
“Accounts merged and now my files are gone” - damncabbage
https://productforums.google.com/forum/m/?fromgroups#!topic/drive/xUgB4p1I2QY
======
estebank
I think the problem here is with Google's Multi Sign In[1], which makes it
look like all accounts that are loged in are related, when in fact they are
not, it just gives you an "easy" way of switching between accounts across
Google services.

Both Molly and Amy (in the OT) have gotten confused and assumed that the
accounts had been merged indefinitely (who can blame them? This is as much
PEBKAC as horrible UI) so they attempted to "unmerge" them, ending up deleting
one of the accounts.

The way to "unmerge" them is to log out of Google. Then, next time somebody
logs in, there will only be one account.

This UI is horrible, I had a similar uncomfortable moment trying to log one
account but not the other, even though I knew that they had not gotten merged,
it sure seemed like it. The intention was good, the execution lacking (my
guess is that there were lots of technical reasons this couldn't be done
cleaner).

As soon as Chrome introduced Multiple Users[2], I started using that and it's
much better, with less mental overhead to check which account is loged in (I
use a black theme for one account, a white theme for the other). For other
people/accounts, I just use Incognito mode. For most end users, this is still
too much overhead for them, but in that case the only solution I could see is
autologout, which has its own problems.

1: <https://support.google.com/accounts/answer/1721977?hl=en>

2: <https://support.google.com/chrome/answer/2364824?hl=en>

~~~
rayiner
The multi sign-in UI is one of the worst bits of UI fail I've ever
encountered. I had to struggle with it for three long years (my university
used a Google-based e-mail, plus I had my personal gmail). Why the hell can't
I just see multiple inboxes on the left hand side, like every e-mail app for
oh the last 15 years or so.

~~~
raverbashing
And that's why I use two separate browsers.

Ugly, but it works

~~~
dumitrue
A less ugly alternative, which I much prefer, is to use multiple Chrome
profiles -- keeps the worlds separate and the end-result is much cleaner!

------
patio11
I'd encourage people to think of this less as "Wow, she misinterpreted a
series of options and got progressively father from her goal state until it
was unrecoverable; sucks to be her" to "This is computers as perceived by
people who do not make a living making computers work, and we should
anticipate them not always understanding our applications and design them to
facilitate understanding when possible and make correction easy when not, to
the maximum extent possible."

~~~
pasbesoin
As someone who's had to support "normal" people on Google products -- as well
as other products with similar problems -- for some time, I couldn't agree
more.

"There is a way to do this" does not equate with the "average" user 1)
Understanding this; 2) Remembering this especially when used infrequently; 3)
Allowing themselves to be arsed with it when it's a cumbersome process.

Further, product managers and "designers" keep changing the design. Even and
especially designs that were meant to convey e.g. the existence of and
validity of secure connections.

Everyone wants the marketplace of "computing for the masses". Well, you need
to design and engineer for those masses, as well.

To some extent, this is being "resolved" by "the masses" already being
onboarded and managing, through constant exposure, to somewhat keep up.

However, this means of "dealing" with the problem leaves plenty of room for
failures, some of which are pretty spectacular for the individuals and/or
organizations involved.

"Secure" your documents in our "perpetually" available and backed up online
storage... "Whoops", they're gone!

A blip on the map. Except for the user involved.

~~~
ritchiea
Allow me to correct you, everyone wants to design for smart, advanced users
who have the latest browsers that allow us to do cool stuff while we hope that
the masses will get with the program / super users will tout our product so
well the masses feel they must adopt it.

Obviously that's an overgeneralization but I don't know very many people who
actually want to design for the masses. Converting the masses is only
something we value because we know it's necessary to make a lot of money, not
because we believe reaching the masses by itself is a sign of great design or
innovative work. For example most developers and almost all designers I know
use macs and design for macs (e.g. web typography that looks fantastic next to
Mac OS UI elements and out of place next to windows UI elements) even though
many of their users may be using windows.

------
kijin
To everyone who says that using Incognito mode or a Guest account will fix the
problem: yeah, most of us already know that. The problem is, most of us (HN
readers) are not the average Google user. The average Google user is more like
your granny. When she borrows Uncle John's tablet, she expects it to work just
as if she had borrowed his lawn mower. Lawn mowers mow lawns just fine,
regardless of who owns it. Why shouldn't tablets do the same, asks the average
user.

In addition, the problem that OP describes is only a _symptom_ of a much
larger paradigm shift that (a) has been happening for a while, and (b) is in
the interest of many Internet services to impose upon users, too. The idea is
that a computing device only has a single user at a time. Instead of logging
in and out all the time, you just stay logged in indefinitely, so that
identification of a device suffices to identify the owner and everything you
do on your device can be attributed to you. Logout means nothing if they can
still track you with extremely-difficult-to-delete "evercookies".

The problem is, even today, most devices are only single-user 99% of the time.
Ordinary people borrow one another's laptops, tablets, and phones all the
time. Because devices get lost, stolen, damaged, or out of battery all the
time. Because when your best friend buys a shiny new iPad X, she lets you
borrow it for a couple of hours. Desktop OS's have Guest accounts, but they
are often not enabled by default, and even when enabled, it's a hassle to
switch accounts. So when a service is designed on the assumption that a device
only has one user at a time, it works 99% of the time, but it fails in an ugly
way the other 1% of the time.

When a cousin borrows your brand-spanking-new Android-based LTE-enabled DSLR
(I don't know if such devices exist, but why not?) to take pictures on her
trip to Hawaii, you shouldn't have to worry about having inappropriate photos
of her automatically uploaded to your Dropbox and stay there even after she
deletes them from the camera. Ditto for your Gmail app, any other app that
identifies your device with you, and any web app for PCs that work under
similar assumptions. Something is suboptimal here, though I'm not sure how it
might be fixed without great inconvenience.

~~~
chetanahuja
Newer Android tablets (with Android versions 4.2 or later) have what IMO is a
pretty decent solution for the multi-user device. Of course like all things
Google recently, the UI is "clean" which basically means "fuck you user... I'm
an artist.. here's a plain white surface for you. Read a manual if you
actually want to turn this thing on".

[http://www.gottabemobile.com/2012/11/16/how-to-use-
multiple-...](http://www.gottabemobile.com/2012/11/16/how-to-use-multiple-
users-in-android-4-2-jelly-bean/)

------
eksith
Well hindsight is always 20/20, but I don't think it's fair to just say
"should have done x" at this point. It happened. It's done. Now where do you
go from here?

This is the one thing in Facebook's favor (you can criticize privacy, but it's
still a good feature IMO). There's an "undo" for deletes available for a short
period.

Also, I have a habit of keeping a secondary email where I forward a copy of
all incoming messages. It's a bit of a hassle, but that's another free
provider so in the unlikely event one gets nuked, I can quickly grab my things
via POP on the secondary (and leave a copy there). So that's 3 places I keep
attachments etc... for the future.

You always sacrifice independence and self-sufficiency for a bit of
convenience, whether it's accounts or milk. Not quite ready to keep my own cow
yet, but I'm counting on my neighbor's one for my daily supply for now.

~~~
reddit_clone
This should be talked about more. I see no reason (privacy or otherwise) that
they can't put deleted accounts 'on ice' for some time before permanently
deleting the contents.

Give the poor souls with fat fingers a chance to recover.

~~~
MertsA
Google already does this, evidently the user also managed to wait a while
before realizing that the big red "Delete Account" button deleted their
account.

------
magicalist
Jesus, this is the top of the front page?

Not only did this user not merge their account (because that doesn't happen,
as many people here have noted), deleting your account is a pain and a decent
amount of work that is difficult to do accidentally (see this walkthrough[1]
about how explicit the process is: you have to click a checkbox for each
product you currently use), _and_ there is an account restore procedure after
deletion[2].

Now, it is possible this user was confused and did all these things, then
waited too long to try to restore their account, but there's not much else you
can do for a person like this. You don't want a deleted account to be
restorable for too long. They ask about Drive documents, but a mainstream and
obvious backup for that _does_ exist (not sure what it does if your account is
deleted, though). Maybe make multiple sign-in disabled by default so that
people won't accidentally do it? That's just going to annoy a different class
of users...

Regardless, if people are going to reflexively vote up every bad user story in
the google product forums (and why stop there? there are help forums all over
the internet!), the front page is going to be...not very interesting.

[1] [http://howto.cnet.com/8301-11310_39-57388685-285/how-to-
back...](http://howto.cnet.com/8301-11310_39-57388685-285/how-to-back-up-then-
delete-your-google-account/)

[2]
[https://support.google.com/accounts/answer/1212172?hl=en&...](https://support.google.com/accounts/answer/1212172?hl=en&ref_topic=2382753)

~~~
ivix
Have you considered that the story presents an interesting case relevant to
designers of these kinds of UI?

~~~
magicalist
Except we can only speculate on the kind of UI involved.

\- Multi sign-in isn't great, but how did this user get in that flow in the
first place? ("Add Account" isn't something most people would find inviting).

\- How did this user accidentally delete her account? The process is actually
fairly involved, and is difficult to do accidentally.

\- How long did this user wait to restore her account? According to the help
docs, you have a grace period to restore an account.

\- What "representative" did she talk to? As far as I know, there's no chat
support for free Google Apps.

Without this information, there's only speculation to be had, which is the
entirety of this thread (in fact, most of this conversation has to do with
"advanced" uses of multi sign-in, and has nothing to do with this story).
There are a million stories like this, and this is a poorly told one. As
should be expected! The user was not writing this to serve as the basis for a
discussion on confusing UIs and bad user flows.

That was my point. Feel free to point me to the interesting UI discussion in
this thread.

~~~
joelg236
There is a lot of UI discussion at the top now.

------
lenazegher
I don't really understand how this process works. I use multiple accounts from
the same machine every day. I'm usually signed into more than one at the same
time. But there's no indication that the accounts have been "merged" to any
degree, or there being a primary account.

Can someone shed some more light?

~~~
mrhyperpenguin
The OP checked the "stay signed in" option when logging in to his or her
Google account on another computer and all of the accounts that were logged in
were listed in one menu. He thought Google had merged the accounts and ended
up deleting his account.

The solution is simple, just click the sign out button and Google signs out
all accounts that are configured to "stay signed in." Alternatively, he could
have cleared his cookies or waited for them to expire.

Some people have been saying this is because of bad UX on Google's part.
Google is kind of in a catch-22 situation here. They want to upgrade how
multiple users check their Gmail on one browser but no one wants to learn how
use their new system (I got frustrated when they introduced their new UI to
compose emails and had to show a tutorial on how to use it.)

~~~
SeanDav
Here is a thought - why don't they use the email address and password to
distinguish between users....

~~~
jonknee
They do... The problem is a possibly confusing UI for multiple sign-ins
(distinct email addresses and passwords). Most sites don't have this as a
feature so there's not a standard UI for it [yet].

------
damncabbage
I think there are two lessons:

1) Use Incognito when using other machines, or

2) Don't trust Google with precious things.

~~~
trumbitta2
Use Incognito is definetely the way to go when you borrow someone else
computer

~~~
StavrosK
I'm always paranoid that they'll have keyloggers/malware installed. I only log
in to things from my phone, otherwise I don't log in.

~~~
Achshar
Two factor authentication can easily solve that problem. I used to feel uneasy
about logging in on other systems, but now I don't mind using incognito and
google authenticator.

~~~
Dylan16807
How does it solve anything when there's a checkbox right there to permanently
authorize the computer to not need the second factor?

~~~
5h
s/permanently/trust for 30 days/

Still not great, but it's not permanent.

You can also log out other sessions in google apps, not sure if that resets
the dont-do-2factor-auth bit though.

~~~
Dylan16807
You have to reenter the _password_ in thirty days but you never need the
second factor ever again (at least in some cases, which in security terms
might as well be all cases). The important part is in fact permanent. I'm
rather skeptical on the security offered.

Edit: I'm still looking for some kind of documentation for it, but I know this
firsthand. I set up two factor authentication several months ago and chrome
has not asked for anything other than the password since. I can even go into
the two factor _settings_ with only my password, which gives me complete
control to make unlimited single-use codes, or authenticate a different phone,
or turn the whole thing off.

~~~
Achshar
There is no way for you to read the one time passwords. You can only disable
them from dashboard or make new ones. The parent comment was about keyloggers,
and the don't-require-two-factor-auth checkbox is for browser cookie session
only. So there is no way for a keylogger to exploit the checkbox. The attacker
can only know your email and password, not your browser's cookie data.

~~~
Dylan16807
I was not talking about application-specific passwords. I was talking about
the ability to make 'backup verification codes' which can be used anywhere a
second factor is needed. Once they have your first login they have a permanent
all-powerful backdoor to your account unless you go in and hit the button that
resets all logins.

But more importantly, your threat model is rather urealistic. Why would you
trust an infected and keylogged computer to not be able to steal something as
unprotected as cookies? You're right that in some kind of situation with a
'pure' keylogger you're safe, but you could get the same level of safety by
doing something silly like log in with an on-screen keyboard. I think such a
narrow threat model is misleading.

------
codegeek
There is certainly something broken with google's multiple sign-ons. Here is
what happened yesterday:

\- My wife was logged into her Gmail account.

\- I then logged into my wife's Picassa web account to share pictures with
someone. I needed some information (an email address) from my own gmail. So
for so good.

\- So I logged my wife out of her gmail while keeping her signed in to Picassa
web.

\- Then I logged into my Gmail and got the info I needed.

_ I came back to my wife's picassa web acciount and when I tried to share an
album with someone by entering the email address, whoops I get a 403 FOrbidden
error. WTF!!

After a few mins of thinking, I thought why not log me out of Gmail and login
back as my wife suspecting that google might be confused b/w 2 logins ?
Bingo!! It worked. WTF google. Seriously!!

~~~
philwebster
This isn't that surprising. I've always assumed that logging out of any Google
service will log me out of any other Google services I'm logged into (with
that account).

I do think they could make it more obvious what is going on behind the scenes,
so that in your case, Picasa would have noticed the account was no longer
logged in before it let you share the album.

~~~
rayiner
> This isn't that surprising. I've always assumed that logging out of any
> Google service will log me out of any other Google services I'm logged into
> (with that account).

Why on earth would a normal person assume that?

~~~
danielweber
If I have two tabs open to my bank, and hit "logout" in one, I'd assume my
session was dead for both tabs.

~~~
rayiner
Right, but if I'm logged onto my checking account and my auto loan, I don't
expect logging out of one to log me out of the other just because both are
owned by the same company.

~~~
ISL
In a banking context, I'd expect the bank to do the most conservative thing
possible.

------
sethbannon
The title of this post is horribly misleading. It's perfectly safe to log into
your Google account on a friend's machine.

~~~
hatsix
Right, title should read: "I deleted my account, and now my files are gone"

------
b0rsuk
In addition to this, Gmail puts message's subject in page title. Someone can
check History and read your subjects. These can be quite revealing, for
example when you're into some kinky kind of sex. I don't fancy censoring the
subject each time I write a message.

~~~
twistedpair
But you let this person on your machine. They could install a keylogger as
well. Presumably if you're so paranoid you'd not let others user the machine.
:)

~~~
Dylan16807
Keyloggers generally require root. Also if I'm watching them use the computer
they won't be able to install anything but they'll certainly be able to see
history while typing in the address bar.

------
nine_k
Letting your friend use your machine?

If it's a one-minute look-up, open an incognito window for him. If longer,
_log off of your google account_. And other accounts, preferably.

It's best to switch the desktop user to 'guest', it's easy under most OSes
now.

~~~
joeblau
+1 for ⇧⌘N. I do it for them.

------
tsm
Anyone else think the title is a bit too linkbaity? Only the Sith deal in
absolutes...

("Never log into a Google account on a friend's machine", in case it gets
changed later.)

~~~
damncabbage
I upvoted you and I'm the OP. I couldn't think of a better title that didn't
span an entire line.

( _"Use Incognito Mode when using a friend's machine or risk having your
accounts stuck together"_? Or maybe _"Don't log into a Google account on a
friend's machine without using Incognito"_? It's a bit too late for me to
edit, unfortunately.)

------
gexla
That's one way to get to inbox zero. ;)

I would move away from Gmail completely but it's great for the search
capabilities and Google Drive is really nice for a good enough doc suite.

One of these days when I get enough time I will download all my messages and
just use Gmail / Drive as a container for archived info I want to be able to
access from anywhere and use the Gmail search capabilities.

To the other suggestions, I would add that you should get your own domain name
for your email to go to. That way you can switch the back-end service at any
time.

If I know ahead of time that I might have to use a Windows computer that I
don't own, I carry around a USB drive with Portable Apps and everything
encrypted with TrueCrypt. I have been able to put together a pretty decent dev
environment on a USB stick (except that USB sticks are slow.)

That's probably still asking for trouble though. You never know what someone
might have installed on their computer. A separate browser as a portable app
won't protect you from key loggers.

------
iaskwhy
Once I wanted to delete one of the blogs I had with Tumblr and, in the end,
without understanding what was happening, I deleted my account instead. I'm
usually very good understanding workflows so I got really surprised by that
outcome. It was also not possible to recover any data. I kept a diary there so
it really sucked.

------
yashg
Ah perils of storing important documents on a free service. It's good only as
long as it lasts. And since you are not a customer for the service, expecting
them to do do anything to bring it back is too much to ask for.

~~~
andybak
With most paid services a user could also inadvertently delete their data
irretrievably.

So I'm not sure you're drawing the correct conclusion here. It's more about
whether there is a flaw in the specific UI around this functionality or
insufficient warnings around irreversible actions. Without knowing what the
user did it's a difficult call.

~~~
shiftpgdn
With paid services I can typically get some sort of customer support and have
them restore from their archives.

Google couldn't give half a damn about their users.

~~~
leephillips
Google telling her that the files were gone and that there was nothing they
could do translates to "why should we bother getting your files back for you?"
(Obviously they can do it, but it would take a highly salaried person some
time, so, no.)

~~~
shiftpgdn
I'm not sure about anyone else but if my Gmail account were to vanish I'd be
willing to pay a significant amount of money to get it back.

Which reminds me I should probably start keeping backups of my Google
services.

~~~
leephillips
But it would be even worse PR for Google to offer data recovery for money,
because that would be admitting that it's possible, but that unless you pay
you're not getting your files back. Much better story to claim that the files
are just "gone".

~~~
tjoff
It should be _even_ worse PR for Google to admit that they don't even know how
to restore from their own backups...

------
mjs7231
How are these people deleting their friends accounts without a password? Does
Google not confirm your password a second time when deleting your entire
account? Seems silly if they don't.

------
rdl
I would _never_ let alone log in under one of my logins on any machine, or log
in under someone else's login, on a system which supports multiple logins. I
mean, even on the shared home theater box, I have separate logins. Too many
keys, dotfiles, etc.

------
Yuioup
What if you go to GMail and then go to the bottom right which says "Last
account activity"? Click on the "Details" option and then "Sign out all other
sessions". Does that help?

------
enemtin
This just happened to me and it deleted all my bookmarks and settings and
synced with the new users settings and added their bookmarks. So frustrating.

------
webjunkie
Or always use an incognito window at least.

------
harrietg
My biggesT beef with multiple signin is dealing with google analytics/the
other products that don't support it yet.

------
glennos
Agree with the general sentiment here. Multi-account support is an awful
experience. I use Chrome profiles.

------
ancarda
>I let someone else borrow my computer

This is precisely why there is a guest account on my computer that other
people can use. It's fully sand-boxed in the sense they can't access accounts
I'm logged into. It should really be enabled by default on all OSes.

------
bbanyc
People think I'm weird for logging into Gmail with IMAP from Thunderbird. Not
mucking with browser sign-ins is one of my reasons for it.

------
jaynate
Google backup service seems like a valuable proposition. I assume someone's
already implemented that.

~~~
leephillips
You mean people commonly use Google Docs without keeping their own backups?
That sounds crazy.

------
sammyo
Using a different browser than the one used by the friend would prevent this
from occurring.

------
qwerta
Solution:

1) find backup

2) restore from backup

3) live happily ever after

Of wait, you dont have backup...

------
johnminter
Show the importance of gmvault...

------
SonicSoul
ctrl/cmd + shift + n

------
workbench
File this under why I don't use Gmail or any other Google service

------
IgorPartola
If you suspect malicious intent, then never do this. A key logger will reveal
your password immediately, and a rouge browser will save your session even
though it will tell you that you signed out.

However, for 99.999% of the cases, just use incognito mode and close the
window after you are done. Next!

~~~
tsm
Did you even read the article? It's not about security...

~~~
IgorPartola
I did, and the underlying issue is security. Don't let others have access to
your session and you won't experience what the author experienced.

