army of auto-generated spam sites that are in the same business. Best LED strip lights? Good luck getting on the front page of that one. The results are dominated by sites using superficially respectable, popular domains to push the same affiliate spam.
So because he generates functionally-equivalent output, but in a way that passes some vague moral purity test he's the good guy underdog then?
That's not what I'm saying at all. I couldn't care less whether he's the winning spammer or not.
I clicked on the gaming monitor category because it's actually something i've been shopping for.

I was really expecting good content and a single recommendation or two that would replace hours of reading crap reviews, reddit threads, etc. but instead was met with what could be auto-generated list of monitors with scraped descriptions and links

I can really see why this would be flagged as just search front-running for affiliate money

You've stoked my curiosity. Which sub-$200 144Hz monitors are your favorites?
I'm surprised to hear this, not because I think my recommendations are infallible, but because the user return rate is lower than average. Are there any specific products that you think are junk?
> Seems like he has a couple of flag words "cheap and fast" in his URL that others have used in the past as indicators of spam domains, at least I've seen that for email. Even good isn't great to use.

My own sense of spam smell got triggered by the name of the site, too. Sounded like a gimmick; you can have all three, after all.

A rebranding might solve his issue.

It could be very interesting to see a sort of A/B test between the current site and a clone of the site but with a different name.

Not just this, but think of all the links with the anchor text, “good cheap and fast.” Google would penalize any site with this anchor text repeated too many times.
They don’t even make any money. Break Google up.
Advertising is a scam. It’s all fake anyways. The house of cards is going to come crashing down any day now.
this is terrible, and the lack of accountability is astounding. However, working with what we've got, has the author considered:

Creating a second domain that's basically a mirror to see if it's related to the domain

Attempt to 'recreate' the same content a standard platform like workpress to see if it's something about the presentation / etc. that the search engines are hating

I wish you all the best

Thanks, I appreciate the support.

I haven't mirrored the content, but I did republish/redirect a few pieces elsewhere and they fared much better. The issue is tied to the domain.

Google has problems of scale. They require practically everyone in the world to hold an account and then provide zero support and near zero human moderation.

Someone is using gmail to send porn via mms gateways to an iterated list of numbers neighboring (and including) mine, some of which claim to be held by children. I looked but couldn't find the appropriate complaint form.

For me, Google only sends organic traffic to my posts that are 10-20 years old (no joke). My newer content, while verified by me as indexed by Google, receives zero traffic.

For my old content, I have started to place warning banners for my users that they are reading old, and sometimes outdated content, that I only leave online for archival reasons.

It makes me wonder if Google is doing this with my little blog, is it doing the same more broadly? I don't believe it is providing a good search experience to its users anymore.

Start embedding links in the text of your old content that point to your new content (when contextually appropriate, of course). Not as warnings, but if for some reason you mention a topic or word that's relevant to a newer article...
Thanks for the tip, will try that where appropriate content relationships exist, but suspect it's minor occurrences (when you blog for 20+ years, your output varies considerably in terms of topics over time!).

Google does not like my new topics it seems, starting around 2012, but thankfully unlike the OP who I have a lot of sympathy for, my blog is for fun and not livelihood.

We write for bots, so they can decide to share with our fellow humans (or not), such is our lot...

Depending on your blog software, you might be able to automate it. ;)

Seems like something a Jekyll or Hugo plugin could do quite well.

Which reminds me, I was really impressed with Justin O'Beirne's blogs on Apple & Google maps, specifically that older blog posts are explicitly flagged as being no longer accurate.

And his design is so clean that the flags are obvious without being obnoxious.

https://www.justinobeirne.com/cartography-comparison

I can't send mail via smtp.gmail.com over my AT&T connection on my phone. Wifi works fine. I am at a loss.

Just wanted to also complain about Google.

this sounds like a port 25 block by AT&T - have you tried 587/465 (smtp submission-only ports)
(comment deleted)
* Google Search >> SearX / SwissCow / mojeek

* Google Email >> Protonmail

* Google Maps >> OpenStreetmap

Also check out DNS watch (uncensored DNS) - https://dns.watch/

------

Self Hosting and Community hosted servers is the future not Multi Million dollar corporations + Centralisation + Big Tech

I mean does the content of the website is of good quality?
It feels like there's two possible explanations here. One is that somehow the website has been incorrectly flagged or blacklisted, like the example he mentions with Bing. In that case, it seems like it'd be at least nice for Google to be able to look into it, but it also might be the sort of thing where Google just decides it's not worth the effort.

The other possibility is that Google just updated their search algorithm in a way that happens to not like this website as much as it used to. Not because anything is wrong with it or because of any bug in the algorithm, just it now prefers different attributes, and that changes where this site ranks. If this is the case, there's really nothing to be done. There's no ground truth result ranking for any particular query - if Google feels its new results are better, that's their business.

If your entire business depends on an arbitrary algorithm preferring your website over other very similar ones, and you will lose everything if that arbitrary algorithm happens to change, eventually it's going to happen. It sucks, and it's maybe unfair in a cosmic sense, but there's really nothing to be done.

The problem is that there are very few viable distribution channels that we are forced to rely on companies like Google.

What other viable choices does this site have aside from Google?

Well, if there were no Google-like companies, what would this site do?
Whatever he would do in a universe that does not exist is irrelevant. We live in this universe.
The point I'm making is that if his business is only possible because of Google, it's silly to ask what his alternatives are.

It's not like he'd have a thriving business if only Google didn't exist. Instead, he's reliant on Google choosing to rank his page highly enough to get traffic for search queries that will result in people clicking on his affiliate links (who he's also reliant on). Google doesn't owe him any particular ranking. If people search for his example "cheap portable generator", does Google have some ethical responsibility to put his site at the top? Or even on the first page? Or to never change where they rank it once it reaches the first page?

They're a monopoly, so yes?
What does that have to do with it? If other search engines were more popular, would that change this situation? Maybe there'd be a handful of algorithms to arbitrarily rank him instead of just one, but the dynamic would still be the same. He'd still only be in business as long as their algorithms happened to think his website was slightly more relevant for "cheap portable generators" than other websites.
You know what you're in for, I think?

Also, if your site is thread the line of review-spam-without-actual-content-or-actual-review-site, then this bound to happened sooner or later.

There's definitely a large set of sites that should not have a viable choice, not from Google and not from anyone else, as we-the-users want our distribution channels to filter out various groups of SEO spam.

The only question is whether this site is one of these or not - and even if it's not, a certain number of 'false positives' is acceptable and less strict filters definitely are not. If you're running a site that's skirting the line between spam and not-spam, then either you take on the risk that you might be dropped by google and others, or (perhaps preferably) stop doing that thing and do something substantially different.

> There's no ground truth result ranking for any particular query - if Google feels its new results are better, that's their business.

That's a real issue - there is no rigorous and systematic monitoring of Google's results. There could be horrible biases and we don't measure, don't hold them accountable. There has been a recent spat at the Google AI Ethics department where a researcher accused Google of being biased because it uses language models trained on biased internet text (thinks doctors are men and nurses are women). I'd say - before going so deep, first check the actual page results for bias, it's 1000x easier to do that and gives much more useful results.

Seemingly random and dramatic swings in who wins and loses the SEO game is an awful lot of how Google (helped) kill the newspaper industry. This guy is living through one example, but they all tried to live through a dozen, always scrambling to recover from the sudden loss in order to not suddenly need to lay off (more) ppl.

I don't think it was any scheme or malice, far more like Lenny petting the rabbit, but the rabbit got very dead.

I noticed the site isn't using Google Analytics, or any tracking pixels for that matter. Wonder if this is in any way connected to the ranking algo.
It's really messed up that people like you who take time and effort to do things right and play the SEO game fair and square get stripped of their livelihood overnight but black hat SEO sites and spammy ad-filled sites thrive...
Or maybe playing the SEO game for its own sake is not something we should stand for and for the scumbags & cheaters it is only a matter of time.

If somebody asked nicely to shit on your lawn, would you say yes?

It seemed to me like his site was providing value. I meant SEO in the strict "do the best you can as far as google is concerned" way.
I have no clue about this topic and this comment isn't representative of my employer whatsoever, but...

Since you've never experienced this with other domains, does the word cheap have to do with it? When I think domains, "cheap" instantly reminds me of those early quasi-legal online pharmacies and if I see it in an email almost certainly it's spam of one sort of another. I could see being problematic in spam filters.

It's a fairly common English expression that's used especially when giving a quote for development of some product or service to a client (or manager): "Good, cheap, and fast: pick two".

Cheap is just the everyday word for low cost. It can also mean low quality, but that connotation depends more on context.

Besides, there are many other successful companies with "cheap" in their domain names.

I'm well aware, but a bayesian spam filter probably is not. If you look up lists of words most likely to trigger spam filters, "cheap" will be in every one of them. I can't say that is what's happening here but it seems plausible at least.

I would also argue that spam messages aren't really trying to convince you something is low quality, it's precisely the low cost aspect that they're to convince you of even if the product is actual low quality.

I'm sure there's other companies with cheap in their domains/headers, but none stand out and I would have no idea if they depend on SEO anyway.

Good, Cheap and Fast (let's call it GCF) appears to be a search engine. When you visit this domain, you get a search box.

It looks pretty cool, and all but ...

Why would/should Google's search engine send users to another search engine?

What GCF needs to do is become well-known, "like DuckDuckGo, but for shopping". Then people will save a bookmark (like I'm doing now).

EDIT:

Unfortunately, bookmark removed. This site doesn't appear very useful. I typed in numerous search queries, starting with generic categories like "bluetooth speakers" and "baby bib" and whatnot, and it came up with "Your search did not match any documents.". I tried some very specific products found in various online sites. Again, "Your search did not match any documents."

Finally, I got some results by just using "bluetooth". Hooray! Some other single-words are working.

The results appear to just be some product advice, followed by some links to selected products and price information on sites like Amazon.

I see now that there are links to categories below the search UI, but I don't see anything there I would be interested in looking for, and if any other categories exist, I have to guess what they are through the search box.

I tried doing some "site:www.goodcheapandfast.com ..." tagged searches in Google to confirm that the GCF pages are being indexed. They are in the index; just when you remove the site: syntax, they disappear; maybe they show up in the long tail of the search if you dig far enough, who knows.

I don't think it's a search engine at all, the site just happens to have a search box.

It looks more like a (manually?) curated list of products that fulfill the criteria of "good, fast & cheap", within various categories.

It looks like a clean search engine when you first land on it.

https://i.imgur.com/mtqISep.png

Scroll a bit down and you see what looks like a footer giving testimonials.

The links to curated categories are off the screen on desktop. No idea what mobile looks like.

Next to the search box, it states that this is by a data scientist. If that is in any way relevant other than in the sense "this is by a smart person", what it means to me is that there is a massive amount of data here which is intelligently filtered and subject to a decent quality search.

The Venn diagram on the left promises good results, eliminating the problem that good, cheap items are needles in haystacks, buried in fake reviews.

Turns out that the data scientist is just writing consumer education advice columns and reviewing some products he has not actually tried himself.

E.g. 4K projectors:

https://www.goodcheapandfast.com/articles/best-4k-projectors...

There is no way he owns all of those. I would much rather read the Amazon reviews or whatever from people that bought those things, especially from people who had issues. That's in spite of the issue of fake reviews; oh well.

In effect probably nearly all their traffic goes to landing pages targeting certain terms. Then primarily either bounces or exits immediately via an affiliate link. So it probably doesn’t matter much how the front page is presented as it is low traffic.
This comment is way too verbose. First two paragraphs summarize my feelings and the rest is honestly for the site author's consideration as to the experience of a complete stranger to their site. I wish them the best.

I was actually moved by the author's plight. Their current situation seems very helpless and I truly respect the effort to swim upstream with a principled approach to delivering a service in a market that is rife with shenanigans. I personally tend to get sucked into analysis paralysis when purchasing new products and any quality signal I can get outside of what is placed in front of me is extremely valuable. Probably to amplify the author's point, I can't say I've ever heard of his site and it's not recognizable to me. One of my favorites for quite some time, Wirecutter, has lost all of my faith after a few buys based on their findings wound up being garbage.

I say all of that to try to underscore the fact that I'm only trying to be productive, but without this backstory and the author's attestation to everything they do to maintain integrity, I wouldn't find this site remarkable or memorable or compelling in any way. I appreciate the design, it's clean and fast, but in reviewing several of the product areas that I've actually been looking at recently I can't find anything compelling in the content that the site brings to the table. To be blunt, it's not obvious to me what the author does with their time if this is their bread and butter.

One example. A few months ago I decided I wanted to upgrade the microphone I use for videoconferencing. I wanted something that was fairly directional as I didn't want to have the microphone in the view of the camera and I was hoping for a relatively flat frequency response. I was also on the bubble about going with a USB microphone vs getting an XLR mic and USB audio interface, and comparing them by pivoting on that feature was useful to me.

Here is the list of Good Cheap and Fast streaming microphones (which seems relevant) on goodcheapandfast.com: https://www.goodcheapandfast.com/articles/best-streaming-mic...

Let's assume I get to that URL from a Google search result and this is my first an only impression. Right off the drop I notice a few things (i'm on a PC):

- Design is spartan and the site loads quickly. I can't actually tell that there are no ads b/c my ad blocking game is on point.

- There isn't an obvious brand, the site logo is understated and loses the battle with the headline for any attention.

- My eyes instead fall to the blue badge on the right 'Real Customer Reviews & Ratings [VERIFIED]'. This primes my expectation that I'm going to be seeing some verified reviews.

Maybe this is just me, but I don't start by reading the text. I start scanning down the page

.

.

. Omnidirectional I see this, see Cardioid is next and realize it's just a mini tutorial on pickup patterns, not going to read it.

.

.

. Dynamic v Condenser more tutorial stuff (let's be honest, in my head i'm thinking more copy/paste)

.

.

. How much does a good...cost. Not really interested in reading a paragraph on this...i have no idea what it says.

.

.

. Pyle USB PC Recording Condenser Microphone (PDMIUSB50) Pyle? Interesting pick for the top of the list. Solid value brand in amplifiers but not really known for anything in recording...but maybe they have a sleeper in this microphone, let's see those 'verified reviews'

.

.

. Fifine K669B USB Metal Condenser Recording Microphone

.

What? The next microphone already? This is where I stop scrolling. My eyes turn up and I see the entirety of the assessment of the Pyle microphone

    Good Value: $56 | Great Deal: $50
    
   ...
I concur. The entire thing seems like a low-quality content site. Two-line summarised "reviews" that are at best aggregated reviews from Amazon are not helpful. Contrast with The Wirecutter that also works on a reviews and affiliate income model.