Until I inevitably burned myself with Google. I have no idea what happened but my account was terminated suddenly. No warning and no explanation as my backup address was no longer valid. This was two years ago. I lost documents, account details, contacts, calendars, email history, conversations between people on hangouts plus my phone decided to ask me to sign in again and became as useless as a dumbphone instantly.
Took about a month to reorganise my life and I lost contact with people, failed to complete tasks because my record was gone, lost control over my personal finances which were in Google sheets. Probably burned a week of my life on this as well.
Now using a cheap Nokia 106, POP3 box with gandi.net, mozilla Firefox and lightning, encrypted USB sticks for backup and LibreOffice. Never been happier.
I am genuinely afraid of going through this again. Everything remains portable between OS and provider now. Things are more volatile than we realise. I understand my father now.
I'm not against using all in services like Google but you need backups, an exit plan and a DR strategy explaining where all the services will go plus the time to carry it out. If you don't have these or it's too expensive to do this even for a personal user, don't even cross the starting line with the product.
Edit: Also beware of potential mergers, political whim and products being redacted or broken for long periods of time. All of these have affected me over the years.
It just seem not sustainable. If you would do this with paper in the past, your place would just be full of junk. Our cloud life is an horrific stack of garbage. We just don't need most of the things we store, keeping everything as proof of evidences for a potential event that will surely never happen, as if we were all super important targets of an improbable crime scene.
I hate this ideology. Thinking about getting out of it is perfectly sane.
 Yes I know storage is cheap, but then forget about ecology and climate change control, I have no proof of this but can't believe that all the Google servers of the world don't have an impact, even if it seems quite clean
That might be viable if Google had kept its promise about users never having to delete their emails. As it is, the total capacity (shared with Gdrive) is 15GB, which wouldn't be much of a life.
I was one of the first Gmail users outside Google and got to 14.99GB some time ago, just with email. And I delete loads of it.
But I don't worry too much about losing Gmail. First, all incoming email is forwarded to an Outlook.com mailbox (which never complains about lack of space). Second, I use my own domain name. As long as I never forget to renew that, I should be OK....
Great point, and I see a chilling effect in your file storages being used to determine your "character" should you be involved in a lawsuit of some kind.
As an innocuous example, perhaps due to my being a millennial, I save thousands of memes on my phone that I find funny and share them with friends on a daily basis.
I would be shocked to hear if myself, or someone I'm friends with, was deemed a "horrible person" by the courts because some Shutterstock images with overlaid text have some dark humor attached.
This is ridiculous reasoning. The best (though imperfect) proxy for the climate impact of a given service is how much it costs. If Google is giving away the service for free, it can't be costing them a lot of energy to run (or alternatively it's producing a lot of value for them).
Also, I am not sure to about drawing a correlation between cost and climate impact.
I tend to delete lots of things people might keep. I keep my inbox empty as well. Life is easier that way rather than deferring all the storage decisions later.
Google should not be allowed to cut someone off from all products without, at the very least, a reasonable period of time during which data is available in useful export formats, email still functions 100% so one can transition important accounts that use it, etc.
Consumers are getting hurt in a big way by these giants and nobody is doing a thing about it.
Nobody reads these things. Ergo, nobody agrees to them.
Let's get it in front of a Jury. What do you want to bet that not one person in the Jury has ever read these incredibly one-sided, purposely obscure, usually incredibly long and complex agreements? Nobody. Not the Judge nor the Jury.
Not to get political, this is precisely one of those things that earned Democrats a defeat. Demeaning and diminishing others eventually has consequences. Being completely insensitive to the needs and plight of average folks. To hide behind EULAs crafted by the powerful, for the powerful and damn you little insignificant people is disgusting. To think so little about people and users that it is deemed OK to upend their lives instantly by a mindless, heartless algorithm.
This is the behavior of a mean vindictive totalitarian dictator, not of a business that purports to be guided by Democratic ideals and concepts such as "first do no evil". The hypocrisy is deep and wide.
Nah, a Jury would destroy them.
It's been a while since I've looked at the enforceability of clickwrap class-action waivers, but it's either enforceable or not as a matter of law. No factual issues in dispute = no jury required.
I'd be surprised if these things could survive a well mounted legal challenge purely based on common sense. The intention of these companies is to take it all from the user and have exactly zero responsibility and exposure. Way too one-sided for companies that affect hundreds of millions of people, particularly if they claim not to do evil.
If public shaming won't do it maybe government intervention will.
Google provide data export from nearly all of their services in standard formats. Where no established open standard exists, they provide clean HTML or JSON.
As someone who has nearly completed their GExit, I'd say I found Takeout to be borderline useless as an export strategy.
On the other hand, please understand that there is no better option. Said differently: Google Takeout has made the BEST choice here. I giggled with delight when I saw they chose mbox.
[...] 1975 [...]
No idea what I'll do when Thunderbird eventually goes away - what is the replacement with identical functionality on macOS? I only want to grab mail and append to my existing mbox files.
You can donate to the project, I just did so today in fact:
eg. my Outlook PSTs and OSTs are useless to me as I have nothing that will open them.
Calendar data you can mainly download as .ics files. Addressbook data is somewhat trickier, a directory full of VCARDs is probably the gold standard.
Maildir is ok. Mbox couldn't be retired early enough.
There was a company called Power Ventures. They made it easy to export your Facebook data. They never stored anything the user didn't have a copyright interest in (that is, they only stored the user's own data, like their profile pictures and status updates). Nevertheless, Facebook took them to court and shut them down. The company had trouble retaining a lawyer after the shutdown (and companies must be represented by a member of the bar -- pro se is not allowed) and ultimately, the founder was held personally liable for $3 million in damages.
That's what happens if you look like even a remote threat to a major technology incumbent.
We need to fix our tech access laws.
Furthermore, they're not preventing you from reselling your phone at all - just deleting your account. Not "deleting your account if you do resell it" just deleting your account. First sale simply means they can't sue or get you arrested. They can do anything else with you, and refusing to do any further business with you certainly falls within that scope.
Without additional laws there's nothing to do here.
TLDR: never use your main Google, or Facebook, account for anything, not even buying a Google made phone, or buying Facebook ads for your own company, just never ever do that, so that at the very least, the pain is spread. They are businesses, and you do not want to give them a trivial way to retaliate or use this in a negotiation.
Be easy :) . I have 6 facebook accs for 5 of which I forgot passwords, 4 google accs out of which 3 got permalocked because sms confirmations simply never go through to half of Russian numbers, and I think 5 Paypal accounts all of which got blocked because "hey, you are the guy whom we blocked last year! you dared to register again? unforgivable!"
Yes, don't keep things online, you will be better off
Just because they claim it doesn't mean it's legal nor moral.
We, as you intimate, probably need legislation to protect the data of users, requiring companies to take due care of it and requiring they provide access to users leaving a service, etc..
Moreover I think work needs to be done on enabling products, including software, when a seller/manufacturer withdraws support. Phones could be required to have systems that enable interoperability across service providers. Games could be required to publish servers and/or protocols allowing them to be used when companies EOL them.
It's just that you have to be prepared before shit like this goes down.
Eg, a distributed access system like IPFS, but for personal use only (closed network, as best possible) would be ideal. Including distributed though, it needs versioning like Camlistore.
Ultimately i'll just go with Camlistore and likely build tools around the access UX. It's the best i've found, without rewriting it myself (too much work for too little gain atm, imo)
That's fair. I wonder if it would be worth it to write some type of camlistore extraction tool. Eg, plug in a USB, autoruns a script which mounts a blob store as a fuse FS.
Hell, the blob store could be packed with the USB.. a sort of way to backup Camlistore that your family can always access. I actually like that idea. Fuse may not be a good access model (it's tied to unix of course), but maybe just a couple binaries that will auto run and display the stored camlistore blobstore.
Sounds like a nifty project and nifty way to backup camlistore for family/non-tech oriented. No servers needed, no understanding of the tech you use. As fool-proof as you can make it.
Thoughts on this related to your model?
What if the ABI breaks, the CPU architecture changes or the project gives up at some point in the future?
Ergo, I prefer to leave just the data. The data is hard enough on its own: http://www.bbc.co.uk/news/technology-13367398
With Camlistore it's one level extracted. You'd need a tool to decrypt and scoop up all the chunks for a given file - but you could write that in Bash. The Camlistores blob store doesn't do anything fancy (that i recall! i could be wrong), it's just a bunch of json documents with the file contents in them.
Though, Googling it now, it looks like BitLocker comes with Windows, so i can see why you like that. Your family doesn't need any tool, it's built into Windows. Not sure how that works with OSX though.
> What if the ABI breaks, the CPU architecture changes
Totally valid - but i could throw what ifs all day long. What if your family isn't on Windows? Here is what i got for OSX (no idea if it's accurate).
Though this does raise a good point - while a binary is nice for dependency free solutions, having non-bin solutions might be nice too. Eg, a Pyhton solution included is likely to work on all operating systems. The user has to of course install Python, which is bad. A platform specific solution (bash or dos) might be handy too.
Binarys only would indeed be potentially bad, you are correct, thank you!
> or the project gives up at some point in the future?
Well in my proposal, the project is irrelevant. The exporter is already made. As long as the user can run one of the compiled binaries they could access/export it fully (in the concept, of course)
Will mull over your ideas; there are definitely things to be gained and there's always tradeoffs that need to be considered.
I do like Camlistore's approach to generic data storage though - ie, there is no organizing files/etc. Of course you can always go back and add metadata, but i treat it like a database dump - which is quite nice.
I think what i need is to find the simplest solution to export/expose the data within camlistore. Then i can encrypt like you are, and be sure that family can get data back out. Hmm, much to think on.
Appreciate the discussion :)
I am very sceptical about my ability of maintaining it on the long term.
Turns out the former is only around 22Gb of mainly code, documents, videos and photos. The latter is 250Gb of music, films etc.
The latter goes on a NAS with a mirror on the laptop.
The important stuff lives on the laptop protected by bitlocker, an encrypted USB stick protected by bitlocker that is on me 24/7, the NAS and another offline unencrypted USB stick that I drop off at my parents' and cycle every six months. All disks are replaced every three years. All USB sticks once a year.
All file transfers are done with Beyond Compare by hand and verified after.
~> A handful of manual steps you need to remember to do.
The only offsite you have is at your parents, and is only "uploaded" every 6 months.
Isn't it just better and easier (at least long term) to just use duplicity (or equivalent) and sync your NAS to any backend (Drive/Onedrive/Dropbox/Hubic/etc)? And then just use your NAS as your "true" storage? Then it'll just run until your configuration changes (NAS switch, service discontinued, etc) at which point you reconfigure it once.
If you make it a conscious scheduled process you know it's working.
I'm a relative expert with duplicity (I run a whole pile of stuff in AWS that uses the S3 back end for backups) and it's not a solution I really entirely trust. First you incur the wrath of configuration i.e. the initial ramp up to get it working, then there's the monitoring overhead which isn't trivial as it isn't the quietest bit of software known to man, and finally we have the complexity perspective which introduces a lot more code, network transport etc.
Plus it is horribly buggy, particularly with incrementals, metadata and corruption. The same is true with Google Drive, OneDrive, Dropbox which I have used.
Edit: comedic timing perhaps, but since I wrote this post I've just got a duplicity failure to deal with...
or.. put a box at your friends house with as much storage as you want. Back when I had FIOS (and it was fast & reliable) this is what I did. Put a NUC with a friend, had an external drive, we were each others offsite backup location. Quite handy.
Because the likelyhood of Google banning your access is way lower than
* Data corruption
* House fires
* Human error (Cleanup, house moves, random acts of brain farts, and suddenly you can't find your USB stick)
Google's data is presumably replicated across multiple AZs, and they have more automation invested in data integrity.
I am personally/professionally qualified to keep my data extremely safe and distributed. It's one of the things I do at work, at scale. But it's not easy. It is, after all, work. I don't have to worry about that using Google and other online services.
And, in order to mitigate against the extremely unlikely event of Google going haywire and perma-deactiviating my account, I run takeouts twice a month. These large data dumps don't need to be heavily redundant, since it's exceedingly unlikely I'll need them at all.
Granted, going from a takeout backup back to 80% functionality would be a ton of work, but I'd lose very little, and I could indeed become functional again in relatively short order.
I wonder if people who decide to ditch most things Google/cloud for no other reason than concern about the risk of said cloud providers terminating their access have truly considered the risk/reward. Bad news, like specific cases of 'unjust/surprising' account termination percolates up to wide visibility quickly and easily, and stays with the people who read such things a long time. The hundreds of millions of accounts that have no such problems escape our attention.
I don't know the odds of my Google account getting terminated, but I'm pretty certain that it's in the same magnitude as the number of people winning the lottery per year.
Having said that, there are a lot of other good reasons to think about ditching cloud providers.
So: 2 backups, from which one is off-site and archives, just in case - this should keep you going for a while with self storage.
There's bit-rot though: https://en.wikipedia.org/wiki/Data_degradation#Decay_of_stor...
I've worked in IT for over ten years, and have not once, once seen a blu ray in person, or ever handled a machine capable of reading one. It'd be incredible afraid to have my backups in something that requires some expensive exotic device to be written/read.
You'd be much better off with USB sticks.
They claim the discs should last 1,000 years. Obviously no-one has tested this.
This allows me to change the actual e-mail provider when needed. I already moved (successfully) away from Gmail, and I'm currently considering moving again as the spam protection of my current paid-for email service isn't that great.
I think the redirection service is ingenious. Sadly it isn't available worldwide, so I won't advertise it here, but I'm sure there are others like that.
I admit though, this is probably over the top for most people. I do it because email is my job, so it's useful to have my own servers for testing stuff.
Email is very portable if you keep it in a place you control. You're pretty much just paying for a collection and caching service if you use POP3/IMAP and store your important folders locally. That is portable in a couple of hours between hundreds or thousands of different companies who operate standard protocols.
And then there's the possibility of running your own MX with postfix/dovecot etc if you really want.
But why was Google unable to re-instate you? Was it because you had no way to prove your identity to them? Were you able to reach anyone?
for those in similar situation you can back up your email/calendar here: https://takeout.google.com/settings/takeout/custom/gmail,cal...
- Get a lawyer and have them contact.
- Know a Googler personally.
This leaves most people in two categories: those who haven't (yet) had a catastrophic, unrecoverable data loss, and those who have. Leaving it to others, or all your eggs with just one service is an invitation to the first group. What I can say is it's almost certain something unimaginable will happen, be it a data center, service shutting down, or something getting corrupted.
I want to echo my experience of losing 16 years of email with Hotmail over at Microsoft due to the wind blowing arbitrarily in a different direction for a few months. I had my MSN messenger log in automatically to keep my account active on Hotmail, a criteria which was quietly ended. Unforgivable for me. Had some of it backed up luckily in real email clients but lost some critical emails and photos with a friend who passed away.
People who either haven't generated enough of a digital footprint and lost it are going to be in for an inevitable surprise with the online services that they take for granted as being ubiquitous. While the cloud is awesome, it is still quite in it's infancy.
+1 for gandi.net - they are great.
And is this link by Google not an easy enough of a solution for backing up your Google stuffs?
Google takeout isn't or at least wasn't comprehensive at the time. There are other lock in items. Also it takes time and effort moving it somewhere else still, isn't instantly useable etc unless you can read vCards and iCal feeds..
If I can get Email, Document Storage (Docs, Spreadsheets, PowerPoints, Calendars) I'd move to a personal in-home solution ASAP. If it could integrate with Android via F-Droid apps I'd be even happier.
When you're relying on a company you cannot circumvent in a situation like this (email@example.com as primary address), you might end up not being able to use your primary account, which might effect your business.
EDIT: I'm not going to address the problems with the DNS system itself, which is similarly flawed - you are only leasing a domain, not owning it, and the company maintaining it has the power over it. In theory, this could have been addressed with .onion IDs, but those are impossible to remember and with namecoin's .bit, bit this is not supported by enough real life DNS systems, so there is no alternative to that (yet).
> f I am unable to pay my entire bill, what can I do to maintain local dial tone?
> The Arizona Administrative Code specifically states that a telephone company may not disconnect a customer for failure to pay an unregulated portion of their bill. To maintain local service, you must pay for the regulated (landline) charges on your telephone bill while you work to resolve problems with the other portion of your bill. If you fail to pay the unregulated charges on your bill, those services may be subject to disconnection and a deposit to reestablish. (R14-2-509)
> How much notice does a telephone company have to give before disconnecting service?
> A telephone company is required to give 5 days advance written notice before disconnecting service. (R14-5-509 Section E)
In this case, Google killed people's email without any prior warning, and in retaliation for an unrelated business transaction (selling smartphones). Having your email disrupted like that is at least as bad as getting your phone cut off.
I can't imagine being locked out of my fastmail account for anything other than abuse of my fastmail account. Or not paying my bill.
(I'm on third line ticket duty right now, so if you have something significantly more complex than RTFM, or an actual bug, you'll probably be talking to me this week)
The most common cause of getting locked out other than you abusing your fastmail account is having your credentials stolen and used for spam/fraud, which is why we recommend 2 factor authentication:
But yeah, even then we don't lock you out forever - just need you to reconfirm your identity and re-secure your account.
My gmail account (josephg@) gets a tremendous amount of email for other people. Earlier this year I was getting a lot of marketing trash from a particularly excited group of car dealerships in Illinois. Around the same time youtube suspiciously started advertising new cars to me. Its all way too creepy, and reading articles like this about people's gmail accounts getting locked out I'm very happy to reinforce my digital independence from google.
Requiring three accounts now for instance would cost $150 a year minimum for the size I would have needed and unfortunately because I needed to rearrange my old grandfathered plan to re-organise accounts I'd have lost my previous plan.
Basically, Fastmail is good (very good), and you can still do admin type stuff by creating your master account first and creating your 'users' under it, but do look around if you are price conscious.
NOTE - I know you can't please everyone and that doesn't detract from the fact Fastmail was extremely stable, fast and had excellent customer support so don't take this as a 'Fastmail is bad' type post, because it isn't. Just look around and make sure you're getting the rid price/value for your needs.
Damn. I was going to move to them at the end of this year when my VM (where I currently run my mail) is up for renewal. But if I now need to buy several Standard plans instead, and get several gigabytes of storage I don't need, then that's less appealing.
Runbox looks good. Any other suggested alternatives?
Zoho is actually very good too but they (like Gmail) enforce IMAP connection limits, so it you have a lot of folders etc or use mobile clients like K9 that open a connection per folder then you can get errors very regularly.
The above is true for Zoho on the free plans anyway, but it may be different for the paid ones. But the free ones have pretty much all you could need if you don't run into the high number of IMAP connections issues.
If you have enough accounts to make it worthwhile I think Rackspace is supposed to be very good, but last I looked you needed a minimum of 5 accounts (I only had 4) so it didn't work out:
They announced this on 18 August: https://blog.fastmail.com/2016/08/18/easier-user-management-...
Same with my josephb@. It's amazing how many companies start sending personal identifiable information to a random email address without validating it.
Doctors, real estate, universities, banks and the list goes on.
What keeps me from enabling 2FA again, is that there's always some kind of "I lost my 2FA device" function which essentially allows it to be bypassed. So whoever's determined enough could find answers to secret questions or whatever to gain unauthorized access. If it were possible to disable this attack vector I'd get another Yubikey & try again- if...
...The other thing that prevents me from going this route, which is: The fact that it's impossible to implement an additional Yubikey functioning as a "clone" of the one used to secure the account. I can't say I've never lost my (physical) keys. But when I do I just grab my backup copies, make new backup copies, & all is well. No can do with a Yubikey.
Sorry for butting in uninformed.
Wish you had a dark theme, that'd be my only feedback for now (Stylish also works). Appears to be very fast, but of course, my account is 100% empty.
Also, changes propagate faster even than gmail. If you have your inbox open on 2 computers and move an email out of your inbox on one of them, you'll see it replicated in near real time on the second computer. I don't know how they do it, but it works really well.
and how we do the initial load as well:
Was very easy in the end, but must admit I had forgotten just about everything I once learned about DNS. As such it was nice to get a little refresher.
EDIT: I would probably have gone for Google Apps / G Suite if not for this article. So, yeah, hope it served Google well to freeze those accounts with no warning.
CDN for unique items like mail probably doesn't offer tons of gain for the additional complexity.
And yeah, our core dev team is in .AU, so we know all about the latency. It's really not a big deal once you sync up the first time - all the static artifacts are cached and the dynamic data is loaded in the background, often before you need it.
"Flexible tamper-proof data retention policies with unlimited archiving space" - from the pricing page.
I am considering to switch to Fastmail, seems nice!
Unlimited is a bit buzzwordy, because we do have sending and receiving rate limits, so you can't grow the archive user faster than that.
Also if you go over about 850Gb of data right now you will make me very sad because I don't have facilities for splitting users yet, and we segment users across 1Tb partitions. I'm hoping nobody hits that point before I've got sharding inside users working - but worst case I spin up new hardware with larger individual partitions and put the user there :)
> Our main servers are located at New York Internet (NYI) in New York City, USA.
PS. I hope no-one reads your post now and takes it as "challenge accepted". :-)
So I guess it's better to leave the choice to the user, with an appropriate warning text.
—Another happy Fastmail customer
A Yubikey costs less than a year's FastMail service.
So no, we're not leaving this choice to the customer sorry, SMS sucks for too many reasons to consider adding back.
I would also be afraid one day if Google sees people fleeing to them, they'd come in and buy them. I'd almost whish there was a public trust or non-profit who would run an email server. Post office is a government service (for better or for worse), email is a bit like what regular mail was 100 years ago.
I've had zero deliverability issues.
edit: to be clear, the spam detection works well, and if you're going to make an error, it's far less annoying to bias (as they do) towards a few spam showing up in your inbox rather than actual messages getting lost in spam. Also, they show the spam score, and you can hand adjust your spam threshold if you want.
That's because it's not spam. I'm pretty sure there's a blog post coming soon about the difference between spam and "email I don't want to receive". If you just don't want to hear from a particular email address, the way to stop it is to put an explicit discard rule for that address in your Rules screen.
Likely changes for next year include making a much easier UI option for "don't show me email from this address again", because that's a fairly common request for situations like this where you have a vexatious sender. I suspect it will be implemented as an addressbook group - the anti-whitelist!
The student loan confirmation is sent to spam every month. I mark it as not spam.
In their defense, the message is full of all caps words that look like a sentence formatted from a sql query with little attention paid to formatting plus it has all sorts of spam words (bank, payment confirmation, loan, etc).
Issues: they've fixed many of them -- in particular, charging for 2fa at $0.1/sms and the settings area in the web client used to feel like a bad programmer's first js project ever -- but mostly it comes down to, across almost all experiences, they're slightly to mildly inferior to gmail. Google's apps are just best of breed. Fastmail is the best non-google I've found, and I looked pretty hard a couple years ago.
Things I miss from gmail are things like: fastmail is a hybrid conversation based email with folders rather than tags. I miss tags; some folder weirdness occasionally peeks through. Fit and finish like after a message is selected, choosing add rule from message doesn't offer to filter other messages in your inbox that match the new rule. Etc.
Paying $40-ish/year to have email that isn't used for ads and that is run by a company with actual support seems like a good deal to me. Particularly if you don't have a friend inside google or the ability to hit the front page of HN to get customer service.
You can see the improvements in fastmail even over the 3 years. So that's really promising.
Never been happier. Their Webmail UI is less cluttered and more intuitive than Gmail (at least to me - but I'm not a huge webmail user anyways).
Well worth the money.
So yeah, if I have my phone, I have a 2FA option already without SMS. I normally use the Yubikey because it's super easy.
"Basically, the current regulations require companies with utility poles in the public rights of way to provide access to certified telecommunications providers and to TV/cable companies," Paul Lewis, assistant manager of telecommunications and regulatory affairs in Austin, told Ars. "Google is not a certified telecommunications provider, and it's a video service provider as opposed to a television/cable company."
If Google were to apply to the Public Utility Commission of Texas to become a qualified telecom, "It would make them subject to all of the state and federal telecommunications regulations," Lewis said.
I think it's indicative of more than just Google being unwilling to be held to the legal responsibilities; it appears that even their Fiber arm doesn't want them as well.
You can essentially get locked out of your Steam account.
That's why I also feel uneasy towards all these number-based messengers. They're targeted at users who rarely leave their countries.
(Doesn't help, though, if you lose the phone number and your mail account at the same time.)
If Google has the only copy of some of this content, I wonder if a copyright claim might have any leverage. It's one thing to give Google a license; it seems like quite another for Google to deny you access to your own copyrighted material.
In the event that becomes reality, the time would have to be taken to define what minimum level of services the web site would have to offer. Simply saying Google must keep X service available would be archaic. Would other email providers be exempt from having to maintain these rights? If your job gave you an email address, would they have to maintain it after you leave the company? These are probably contrived questions, but ones that would certainly have to be answered first.
Also there could be a distinction in the law for mass communication, e.g. #users > 1M.
And it's actually harder to switch to a secondary. With my ISP, if they cut me off I can fall back on my cell provider within minutes. I have no such failover for my Google services.
Or use backups. Don't go crying to the government when you can handle it yourself.
If Google wants to have a monopoly on all of that stuff, they need to be subject to regulation that compartmentalizes their services and what they can and can't do arbitrarily.
Missed texts and phone calls? How did you even get into the position where Google controls your telephony? Missed emails? Why are you using gmail.com? Third-party authentication? Did they not have the option to use e-mail or a username?
You can't fix every problem by band-aiding regulation on top of it. Sometimes you need to step back and wonder how you got here, and solve that instead.
Of course they do. Every strategic decision the company has made over the last two decades is to try to secure a monopoly on your data.
You make it sound like it's easy to run your own full stack of all web-connected applications. It's not. The cost is INSANELY high. So your real choice is whether to use one company, or dozens of individual companies for every individual service. The latter protects you against the risk of something like this happening. But it comes at a day-to-day expense which will far outweigh the prevented risk for 99.9% of people.
I wonder if any G Suite customers had their accounts closed.
Absolutely not! That way you are slowly making people to lose any bits of the common sense they might still have. Perhaps losing data once or twice will make people look for alternatives.
Throwing in another regulation will just increase barrier of entry for companies offering emails and who knows what else some dumb politicians could come up with, maybe this will open the gate to even not being able to self host an email server.
I work in Spam & Abuse and it's possible that this is the result of some clustering algorithm that was trying to take down sharders / phone buying rings. It's very possible that the SWEs responsible didn't consider this possibility (that legitimate customers would be used to shard purchases) and I'm pretty sure if the affected customers appeal they'll be reinstated, maybe with a warning. I certainly wouldn't characterize this as intentionally punishing the individuals who purchased phones on Google's part -- notice that only users who directly sent their phones to the reseller's address were taken down. Smells like automation to me.
It really is unfortunate that FPs (or "mostly-FP"s) in Google's systems impact people so badly. FWIW for most Google services if you abuse them you usually get a service level suspension rather than your entire account suspended, probably for this exact reason.
"Very possible"? More like "guaranteed". Everybody who pays the slightest bit of attention knows Google has a gigantic blind spot when it comes to thinking through the consequences of algorithms and automation. And there's no sign that the company is interested in fixing that, ever.
All jokes aside, for those who remember, it's pretty amazing what Microsoft got punished for (bundling a browser with the OS, with no other restrictions) compared to what Apple and Google get away with.
EDIT: One more thing that everyone seems to confuse is that antitrust cases should protect CONSUMER rights not PRODUCER rights. A case can be made that Google and Apple are hurting other companies by offering free services with their products but they ARE NOT HURTING CONSUMERS.
And Producer rights are affecting Consumer rights.
Without a free market, we're all worse off — the only justified monopoly is a governmental one.
All of them were started before Google even started competing with them.
Show me a company started after Google had already established a presence in a market that’s either competing with Google (and having a positive prediction) or that has thrown Google out of the market at all.
Yes, it does, that’s the entire point.
Will we still see as much innovation in 10, 20 years? For that, this part is very important.
> The simple fact of bundling is not a problem when there are choices.
Google forbids OEMs from selling custom Android forks. That’s not choice.
As said, both the EU and US consider this anticompetitive, and are investigating it. If you believe you – which apparantly are unable to use correct orthography – are more knowledged than the top lawyers of the two largest economies, then, sure, go on.
Even Google has admitted they are doing anticompetitive bundling, their defense is that it’s required to fund Android at all. That alone should say everything.
Or even just delivers parts for such a device, as was threatened with SAMSUNG and Amazon.
We tend to forget that even natural monopolies can be broken by new technology and innovation. And even big companies can be beaten by smaller ones. Microsoft tried to beat Google at search while Google was smaller and much less powerful than it is today. They couldn't, because big companies have a priority to protect their cash cows and don't necessarily have the talent or the focus required to tackle new markets (i.e. the innovator's dilemma). Google tried to beat Facebook at social. They also failed by being too conservative, while at the same time fucking their users. Can you spot a pattern?
But hammering them for bundling a browser was just plain stupid. If they didn't bundle a browser, how would people download a competing browser? You'd have had to get hold of a browser on CD somewhere and install it manually just to use the internet. How would that have been an improvement for consumers? It was a misconceived, user-hostile decision.
"Sue, how do I get that browser thingie?"
"Erm, Jane wrote it down for me... here's the Post-It"
We survived OK.
I'm not aware of any popular OS that doesn't have ftp support on the main UI (except Android, which doesn't have a file management app anyways; not sure about iOS). Nautilus has ftp support. So does thunar, dolphin, konq, etc. You can type ftp addresses into the address bar in osx, iirc.
- Didn't want to open a browser one day but wanted to download the latest version of FF. Thought I'd try FTP. Ultimately gave up on trying to find the right path and Googled it.
Another time (later), I vaguely recall being at a kiosk with IE disabled in various boring ways, and I tried to see if I could download FF (just to see if it was possible) after successfully managing to open the FTP site. I might be misremembering, but I think the only reason I was able to locate the dir properly was because I'd previously made a careful mental note where it was. (It downloaded, but executables were disabled. Those sysadmins did a good job.)
> I can't do that, the hospital is within 50 miles of a school and you're banned from being within 50 miles of a school, because you commented "she's very pretty" to a picture of your 5-year-old niece and we've decided you're a paedophile.
Also, I must frankly admit my great curiosity at the fact that your last comment was posted 3.61 years ago. Alt account? Deleted comments?
It might be a very very good idea to lobby to get company policy instated that says "if the system thinks a user has gone rogue/bad, their account gets locked and all, but the data gets kept around until the user says to kill it, or for 6 months."
At the end of the day though, algorithms fail, and IMO this is a practical edge-case policy glitch in the business architecture that should have been countered for.
Or does "user account gone rogue" have to be interpreted as "delete me" for crazy obscure Reasons™?
If a user's data needs to be deleted for whatever reason, simply discard the user's corresponding encryption keys. That way you can effectively wipe the user's archive without needing to touch the tapes themselves.
(Whether German data protection law applies in Google's datacenters is a wholy different story though.)
Otherwise, any kind of backups would be unlawful for a company.
I think this may have changed since that talk. I think Google still doesn't technically guarantee full deletion (who knows if someone's GC process messed up or has a bug) but in practice it happens, at least AFAIK. It is expensive. And it does take time, I wouldn't expect all my stuff to be purged until at least 180 days (the 90 days they are supposed to delete after + ~90d for the delete to fully propogate).
It also drives every engineer nuts when they're asked is your service wipeout compliant and they realize omg I can't store this data longer than x days?! shit shit shit
European Privacy Shield compliance is yet another bag of legal worms every service has to deal with. More deleting, encryption at rest, etc.
Your data may still live out on some server - but it is effectively unrecoverable.
- Automation is going to be the end of your job. Not because your job will be replaced by an algorithm, but because overuse of algorithms is leading to the collapse of trust people place in Google. Major actions like the banning of someone's Google account should never be done by algorithms. If you can't afford the humans, you shouldn't be in the business of holding people's valuable data.
- The support and appeals process must be human. Ever tried Microsoft's Answer Desk? Talking to humans isn't difficult even with one of your largest scale competitors, even for free tier products. Humans want to talk to humans, and Google's customer base consists of humans. FastMail ticket support? Incredible. It feels like Google isn't even trying to treat customers well in comparison.
- Google shafted 200 of their customers, and from the looks of it, this thread has another 200 ready to leave. The Guardian just picked up the story, so expect this effect to continue. One bad behavior by automation can cost you multiples of damage, especially if someone writes a blog post about the incident.
Google can definitely afford the humans, especially with that princely sum they have stashed in offshore accounts.
Human decency dictates that, at the very least, someone be warned that their account is now headed for non-negotiable suspension and be given 30 days to clear out their stuff and move on.
I couldn't care less what algorithm decided what. At some point a person coded-in the rules and, for some incomprehensible reason, this person or people decided it would be perfectly fine to take the path of most damage to consumers.
Your company, Facebook, Amazon and others deserve to get hit with a massive class action lawsuit that results in equally massive financial penalties and requires corrective actions. Maybe then you'll learn how to behave like human beings.
I'm still puzzled that they take such a drastic measure automatically, without having one human checking whether the account is actually a real person's account.
I really want to see what comes out of this, if everyone gets his account reinstated and how long they had it suspended.
I had some sloppy ndk computer vision running there, maybe it triggered something? I have no idea really. It's not like you can appeal anywhere. I was very busy with other things and let it slide at the time. I got away with a very cheap lesson I guess
Naming storms like this is about rare they are. A "10 year storm" or "100 year storm" only happen once in that period. So they refer to a 10% or 1% chance that an X-year storm that would happen in any given year.
Is this cock-up is so bad that you don't expect a Google company to make a similar or more severe cock-up for DECADES? Then it's not a perfect storm. This was a common storm. In fact, I'm very doubtful it was as a "storm" inside of google at all. This is just another "whoopsie" bug fix, isn't it?
This right here is why people get the impression google thinks it's farts don't stink. Not only that you act as if this is a "perfect storm" but the arrogance it takes to design a system where just because an engineer didn't consider a use case, you're perfectly happy to assume it must be abuse.
Yes, this case will probably be fixed, but would it have been if it didn't pop up on the right back channels to get Googlers attention?
The goal of the project is to support OSS that can replace "free" services that subsist on our data. Interestingly enough the maiden project is tentatively called Tmail (short for torrent mail).
It works somewhat like TOR in that it will depend on volunteers to host nodes that will communicate with existing email providers (outlook, gmail, yahoo, etc) and relay the mail over 80 to RPis preloaded with MDA (mail delivery agent) software.
The goal is be able to expand the service to allow people to sign up for email accounts without running their own software (a la gmail).
It gets way deeper than that, but I'll leave it there. You can follow the project at https://github.com/freedatafound/. I've also bought http://freedatafoundation.org but there's currently nothing there.
Rule One: If you only have one copy, you have no copies. It is an act of faith to assume that a Youtube video or a file in Google Drive will remain available, just as it's an act of faith to assume that a hard drive will never fail. Anything from a hacker to a natural disaster could destroy your data. The "cloud" is made of servers, not magic.
If you follow these two rules, you have nothing to fear. Google could suspend my account tomorrow and it would be nothing more than an inconvenience. I change a couple of DNS records, restore some data from nearline and I'm back in business like nothing happened.
Same goes for YouTube videos. Content creators typically maintain copies of their work, but casual youtubers don't.
We can certainly do more as developers to make things easier, but I think we have a tendency to pander to an imaginary "AOL granny". We often present oversimplified advice, because we expect too little of users. To pick a random example, I think we're too eager to say "use Dropbox" rather than "use Dropbox, but buy yourself a NAS too because X, Y and Z".
I think that there's a substantial latent desire among ordinary users to have more control over their technological lives. People are increasingly worried about the power of big tech companies, but they don't know what to do. We aren't doing a good enough job of informing users; those big companies have an obvious incentive to keep users uninformed. We're not communicating the risks and benefits well enough, we're not providing clear explanations of the alternatives to the Big Five.
In the process of writing this comment, I've had several startup ideas. I hope that the people reading this are having ideas of their own. I think that there are substantial opportunities to start returning control to users.
From the risk of domain name takeover, to hosting provider takeover, to modern spam requirements (ip reputation, dkim, spf, dmarc), to just plain sysadmin ability and ideally run an HA system.
Agree that there are probably some startup opportunities, but the the reality is that you'll just be transferring the user's trust from AmaGooFaceSoft to you. You might be more trustworthy... or you might go out of business.
EDIT: To be fair, I'm probably missing a whole bunch of creative solutions that give the user control without requiring them to run a service.
We can make big steps towards trustworthiness and control in SaaS, it's just often orthogonal to profitability. Lock-in is the obvious example. Lots of vendors expend huge efforts to simplify data ingress, but create arbitrary obstacles to data egress. We worry about SaaS providers going bust because we're inured to the idea that getting your data back is really difficult. The interests of the user do not align with the interests of the vendor. Predatory practices are so normal that we've half-forgotten that they're predatory.
Many ISPs give out a domain name and email service for free with internet contracts — you can set it to redirect to gmail until you need it, then just switch it over.
Tada, problem solved.
My current ISP, for example, is actually a local company providing datacenter colocation and consulting services to the state’s government and local and national companies, but they also run a small ISP as side business.
Which means their small ISP business is something they wouldn't mind so much getting rid of, along with your account.
The point is, you'll always depend on someone else. Your data will always flow through someone else's network. The cloud is someone's computer, and the internet is someone's cable.
If your email address is "firstname.lastname@example.org", you're stuck with Google. If they suspend your account, you're in big trouble. If your email address is "email@example.com", you're a free agent. You can use Gmail or Fastmail or some random hosting company or a mailserver on a Raspberry Pi. You can use DNS or forwarding to send your mail wherever you like, you can transfer your domain name to any registrar you like. Rule zero.
If all your files are in Google Drive or Dropbox and nowhere else, suspension of your account could mean total data loss. If you have a local backup on a NAS or a mirror on Glacier or Backblaze, you're just mildly inconvenienced. Rule two.
Eliminate single points of failure wherever possible. Avoid vendor lock-in. Don't rely on a service unless you have a contingency plan if that service fails. Treat everything as if it were hopelessly unreliable.
Technology is already there, just need an easy way to order a domain and a server configured to use that domain. You control 100% of the data.
Well, yes. If I own a domain name, I can point that domain at any resource I choose. I might be technically "renting" the name from a registry via a registrar, but for all practical purposes I'm in control of it.
You do not own your domain name. It's better than using google.com, but your domain name can be stolen or seized just as well.
It goes without saying that this is only a small part of a bigger picture; using your own domain name is a good idea, but not a perfect solution.
I just don't trust DNS, domain registrars and all the things I would need to secure to have a custom domain e-mail.
I have everything in google: Drive, email, voice, docs, sheets, etc. I was actually about to sign up for Fi. The convenience of everything in one place is great. But I don't think I had quite thought through a disaster like this.
With this article in mind, need to reevaluate. I guess either regular local backups and/or diversification of service providers would be a good step.
2. For files, use a cloud solution and have 2-3 computers updating their local copy (home PC, work PC, phone, small Pi box acting as server). I have a Digital Ocean box running ownCloud, soon to change to nextCloud. Put your code or next essay on Git.
3. Don't trust any service provider, especially if they're not dependent on explicit income. You can still have everything in one place, but that place is many places at the same time.
4. Don't store what you don't need to. Complication and confusion also comes from hording. Don't need it? Delete it, and be assured it is completely deleted.
Get a domain directly through a NIC that offers that directly.
GoDaddy is probably the worst choice someone could make. 2FA is mandatory for email and domains.
Even if for some reason I lost my FastMail (pretty unlikely), I'd just repoint my domain to a new mail service, and I could easily recover all my other accounts. And of course, my email archive is backed up locally, so there's no risk of losing that.
Even this may not be sufficient. I had a domain name registered through my ISP (UKFSN). At some point I had a disagreement about payment with my ISP, who refused to discuss it. Instead of replying to my messages, they disabled all my domain records and my emails started bouncing. I think this was illegal (and eventually I forced an apology and compensation out of them - long story). Anyway, I would recommend only having a domain name registered through a dedicated registrar who you are not using for any other services.
Why the switch? A quick look at both hasn't resulted in a clear winner in my mind.
The problem is, they're so damn convenient.
And this is the crux of the problem. "Oh, that'll never happen to me" until it does. I've been asked several times, "why do you go to the trouble of [hosting your own e-mail | not having the same mobile # on SMS as on Hangouts | using ownCloud instead of Google Drive | and other greatest hits]". Stories like this are why. They're not at all uncommon, they're a disaster for the people affected, and they're clearly not a wake up call for Google to get any better about their free-to-the-end-user services, so I've no motivation to change my practices.
Sooooo many accounts to switch over though, probably will take a few days...
Owncloud / nextcloud provide automatic syncing of photos if need be. I sync up all my important documents but as of now I don't see the point of backing up my emails. The last missing piece is syncing my contacts which is also possible in my current setup.
With that said, I am still going to use Google services because of their convenience. I just like knowing that the data I care about is safe.
The original article is about how this is absolutely false in the case discussed.