Tell HN: Google deleted my spreadsheet, review request says file can't be found

128 points by ohashi ↗ HN
I have (or had as it seems now) a spreadsheet in google docs tracking important business metrics. I was trying to look at it today and got the message:

"We're sorry. You can't access this item because it is in violation of our Terms of Service. If you feel this is in error, please request a review. Find out more about this topic at the Google Drive Help Center."

If I click the request a review I get:

"404. That's an error. Sorry, this item cannot be found or is not available."

This spreadsheet simply had metrics and domains. I find it near impossible it was violating any terms of service unless there is a shadow blacklist of domain names which somehow trigger a file being removed. And I'm left with no recourse to even request a review or get my file back?

I turned on airplane mode on my phone and was able to get an old cached copy, export was only possible as a PDF. So at least I have a slightly stale version of raw data that way.

Even as a paying customer, this is pretty embarrassing and there seems no recourse is possible?

50 comments

[ 2.4 ms ] story [ 129 ms ] thread
Upload it again and see if the issue persists.
aka "got another offense and now your account is closed forever"
Were the metrics related to the company in your profile? It seems legit(and a good idea even!) but I can see how that data might end up looking like spammer/blackhat SEO data to a robot.

I think, perhaps, the 404 you got was not for your file, but just a broken link to their review form. Is there some other manner you can find a different review button? This[0] implies you can click Share -> Request a Review, maybe try that?

[0] https://support.google.com/drive/answer/2463328?hl=en

I tried, no luck on any of the links I could find.

The metrics were all domain name related, I also work for NameBio.com, the largest database of domain name sales. We also do a bunch of other things in the domain name space including owning icann accredited registrars.

My spreadsheets are full of domain names and metrics from all over the place.

Businesses need to consider the risks involved with cloud providers turning hostile against them (especially Google). Case and point: poster has no recourse, had reason to trust Google's availability in hosting their docs, and got caught doing something unknown by an over-zealous, unregulated implementation of AI. Had the poster not had the knowledge or skill to recover the document it would probably be lost entirely.
This is the sort of event that needs to be publicized within the accounting community. Storing business data in Google may not meet the legal requirements for keeping business records.
It may be moot but I would argue that you should never store important data on another company's servers without some guarantee of service and contract of data ownership.

If the business was not profitable enough to afford Excel, OpenOffice is an almost Excel feature parity FOSS alternative. Had that file been stored on a cloud drive and regularly backed up to local or alternative 3rd party backup solutions, this issue not only wouldn't have happened but it also would not have been able to happen.

Hindsight is 20/20. though. Don't store important documents on a cloud server that you have no backend access to without having a contract in place regarding the responsibilities of maintaining your data.

Please don't use OpenOffice, use LibreOffice instead. OO hasn't had a release in years and all the actual development happens in LO.
Fair enough. LibreOffice is a better office suite, also. I just have a difficult time keeping them separate in my mind when I'm not actively looking at them.
Billion dollar companies (including accounting firms) use Google Workspace as their primary service for emails & document storage across all sorts of classifications (with limits).

It is your responsibility as a business to understand what your legal, statutory and regulatory requirements are and then put those requirements into your service agreement or contract. Or ensure those requirements are configured as part of the deployment of the service.

Billion dollar businesses violate the law regularly. Flagrantly.
Despite being a brandish comment, that's what contractual agreements are for to allow businesses to seek litigation in the event the agreement is broken.

Either way, it's not Google's responsibility to know what your requirements are. They can assume and develop features that support particular regulatory requirements. But it is the responsibility of the organisation doing business with Google to stipulate their requirements.

I'm glad I thought about the cached trick on phone sheets. But loses all underlying formulas because I got a PDF (which may be out of date), but at least it's better than nothing.
If this is correct, Google is lying about when they look at your data. Google should not be looking at your spreadsheet. They claim they don't.[1]

You decide what content is shared & with whom

The content you save on Google Docs, Sheets, & Slides is private to you, from others, unless you choose to share it. Learn how to share or stop sharing files in Google Docs, Sheets, & Slides.

Google respects your privacy. We access your private content only when we have your permission or are required to by law. With the Google Transparency Report, we share data about how the policies and actions of governments and corporations affect privacy, security, and access to information.

If you have a work or school account, your organization can review logs of actions taken by Google when accessing content. Learn how to view logs with Access Transparency. Learn how Google protects your organization's security and privacy.

Start by trying to get a log of accesses to the spreadsheet. Follow up with a California CCPA complaint.

[1] https://support.google.com/docs/answer/10381817?hl=en

>Google is lying about when they look at your data

No they aren't. The TOS and similar clearly spell out that they have automated checks for malicious content, copy-righted works (remember when Google drive was a popular piracy vector for a hot second?), CSAM, etc. It's not Google's fault you haven't read that, or that you are taking a support article about sharing docs with other people and incorrectly extrapolating that to the internal technical functionality of google docs. The very next sentence after talking about end to end encryption:

>Your Google Account comes with built-in security designed to detect and block threats like spam, phishing and malware. Your activity is stored using strong industry standards and practices.

What has likely happened is that one or some of those domains probably got hacked and are pushing malicious JS or something triggering Google to view them as malicious, so some security product looks at a spreadsheet full of "malicious" URLs and it got sent into the void for that.

If their marketing materials say they don't look, but their terms of service say say they do, that's false advertising.

This is a paid service. Google is more constrained than with a free service.

> We access your private content only when we [...] are required to by law.
The ellipsis is doing a lot of work there. The full sentence is:

> We access your private content only when we have your permission or are required to by law.

They will claim that you gave them permission by acknowledging the TOS.

The two subclauses of "when we" are joined by an "or", so only one of them has to be true to fulfill the "when" condition.
I think what he is saying is that if they get the user to agree through TOS then they always have permission via the first subclause you omitted.
I was initially agreeing with you until I read this point "Google respects your privacy. We access your private content only when we have your permission or are required to by law."

They specifically spell out themselves.

> It's not Google's fault you haven't read that

We really need to invert that responsibility.

Corporations are hiding behind their TOS and playing "gotcha" when it turns out that you haven't read the thing that nobody reads.

True. But not enough people care, it's rather the opposite.
Maybe Google is required to access all your documents "by law?"
A lesson not to do business with Google.

You can't trust them, your business is too small compared to the profit, they won't even care.

It wouldn't matter if it was Google, Dropbox, OneDrive, etc. It can happen with any service provider. Always keep local copies in a locally editable format.
This is true, but I think there's also room for "Google is more willing to rely on algorithmic termination than other providers, so be extra careful!" to be true as well.
Where are you getting that from though? I've seen the same thing happen with Dropbox more personally but I'm not going to make that claim based on my bias.
>Even as a paying customer, this is pretty embarrassing and there seems no recourse is possible?

If you are paying for enterprise support (Google Workspace), you have a support path to address this with. If you don't have Google Workspace, well now you know why companies shell out for the enterprise product instead of playing fast and loose with the consumer tier SaaS services.

And before people jump at me for that being unreasonable, I'd counter argue that it's unreasonable to expect a company to pay a human to spend time helping you, when you only pay the company a few dollars, if that, per month.

I'd agree if the assumption was that support was a situation commonly caused by user error - i.e. essentially paying for lack of user education on the system.

But for situations that should be extremely rare, are extremely high impact, and (apparently) are not caused by user error, such as dropping user data because of some AI 'algorithm', there's no reason at all that that cost can't be amortized across the low-paying customer base. Most every other industry has some form of support cost amortization built into its pricing scheme. This is something Google should be able to handle, too.

Sorry to hear you lost access to the document, I hope you can regain access.

It might be be a good idea to use a tool like Rclone to create a local copy of the data going forward. It allows you to download Google sheets as .xlsx files.

I hate to break the news, but as soon as people started relying on cloud solutions thinking that they were the same as having a local copy then that is why things like this happen. Always keep and sync backups of documents into a local format.
... and sync it by yourself, not with your host's tools.
I can't help with your current issue, but in the future, you could consider backing up your Google Docs using Insync. It can automatically convert and store your Google Docs as Office or OpenDocument files. Insync has a few quirks, but it usually does the job and is very affordable.

(I am not affiliated with Insync.)

In the future OP can consider never using a google product for anything.
The cloud does not absolve you from making backups.

Backups are there to protect you not only from technical failure, but also from mistakes and random bans from cloud providers.

Don't store important data "in the cloud".

They can and will delete it, surveil it, or tamper with it and you will have not practical recourse.

In my degoogling journey Google Sheets is one of the last remainders. Does anyone know a good online alternative? Paid is fine.
Office 365 is online as well. If you want no MAGMA, then look into Zoho Sheets. They have fantastic customer support.
Always keep regular backups of anything you store “in the cloud” because ultimately it can be gone for an arbitrary reason at any time and with no recourse for you. These services can be hugely convenient, but if YOU don't have it twice, you don’t have it.
Update: finally got an email from Google:

------------------------------

"Your file "<filename>" contains content that violates Google Drive's Phishing policy and hence, some features related to this file may have been restricted. If you think this is an error and would like the Trust & Safety team to review this file, request a review below.

---------------------------

I got access again. And now it's actually being reviewed. What a terrible experience, it disappears and is inaccessible for an entire work day with no recourse. Not sure if this post caused the review/notification.

Yeah, this leads me to believe the other guy was right. The automated document checker probably flagged one of those domains leading to your documents getting removed.
It shouldn't delete and make it inaccessible in the meantime. From their email, they can limit it, while not taking away my access. It was deleted with no recourse, that sort of automated system seems broken.

I can guess why it happened, it's just fubar.

For those that want to avoid the same fate:

Use rclone to backup your Google Drive documents.

https://rclone.org/

Configure it so it will save the documents to disk in MS Office formats instead of just saving a link.

>my spreadsheet

clearly not, its someone else's computer

Same current issue. Can't login to a Google workspace paid account with the correct username and password because the Algo determines the device can't be trusted (new m1 Macair) byebye account. Only recourse is to cancel it with cs without access.
After thousands of stories like this, all true, why use Google at all?
I had something similar happen with a translations file for a game. It has a column with keys like "created.at" and a column with human readable translation. Google Sheets automatically create links to anything that looks like an URL, so "created.at" becomes a link. And if you're not careful to immediately remove those auto created links, some of them can lead to malicious sites, then Google will detect your sheet containing those malicious links. In my case Google blocked sharing, but didn't take the document down. Still, I believe it's terrible UI/UX, to automatically link to malicious sites and then penalize the sheet owner for this.