I encrypt so much of the stuff I upload to google drive or email. In my case, more because my filetypes and contents tend to trigger malware detection (even though literally none of it is malware or even security research).
Stories like this are why I do it. I don’t know when something is going to get flagged - NSFW or otherwise. I really should de-google and I mean to. Buts its a daunting project for the email address I’ve had since 2004 (my email is now old enough to drink in USA).
2) Subscribed to an email service that lets you use your own domain (for example fastmail)
3) Forwarded all of my email from my gmail account to my new email/domain, and use my new email/domain in all correspondence.
4) Made a separate google account for every google service I used. For example, I made a separate account from my gmail for google play, google cloud and youtube.
It's a bit of work but this allowed me to slowly ease myself out of gmail, and derisk my account activity. Even if fastmail screws up, I can always point my domain at another email provider like protonmail.
Oh, also:
5) Use syncthing for file storage. It's cheap and I can back up TB worth of stuff from decades ago.
(4) doesn’t necessarily help due to googles “Sensorvault”. I’ve read stories where one employee's personal account ban (or ex-employee) resulted in all “related accounts” getting banned as well, locking out an entire business due to some perceived violation on someones personal account, and other employee's personal accounts got suspended by association as well: https://www.reddit.com/r/tifu/comments/8kvias/tifu_by_gettin...
Currently going through this with Reddit. Their appeal process is to submit a form which may or may not be processed, and there is zero feedback for the user. Common advice is to submit the form daily.
I have submitted it 200 times over the past year. I know that it probably just goes into a black void, but it is apparently the official review process, and I am 100% sure there were no rule violations (I was flagged for responding to new threads too quickly and reposting the same educational link a few times because I was answering the same sort of question). It's cruel really. Somehow they made something even worse than the Google approach. Presumably tens of thousands of users are wasting time every single day doing this.
Like others have said, most tech companies are like this and it's unacceptable, even if users are the product.
Google clearly states CSAM is forbidden on their platform.
The user stored CSAM on Google Drive. Regardless whether it is for academic research or not - which in this case, it wasn't. It was for training a model.
Do you really think Google wants to be on the front page of the newspaper saying it allows users to store CSAM?
The user has been caught off guard and that's on them.
And yes, you're not safe either if you store CSAM on Google. Who in their right mind thinks they are?
You’re making a serious accusation without evidence. I don’t know if the file in question was CSAM—because Google won’t tell me. We just have Google’s word for it.
What I do know is that I used publicly available datasets—like NudeNet and COCO—for benchmarking an NSFW detection model. These datasets have been used by researchers for years. If there was anything questionable in them, that should be addressed openly—not used as a reason to erase someone’s digital life without transparency or due process.
I’m not claiming academic immunity. I’m saying it was unintentional, and I had no idea anything I processed could have been flagged. And if there was something problematic in a dataset, I would absolutely want to identify and report it—but I can’t do that if Google refuses to disclose what was flagged.
This isn’t just about me. When a private company has the unchecked power to destroy someone’s livelihood overnight, it stops being a simple platform—it becomes a de facto utility. There needs to be a path for review, correction, and accountability.
I got into a situation a couple of years ago with Google over a few dollars when I terminated my paid GSuite account. It was impossible to contact them to settle the balance. They kept sending emails from a Google-branded department that was clearly outsourced. The process was literally Kafka-esque.
Didn’t manage it in the end. Ended up going to collections who happily listened and cancelled the debt.
I was a happy paying email customer of many years.
I now am sworn never to enter any kind of relationship with Google, and encourage to do the same.
I still wonder why they literally don't seem to care in Europe. I've overdrawn billing accounts (by accident) two times, one 10 years ago, one a year ago. Nothing happened until I remembered about them months and months later, I went to check and both times the accounts were just sitting there closed. Checked my email and they sent like two payment reminders in the first 2 weeks and then nothing ever again.. the one 10 years ago is still sitting there.. it's not like they couldn't have sent it to debt collections, that's also a popular thing here lol.
Same. They did a “funny” thing where they routed my balance owed refund request around the world twice I think I have 12 bounces in the thread. Every bounce was the same useless canned information.
For every hour I wasted on it I filed a complaint with a regulatory body. It probably cost the millions of dollars.
I recommend everyone in a similar situation do the same.
Google suspended my payments account a few months ago without even notifying me. I never received a reason for the suspension, but I suspect it's related to a failed game refund from Stadia, as I see a refund error in my payment notifications. Dealing with Google Support has been a Kafkaesque loop where I have to explain the same thing over and over, only to get the same scripted instructions that take me nowhere. After this dance, they finally say they will "escalate" the issue and then close the case. At this point, I've given up and am in the process of de-googling my life.
I was lucky enough to have had my (first - pretty nice little common username) Gmail account summarily culled towards the early years of my email usage. I was young and I hadn't used the email anywhere where it could get critical - I don't think I had anything critical in life at that time. Besides, my country hadn't moved to emails for personal communications and interactions - it never did, it just teleported into instant messaging.
I was never given a reason. I tried to reach out and, of course, we know how it ends (even then). The thing is, I didn't even use it for anything other than sending emails to friends who were starting in other colleges and kind of just using emails for the sake of using emails. It was the new tool for me. Except one - the teenage me was in long and cosy exchanges with a nice someone many states and thousands of kilometres over talking about Jane Austen and Tolstoy and their works that we both read and loved and what not and also sharing with each other things I now definitely would not call poetry. That still feels like a loss - even after some two odd decades. The silliest thing - I didn't remember the email. Those were the good old days of r1d1clulux_paynthr_56789_b0mb@rediffmail.com. We never asked or revealed each other's names. Those were days like that when you didn't have to worry about whether you were talking to a cat or a fish.
I started using other email services (Yahoo, Hotmail - for a long time those were my main emails) and when I started working I got a domain and moved to a paid email host.
This also taught me a lesson about using free services. Hell, even when using a paid service this can happen. Apple is an example. You feel Google does it, oh boy oh boy, Apple knows how to do the true stonewalling! When you are on the phone with a real human being and that human being stonewalls you and their company (Apple) doesn't even allow that human being to help you, or escalate, or move up in the support chain, you feel that is real something - esp. if you are in a country where consumer laws are less than jokes! Anyway, so that taught me to be ready, to have backups (not just as in data, but as in options), and fallbacks.
I think everyone should experience things like this, but kinda early in life :)
PS. Naah, OP's case isn't like mine. But then people like me (and maybe OP and maybe you) allowed and enabled (still do) Googles and Apples of this world to be this big that they can just do it and get away with it and it doesn't even matter even in countries where consumer laws have real functioning teeth. So that's there.
Let me be clear: I deeply appreciate Google’s efforts to detect and report CSAM. These systems are vital for protecting children and stopping abuse, and I fully support that mission.
But good intentions are not a substitute for fairness. Right now, individuals who are falsely flagged have no way to defend themselves, no way to clear their name, and no meaningful path to restore their livelihood.
If a system is powerful enough to destroy someone’s life, it should also be strong enough to offer transparency, review, and correction. That’s all I — and others like me — are asking for: a fair process to protect the innocent while continuing the fight against real harm."
If you have anything even remotely important tied to your email address… then at least get your own domain name associated with it. It’s not a 100% guarantee that things won’t go wrong, but at least you can recover if your current digital feudal lord turns their ire on you.
All evidence to date forces the conclusion that trusting Google for anything important is tremendously foolish. That includes email, cloud-hosting, search, google apps of any kind, etc.
All professional and personal eMail through gMail?
Oof, buddy. That cock-up is on you. Even if you don’t want to administer your own iron, there are plenty of third-party services that can host your eMail domain.
And with a little work, there is eMail-in-a-box for a turnkey solution, and others like hMailServer if you just want a minimalistic low-effort server running on an old Windows box in your basement.
29 comments
[ 602 ms ] story [ 357 ms ] threadStories like this are why I do it. I don’t know when something is going to get flagged - NSFW or otherwise. I really should de-google and I mean to. Buts its a daunting project for the email address I’ve had since 2004 (my email is now old enough to drink in USA).
1) Got my own domain
2) Subscribed to an email service that lets you use your own domain (for example fastmail)
3) Forwarded all of my email from my gmail account to my new email/domain, and use my new email/domain in all correspondence.
4) Made a separate google account for every google service I used. For example, I made a separate account from my gmail for google play, google cloud and youtube.
It's a bit of work but this allowed me to slowly ease myself out of gmail, and derisk my account activity. Even if fastmail screws up, I can always point my domain at another email provider like protonmail.
Oh, also:
5) Use syncthing for file storage. It's cheap and I can back up TB worth of stuff from decades ago.
https://old.reddit.com/r/androiddev/comments/ts6jfg/google_h...
Also using multiple accounts can result in suspension: https://news.ycombinator.com/item?id=34961069
I have submitted it 200 times over the past year. I know that it probably just goes into a black void, but it is apparently the official review process, and I am 100% sure there were no rule violations (I was flagged for responding to new threads too quickly and reposting the same educational link a few times because I was answering the same sort of question). It's cruel really. Somehow they made something even worse than the Google approach. Presumably tens of thousands of users are wasting time every single day doing this.
Like others have said, most tech companies are like this and it's unacceptable, even if users are the product.
But still, "unzip random NSFW content onto Google Drive" doesn't sound risk free does it
Google clearly states CSAM is forbidden on their platform.
The user stored CSAM on Google Drive. Regardless whether it is for academic research or not - which in this case, it wasn't. It was for training a model.
Do you really think Google wants to be on the front page of the newspaper saying it allows users to store CSAM?
The user has been caught off guard and that's on them.
And yes, you're not safe either if you store CSAM on Google. Who in their right mind thinks they are?
Edit: Grammar
What I do know is that I used publicly available datasets—like NudeNet and COCO—for benchmarking an NSFW detection model. These datasets have been used by researchers for years. If there was anything questionable in them, that should be addressed openly—not used as a reason to erase someone’s digital life without transparency or due process.
I’m not claiming academic immunity. I’m saying it was unintentional, and I had no idea anything I processed could have been flagged. And if there was something problematic in a dataset, I would absolutely want to identify and report it—but I can’t do that if Google refuses to disclose what was flagged.
This isn’t just about me. When a private company has the unchecked power to destroy someone’s livelihood overnight, it stops being a simple platform—it becomes a de facto utility. There needs to be a path for review, correction, and accountability.
More on what happened to me here: https://medium.com/@russoatlarge/when-youre-accused-youre-er...
Didn’t manage it in the end. Ended up going to collections who happily listened and cancelled the debt.
I was a happy paying email customer of many years.
I now am sworn never to enter any kind of relationship with Google, and encourage to do the same.
For every hour I wasted on it I filed a complaint with a regulatory body. It probably cost the millions of dollars. I recommend everyone in a similar situation do the same.
I was never given a reason. I tried to reach out and, of course, we know how it ends (even then). The thing is, I didn't even use it for anything other than sending emails to friends who were starting in other colleges and kind of just using emails for the sake of using emails. It was the new tool for me. Except one - the teenage me was in long and cosy exchanges with a nice someone many states and thousands of kilometres over talking about Jane Austen and Tolstoy and their works that we both read and loved and what not and also sharing with each other things I now definitely would not call poetry. That still feels like a loss - even after some two odd decades. The silliest thing - I didn't remember the email. Those were the good old days of r1d1clulux_paynthr_56789_b0mb@rediffmail.com. We never asked or revealed each other's names. Those were days like that when you didn't have to worry about whether you were talking to a cat or a fish.
I started using other email services (Yahoo, Hotmail - for a long time those were my main emails) and when I started working I got a domain and moved to a paid email host.
This also taught me a lesson about using free services. Hell, even when using a paid service this can happen. Apple is an example. You feel Google does it, oh boy oh boy, Apple knows how to do the true stonewalling! When you are on the phone with a real human being and that human being stonewalls you and their company (Apple) doesn't even allow that human being to help you, or escalate, or move up in the support chain, you feel that is real something - esp. if you are in a country where consumer laws are less than jokes! Anyway, so that taught me to be ready, to have backups (not just as in data, but as in options), and fallbacks.
I think everyone should experience things like this, but kinda early in life :)
PS. Naah, OP's case isn't like mine. But then people like me (and maybe OP and maybe you) allowed and enabled (still do) Googles and Apples of this world to be this big that they can just do it and get away with it and it doesn't even matter even in countries where consumer laws have real functioning teeth. So that's there.
"'I never thought leopards would eat MY face,' sobs woman who voted for the Leopards Eating People's Faces Party."
Read my medium article
"When You’re Accused, You’re Erased" https://medium.com/@russoatlarge_93541/7a09ebe8bf6a In the article I say:
"A Necessary Fight — But Accountability Matters
Let me be clear: I deeply appreciate Google’s efforts to detect and report CSAM. These systems are vital for protecting children and stopping abuse, and I fully support that mission.
But good intentions are not a substitute for fairness. Right now, individuals who are falsely flagged have no way to defend themselves, no way to clear their name, and no meaningful path to restore their livelihood.
If a system is powerful enough to destroy someone’s life, it should also be strong enough to offer transparency, review, and correction. That’s all I — and others like me — are asking for: a fair process to protect the innocent while continuing the fight against real harm."
“Lost everything”
“I made no backups”
It’s becoming a common lament.
Folks, please note you need backups of data if losing it would be a problem.
That is all.
Oof, buddy. That cock-up is on you. Even if you don’t want to administer your own iron, there are plenty of third-party services that can host your eMail domain.
And with a little work, there is eMail-in-a-box for a turnkey solution, and others like hMailServer if you just want a minimalistic low-effort server running on an old Windows box in your basement.
Unfortunately that it got csam flagged and rubbish support options is classic Google but still a pretty bold move on authors part