Ask HN: Will Google delete inactive gmail accounts that forward email?
Google is doing their "deleting inactive account" thing.
I have some old gmail accounts that forward email to my main account. I don't login to the old ones, but I read the mail that comes through.
Does anyone know if they'll count those old ones as inactive and delete them?
95 comments
[ 1.7 ms ] story [ 214 ms ] threadMake sure you have a backup/recovery email on the old accounts and you’ll be notified before anything irreversible happens.
Also curious whether “deleted” means “actually erased” or just “removed from gmail and your mailboxes added to the pile”.
OP is just asking if that counts as "logging into" the Google account
No, mail forwarding is SMTP and requires no access to pop/imap. What you're thinking of is the ability of Google to fetch from other accounts using POP.
Once mail forwarding is setup you can lose access to the account and it will still with. In contrast pop fetch will only work as long as you can log in the account.
They can both achieve similar goal (have mail from one account show up in another), but they work in fundamentally different ways
I’ve been using a handful of these accounts nearly 10 years ago. Not much if any mails received on them for at least a few years, and received the inactive notification for all of them last month. Note the nuance that these account didn’t have mail to forward for several years.
It is virtually impossible to login to an old Google account for which you never set a recovery phone number - and completely impossible if you did set one but no longer own it.
And there is no human support of any kind at Google that you can discuss it with.
Create a new account just to give Google some money and pray that they'll give you support about another account?
Oh, that support was for google video, but we transitioned your account to Android TV and then Play Video and that support isn't valid, because I'm a vapid airhead called google!
Jesus Google, the average person doesn't want a soap opera and drama, just to use core services.
The way Google has proven to work, is you have support until the AI/ML model says terminate the account. Essentially, support exists until you need it most. There's no warning, no explanation, just one day you're done, locked out. You can't even export your content off the platform once terminated. I don't see how Google One is expected to help users when developers for Android/Stadia which pay Google a heck of a lot more end up the same creek [0] [1] etc. You even concede it probably won't be helpful.
[0] https://news.ycombinator.com/item?id=37224391
[1] https://news.ycombinator.com/item?id=26061935
They eventually get reinstated (looks like d4rken got reinstated last night), but not before they take to social media and Google gets requests for comment from a handful of news outlets. And still, they usually have no idea what they did/didn't do to cause it. They're left guessing but ultimately could have the rug pulled again at anytime.
I also think that social-media reach has helped my case.
It feels very dystopian that this is de-facto way to approach these issues with mega-corps.
His hotmail account I can get into no problem. There used to be a time when you would trust Google ten times more than Microsoft not to mess with your account, lock you out, delete you for inactivity. Those days are long gone, fuck Google.
I’ve contacted them recently with regards to how Big Tech unilaterally handles account security with no consumer recourse for these cases, so follow on complaints from those experiencing this would be helpful.
I can't log in into my Google account either. And yeah, the account was free (money-wise) - judging by FTC's forms, the paid accounts are the ones that matter.
<Total stranger> Hi, when you receive some TOTP codes on your phone, those are supposed to be mine. Could you be a lad and just forward those on to <random number>? Thx!
https://news.ycombinator.com/item?id=32862891
"Oh and I have $500 to sweeten the deal, just send me your bank deets."
In seriousness, it is not impossible to envision a near future when it would be illegal to share TOTP codes or other secrets related to security/authentication. If someone is the target of your scam and shares these things, perhaps he can just be sued into the Stone Age by the allegedly dead grandfather with all the nice photos.
I don't care how you sugar-coat your cutesy text messages, this sort of scheme sets off every social-engineering red flag possible. How rude, to ask a total stranger to share secrets. Many of these texts are explicit: "don't share this with anyone!"
Use the same ISP in the same city you created the account.
Google security seems to sees that as one step in the validation of ownership.
If you've moved or your ISP is gone, well that's impossible of course.
What do you suggest would be sufficient proof to the Google human support representative that would verify that you actually did own that account? They already have a process in account recovery that includes inputting the last password you know, entering the month you think you opened the account, and answering some extra questions, after which a human reviews your answers to determine if it’s really you. I’ve had this done for one of my old accounts and I was granted a link to reset the password for that account and set up new recovery details.
That's an absurd assertion to make. Amazon makes it very easy to get a hold of a human for support (particularly compared to Google), they have no issue with social engineering driven account takeovers despite that it'd be pretty easy to cause significant financial damage within just a few hours.
On the other hand, if an account is still actively logged into, it would be obvious that anyone else trying to get access should not be allowed to do so.
Define impossible? If you've forgotten the old password obviously you can't get in. I don't see why it would otherwise be impossible.
Although I can see why this would be impossible if you have a phone number set that you no longer own. I'm not sure what exactly Google would ask for if you never had a phone number set.
I do however get notifications on my phone asking if the login was me.
Unbelievably, this even includes rejecting credentials for a non-GMail Google account, even after the user has clicked a link to confirm ownership of the email account the account is associated with.
Ask me how I know!
Have used each every few months.
Each specifies the other as the recovery or backup account.
Neither has 2FA set up because I did not want to tie my cell phone to the identity.
I am now locked out of both accounts because…each sends a second factor code to the other.
It isn't a huge loss to me…though recruiters trying to recruit the related but obviously fake LinkedIn profile may be saddened to never get a reply.
I totally understand why Google, Yahoo, and others are purging inactive accounts. Between GDPR and widespread account takeovers it's an expensive nuisance (and if the account is "inactive" then it's not generating meager advertising revenue to pay for the nuisance).
The part that is true though is that you're out of luck if you set a recovery phone and you no longer have access to it (same for recovery email). But even then I was offered a possibility to contact support to resolve it. And if someone is desperate they may try calling the new owner of the phone number and kindly ask for the code (you'll sound like a scammer, but hey, it's worth trying ;))
Even if you do everything right in the new phone number case, in many cases Google will just deny you entry for no stated reason at the final step. Sometimes you get lucky, as you did (and me too in some cases), but many times you don't.
As for being offered an option to contact support, I've never seen that myself.
Obviously not helpful once the account is locked, but might be worth considering for worthwhile accounts before something like that happens.
https://news.ycombinator.com/item?id=36335975
In my case, I had a record of what my password on the gmail account had been when I last used it, but when I tried logging in with that password years later, it didn’t work, and there was no way I could figure out to recovering access. A few months after seeing that Tell HN post, I tried again and the system allowed me to log in.
Support can be Social Engineered easily (especially if you don’t spend massive amounts of money on it). Making support not socially engineer-able is essentially impossible too with their user base, as the user base is too diverse.
Technical solutions currently suck, even if we ignore that most of the population is unable to effectively use them.
There is no consistent way across their user base to even verify a person exists, let alone that they are who they say they are, let alone that they are who created or owns the account!
And no one even puts the closest local equivalent into their Google account for legitimate reasons anyway.
Like who would want to upload their Birth certificate? Or passport? Or DL/ID? That’s a terrible idea. And many people don’t have the US equivalent to one anyway.
Not to mention, deep fakes have gotten really good. Not that a US company is going to have much luck identifying a fake (or real!) Belgian equivalent for instance anyway.
So they go with heuristics, which always have edge cases, try to hide what rules they use to avoid being gamed at scale, and hope for the best. Not great. But seriously, what else are they going to do?
At some point I’m hoping a sane plateau becomes apparent. Or at least a realistic ‘plan B’ for how to recover from this.
Generative AI though is really poisoning the online well, and I don’t know what we’re going to do about it.
Captchas were never great, but near as I can tell they’re literally only stopping real humans now, for instance.
When someone can easily gin up thousands of impossible-to-tell-they’re fake IDs for people that never existed?
That breaks almost every verification process anyone has right now. Except in person ‘show up and provide the actual physical ID’.
and that’s the reality we live in.
> While the changes go into effect today, the earliest we would enforce any account deletion would be December 2023.
> If your account is considered inactive, we will send several reminder emails to both you and your recovery emails (if any have been provided) before we take any action or delete any account content. These reminder emails will go out at least 8 months before any action is taken on your account.
I have no indication that any of my accounts are inactive and thus there should be no action for the next eight months.
No, simply cut them out of my life while using AdNauseum to bleed them dry. The Internet existed before Google and will continue existing after they are gone.
Not trust their AdWords and look for alternatives.
Not trust GCP and use aws and azure.
Not trust new products.
Google’s brand is interconnected and it’s shortsighted of them to think “it’s just a few thousand inconvenienced.”
Imagine if Whole Foods also had a product line that sold caviar and they swapped it out for dog shit and they didn’t care because it only affected a few thousand customers. It’s not the number of customers that are important, it’s the reflection of the organization.
It’s deontology vs utilitarianism. Trying to do spot based utilitarian calculations without considering what principles lead to overall good is a stupid thing for an org to do.
As the OP said, What are you going to do, stop using the Internet?
Google can coast for 30 more years, or longer.
Comcast is slowly dying but will be profitable for a long, long time.
So you can have a bad brand and exist for a long time.
The same is apparently not true about the old Grand Central phone numbers though. The account will still be active for phone but the number will be gone.
Although big companies also have some leeway to steal domains (and the associated email addresses) from small companies and hobbyists, so just trying to keep your email to yourself doesn't solve everything.
Of course, that nearly every domain anyone wants is taken already is also a bane on us caused by a big company - Network Solutions, the privatized descendant of the Internic, as they realized their old rule of one entity / on domain didn't have to be followed, and blithely made their first evil sale of 80-odd domains to some household name drug company that wanted a domain for each common ailment or something. The idea of saving readable domains for future generations went right out the windows once someone waved money under their nose (and they didn't use that money to improve their UX for over a decade), and now virtually all registers are shills for shoving domains you don't need down your throats. Ugh. At least the old Internic had ethics.
Just like Google had the do-no-evil motto - somehow I doubt that's still a thing. Good luck getting a lost email account of them - they didn't give my Google phone number back even though the system still knows it's mine.
A bit off topic at this point, sorry.
They don't do homepages, shells, mail hosting or anything - just an email address you can forward anywhere you want.
Nothing is stopping anyone from doing the same elsewhere in the world, all you need to do is NOT try to make it into a billion dollar unicorn startup with a hockey stick growth curve. Just make enough money to keep the lights on and maybe pay something to person or two who manage the stuff part-time.
[0] http://www.iki.fi/
(Iki is a version of the Finnish word "ikuinen" meaning forever)
“Before deleting an account, we will send multiple notifications over the months leading up to deletion, to both the account email address and the recovery email (if one has been provided).”
The countdown timer will never start and it satisfies one of googles requirements.
Another way is to deposit cash into something like Google voice or playstore. I used to use Google voice to call internationally and have like $4 in there. Google won't ever delete this account because of my unused funds. Annoying but worth it if the account is valuable to you.
Regardless, remember when Google used to have that storage counter that kept going up? I do.
Q: if I have an email account X and it auto-forwards email to an email account Y , will X be considered as an active account
A: “The short answer will be NO. Google considers an account active if there is a recent login to the account.”
Somehow I can no longer login to the address that forwards these emails and I can't reset my password. It's been like that for a long time.
Suffice to say I'm transitioning away from Gmail. I also assume that there are more people like me in this situation.