Ask HN: How worried should I be about Google randomly suspending my accounts?
So I have a lot of Google accounts that I use for different reasons that are tied to many of my other non-Google online accounts—I’ve made a good effort of switching some of my important online accounts to more reliable email services ever since I learned that Google has a tendency to randomly shut out people from accessing their business, or personal accounts.
Problem is I don’t know how widespread all of this is, but I do know that once an account is suspended or banned that it’s a fools errand to try to get it back unless you personally know a Googler or post it about here or on Twitter and hope that someone who can help you is going to read and respond.
If I start a full on revolt on Google and switch entirely to different services, it’s going to take absolutely forever so I just want to know if this is a decision worth making or am I being paranoid for no good reason?
43 comments
[ 2.0 ms ] story [ 105 ms ] threadStuff happens. Companies die, get purchased, change their focus, etc. all the time.
I'd like to go this route as well. I've got a domain and Fastmail checks all the boxes for me, but inertia is a powerful thing.
What I ended up doing was registering for my new email and only using that for new accounts. Then I switched over my key accounts (GitHub, domain registrar, hosting, and the like). From there it's been more than a year of just switching accounts over as I notice that they're still on the wrong address.
It's not urgent yet, so I can take my time and do it gradually. By now most of the important ones have been migrated, what's left is mostly a few forums that I've not used in years.
However, if you have a large IMAP mailbox and you are locked out out if, you will not get that historical data if you are suddenly locked out. So the periodic archive download might be a reasonable suggestion.
This is exactly what I do for the handful of domains I pointed to fastmail. I use Thunderbird to keep everything local and use 7zip to make snapshots of the local files and copy them to other local servers and USB drives. If AU started imposing some weird laws on Fastmail I could quickly migrate elsewhere.
Don't forget you never own a domain name, be careful which registry is behind the extension you use. My recommendations would be:
- don't use a ccTLD (2 characters TLDs) unless it's your country's TLD, or a country you can trust. ccTLDs don't follow the ICANN rules but the rules of the country. As a rule of thumb, keep in mind that the poorest the country is, the less their infrastructure is reliable. If you rent an exotic .so, don't be surprised if it doesn't resolve one day. There's also a risk that you lose eligibility to your domain overnight. Usually ccTLD registries tend to loosen the requirements (.fr used to be only available to French people for example, not the case anymore), but the opposite is possible. UK residents also lost eligibility to .eu after the Brexit. I'd also avoid geoTLDs (.asia, .berlin, .paris, .cat, ...) because of the eligibility rules.
- (new)gTLDs are not all reliable either. Stick to the core gTLDs if possible: .com, .net (Verisign, even with their price increase they're probably the most reliable entity), .info (Afilias), .org (PIR, the shady selling deal they had with Ethos Capital has been rejected). There are reliable newgTLDs if you trust the entity behind it: .app/.dev (Google...) for example. I also like [Radix] and [Donuts] as entities.
- don't forget to enable autorenew and to keep an up to date payment mean on your registrar. If you want to retrieve a domain name you lost it will either be costly if you're in the redemption period, or extremely costly if its "drop caught" (from "drop catching", not sure if "drop caught" is a thing) and resold on an aftermarket platform.
[Radix]: https://ntldstats.com/registry/group/Radix-FZC [Donuts]: https://ntldstats.com/registry/group/Donuts-Inc
Things could be destroyed, but I'm currently linking into an extra colo facility. 1U of rack space is very cheap, and I've replaced several paid services this way. all in all I'm saving money I think.
The last major issue I had with paid accounts is Google decided to move the goal posts a few years ago and basically make a small college course to maintain being a reseller. Originally you just needed so many licenses and a credit check. We didn't know they launched this new system and had a client hit storage limits on one of his accounts.
Any other company you'd just increase the license tier, vendor gets more money, client gets more service, everybody wins. With Google though, this isn't possible for a reseller in my situation. Support had told us to just go in and increase the license, but the option wasn't available in the redesigned panel. Instead I need to complete a course and maybe a week or so after get blessed enough to have the ability to submit a 'deal' to increase the tier for the customer's account.
Oh and it took me over a week to get this suggested resolution (that requires in best case another week). At no point did I ever feel anyone at Google gave a shit about me or any of my clients, and I regret becoming a reseller and ever recommending them.
EDIT: Use fastmail, I just wish their reseller panel was a bit more fleshed out.
The only one I'd be careful of is Amazon. If you can't access your email and forget your password it's all over. I've had that happen.
In risk management in general, you usually want to consider the "expected value" of the catastrophic event instead of just the impact or probability alone. The probability that you'll get locked out probably doesn't actually run that large. How much do you have tied to the account?
You should usually take low probability events of sufficiently large "expected value" catastrophe size seriously enough to mitigate the expected value.
Running your own email server is pretty easy, except for sending mail. You should probably just use a reliable relay host with a good mail reputation and relay your outgoing mail through it, and follow-up that your email gets received. This has worked pretty well for me over the years. I've only ever had one place reject my reputable-host-relayed mail with my domain on it, so I send my outgoing mail to them from gmail. You never really have a problem with incoming mail at your MX records, and out-going mail with your domain on it works easily with like 99% deliverability if you use a reputable provider as a relay.
If you’re doing anything professionally with Google, like submitting Android apps to the play store, create a separate Google account for that. Don’t tie it to your personal one.
Every so often we loudly hear about egregious mistakes, with legitimate accounts getting shut down. This is a result of large numbers: they're hosting billions of accounts, so one-in-million mistakes happen thousands of times (and believe me, they're tuning their processes for even less than one-in-a-million mistakes)
You say you have a lot of Google accounts. This could already be a red flag in the detection processes. One obvious way to "legitimize" these accounts is to have proper 2FA setup for them. Try not to share 2FA methods (like phone numbers or Yubikeys) across them, in a way that a fraudster might do to save time/money.
You're unwittingly a bystander in a silent war going on between Google and fraudsters. Neither of them are divulging methods they're using to detect/evade, so it's hard to give advice on how to behave legitimately. Try to do things that would be expensive for a fraudster, like the above 2FA advice.
https://www.sfgate.com/local/article/billboards-seen-in-LA-a...
And now their reviewers are also supposed to be wannabe doctor. I quote "The company has consulted pediatricians, she said, so that its human reviewers understand possible conditions that might appear in photographs taken for medical reasons."
and
"A Google spokesperson said the company stands by its decisions, even though law enforcement cleared the two men. "
Ok this time I'm really off Google.
Google disabled my wife's voice number and business account for several weeks, right after she ordered new business cards, signs, and started a marketing campaign. They continued to charge her for Google ads each week.
Her accounts were re-enabled about 7 - 8 weeks later. No explanation given.
She averages 2 - 5 new customers per week, gained largely through referrals and her marketing campaigns, so Google's actions had a significant impact on her business.
Customer support was very limited, and again they provided no reason for their actions, no timeline, no nothing.
I moved my side business off of GCP, and switched my personal email from gmail to another provider.
She got through to customer support, they just weren’t able or willing to provide any information.
I've moved my family domain to Microsoft 365 (I'm using a free covid trial of Teams Exploratory licence for 12 months then i'll move to M365 Business Standard as the live.com version doesn't support DKIM or multiple domains).
BTW - OWA isn't terrible anymore, feels nicer than Gmail, works fine in Chrome, Firefox, Edge etc.
I also transferred another domain to Infomaniak and i've found its interface quite nice - only miss push email on iPhone so haven't quite pointed my MX to them yet on that domain.
Only downside to my setup is the Microsoft apps like One Drive timeout when I have 1Blocker enabled on my iPhone.
If the price for such insurance is too high, you probably shouldn't be relying on Google.
[1] https://www.thehartford.com/commercial-insurance-agents/reso...
Smaller non-Google cloud alternatives have you by the balls just as much as Google do, and it's not uncommon for them to go out of business or get bought out. Sometimes they'll grandfather the old accounts (Zoho Mail), but not always (Travis CI).
To get away from using a large cloud provider, you could start hosting things yourself. This of course has the risk of a bad config making your email undeliverable, or a hardware failure destroying your data. It also means that you'll need to personally put out the many (metaphorical) fires that occur with running servers.
Now, in terms of the actual numbers, I'm not sure how well studied the risks are, but anecdotally:
- I personally have never lost access to a Google account, and don't know anyone who has either.
- I have been personally screwed over by non-Google cloud providers after they get bought out/go public.
- The majority of people I know have lost data before due to an IT failure, such as accidentally overwriting a file or losing a USB stick.
So yes, while it is a bit shit, I don't think the reason Google get the bad press is because they are the riskiest option out there. Instead, it's more about the fact that they're a big target and the tiny fraction of customers who experience this had such a terrible support experience that they want to tell the entire world.
Our experience with Google led to a considerable loss of income.
There’s also the problem where they disabled every product my wife used, but continued charging her.
They’re a terrible provider, plain and simple, and we feel that we should warn others.
For something as important as E-mail, which is often the key to resetting my passwords on other services, I wouldn't rely on anyone but myself. Own your own domain, point the MX record to a machine you control. If that machine is a VPS (someone else's computer), be ready to fail over to your own metal, and keep backups that are in your control.
For other stuff, self host or keep backups. Family photos you care about? Self host or keep backups you control. Important documents? Self host or keep backups you control. I can't think of an online service I use where I'd lose anything I care about if I were suddenly banned from it.
pay a vendor some money, get some kind of support.
while i am not saying if the baby penis doctor photo guy had a G Suite domain his life would be rosy right now, i am saying i think his situation would be a lot better had he been able to actually contact a real support department, something his free @gmail.com account did not afford him.
She met many others who experienced the same as paying customers of Google.
Few friendships between ants and elephants.
Organize your life depending on humans, not corporations.
Only humans care once you're in need.
And pay for what you use. There is no free lunch, let other live, too.