Hacker News new | comments | show | ask | jobs | submit login
Don’t Mess with The Google (dansdeals.com)
1070 points by mendelk 390 days ago | hide | past | web | favorite | 496 comments



First post, might as well be a cautionary tale. My father, a pretty old programmer by anyone's standards, regularly warns me of this sort of thing. He was pretty much shafted by CompuServe many years ago on a miniscule scale compared to what is possible now. He lives his life in what I previously described as a paranoid bubble of data control.

Until I inevitably burned myself with Google. I have no idea what happened but my account was terminated suddenly. No warning and no explanation as my backup address was no longer valid. This was two years ago. I lost documents, account details, contacts, calendars, email history, conversations between people on hangouts plus my phone decided to ask me to sign in again and became as useless as a dumbphone instantly.

Took about a month to reorganise my life and I lost contact with people, failed to complete tasks because my record was gone, lost control over my personal finances which were in Google sheets. Probably burned a week of my life on this as well.

Now using a cheap Nokia 106, POP3 box with gandi.net, mozilla Firefox and lightning, encrypted USB sticks for backup and LibreOffice. Never been happier.

I am genuinely afraid of going through this again. Everything remains portable between OS and provider now. Things are more volatile than we realise. I understand my father now.

I'm not against using all in services like Google but you need backups, an exit plan and a DR strategy explaining where all the services will go plus the time to carry it out. If you don't have these or it's too expensive to do this even for a personal user, don't even cross the starting line with the product.

Edit: Also beware of potential mergers, political whim and products being redacted or broken for long periods of time. All of these have affected me over the years.


The way Google made us used to transform an email box as a storage and backup place is terrifying. Sending 2Mo attachments become a norm[1] and lots of people consider having their life stored there.

It just seem not sustainable. If you would do this with paper in the past, your place would just be full of junk. Our cloud life is an horrific stack of garbage. We just don't need most of the things we store, keeping everything as proof of evidences for a potential event that will surely never happen, as if we were all super important targets of an improbable crime scene.

I hate this ideology. Thinking about getting out of it is perfectly sane.

[1] Yes I know storage is cheap, but then forget about ecology and climate change control, I have no proof of this but can't believe that all the Google servers of the world don't have an impact, even if it seems quite clean


> transform an email box as a storage and backup place ... and lots of people consider having their life stored there.

That might be viable if Google had kept its promise about users never having to delete their emails. As it is, the total capacity (shared with Gdrive) is 15GB, which wouldn't be much of a life.

I was one of the first Gmail users outside Google and got to 14.99GB some time ago, just with email. And I delete loads of it.

But I don't worry too much about losing Gmail. First, all incoming email is forwarded to an Outlook.com mailbox (which never complains about lack of space). Second, I use my own domain name. As long as I never forget to renew that, I should be OK....


> keeping everything as proof of evidences for a potential event that will surely never happen, as if we were all super important targets of an improbable crime scene.

Great point, and I see a chilling effect in your file storages being used to determine your "character" should you be involved in a lawsuit of some kind.

As an innocuous example, perhaps due to my being a millennial, I save thousands of memes on my phone that I find funny and share them with friends on a daily basis.

I would be shocked to hear if myself, or someone I'm friends with, was deemed a "horrible person" by the courts because some Shutterstock images with overlaid text have some dark humor attached.


> [1] Yes I know storage is cheap, but then forget about ecology and climate change control, I have no proof of this but can't believe that all the Google servers of the world don't have an impact, even if it seems quite clean

This is ridiculous reasoning. The best (though imperfect) proxy for the climate impact of a given service is how much it costs. If Google is giving away the service for free, it can't be costing them a lot of energy to run (or alternatively it's producing a lot of value for them).


Also don't forget that We proxy pay google service with Ads. If you are paying something for free doesn't mean that there is no hidden costs.

Also, I am not sure to about drawing a correlation between cost and climate impact.


I don't have a good answer here, but I believe it may be instructive to consider externalities (https://en.wikipedia.org/wiki/Externality). For instance, think carefully about how they may apply here.


Good points there.

I tend to delete lots of things people might keep. I keep my inbox empty as well. Life is easier that way rather than deferring all the storage decisions later.


I'll repeat what I said in my prior comment on this thread: We need a massive class action lawsuit against these companies ASAP.

Google should not be allowed to cut someone off from all products without, at the very least, a reasonable period of time during which data is available in useful export formats, email still functions 100% so one can transition important accounts that use it, etc.

Consumers are getting hurt in a big way by these giants and nobody is doing a thing about it.


While I don't disagree, and I'm not sure if this applies specifically to Google in this case, but as a general trend oftentimes users sign their class action rights away in the EULA by way of an arbitration clause.[0] This, in and of itself, is also IMO a huge abuse of power. But it's perfectly legal and only serves to further entrench the power of the monopolists.

[0] https://en.wikipedia.org/wiki/Arbitration_clause


Agree and disagree.

Nobody reads these things. Ergo, nobody agrees to them.

Let's get it in front of a Jury. What do you want to bet that not one person in the Jury has ever read these incredibly one-sided, purposely obscure, usually incredibly long and complex agreements? Nobody. Not the Judge nor the Jury.

Not to get political, this is precisely one of those things that earned Democrats a defeat. Demeaning and diminishing others eventually has consequences. Being completely insensitive to the needs and plight of average folks. To hide behind EULAs crafted by the powerful, for the powerful and damn you little insignificant people is disgusting. To think so little about people and users that it is deemed OK to upend their lives instantly by a mindless, heartless algorithm.

This is the behavior of a mean vindictive totalitarian dictator, not of a business that purports to be guided by Democratic ideals and concepts such as "first do no evil". The hypocrisy is deep and wide.

Nah, a Jury would destroy them.


Getting in front a jury means surviving summary judgment. A good contract is designed to allow any disputes be resolved at the summary judgment stage.

It's been a while since I've looked at the enforceability of clickwrap class-action waivers, but it's either enforceable or not as a matter of law. No factual issues in dispute = no jury required.


I could very easily argue they are fraudulent. The technology has existed for years to ensure that people agree to such important matters as giving up all your rights. Of course they don't want to put that in front of people because they'd have massive push-back. Imagine an interactive EULA being presented to a user clause-by-clause with clear large print and a clause-by-clause agreement button.

I'd be surprised if these things could survive a well mounted legal challenge purely based on common sense. The intention of these companies is to take it all from the user and have exactly zero responsibility and exposure. Way too one-sided for companies that affect hundreds of millions of people, particularly if they claim not to do evil.

If public shaming won't do it maybe government intervention will.


This clause will be null and void in most EU jurisdictions. So maybe from this side of the pond?


https://github.com/gaubert/gmvault - backs up your gmail account to a local db, and lets you restore it to another account.


I'm a huge fan of GmVault. I backup all my email accounts with it to a home server that syncs my mailboxes over to Dropbox as well. Pretty painless to setup and very reassuring to know my mail is safe.


I have used GmVault before, but since now there's Google Takeout, doesn't that do everything GmVault does and more?


I can't speak to that. I've not looked at the output of Google Takeout. Also GmVault (for me at least) is 100% automated so I will at very worst lose 6hrs of email. Google Takeout is a manual process AFAIK.


Going on a tangent, there should probably be a set of universal backup formats that can be advertised as being somewhat portable. So that, if you need to can take your mail and other online business stuff elsewhere if need be. Beyond this article a user might start working for some place that does not allow external app use, but they can bring their data with, to be loaded onto the service. I guess like github and git. but with mail and calendar stuff.

my 2c.


We do have those formats. Mbox for mail, iCalendar for calendars, vCard for contacts. They're all IETF standards.

Google provide data export from nearly all of their services in standard formats. Where no established open standard exists, they provide clean HTML or JSON.

https://takeout.google.com/settings/takeout


I wouldn't actually call Mbox a standard. Thunderbird supports it, but I'd argue it sucks as a way to escape Gmail, because no competitor to Gmail supports it as an import method. In fact, even Gmail itself can't import from Mbox. It may be a standard in that it's defined somewhere officially, but it's not really a standard in the definition that it's commonly used.

As someone who has nearly completed their GExit, I'd say I found Takeout to be borderline useless as an export strategy.


On the one hand, there are many mbox variations and you may encounter some difficulty in getting your emails out of the Takeout mbox file.

On the other hand, please understand that there is no better option. Said differently: Google Takeout has made the BEST choice here. I giggled with delight when I saw they chose mbox.

https://en.wikipedia.org/wiki/Mbox

    [...] 1975 [...]


Couldn’t you import the Mbox archive in Thunderbird/Claws-Mail/something and then copy the mails to whatever cloud provider you wish to use?


And it's pretty easy. I have a few accounts on Thunderbird and I can drag and drop e-mail directly from one account to another, I think they are .eml files. You can also have local accounts just for storage.


There are several tools available to convert from Mbox to proprietary mailbox formats.


Is there any good way to automate this monthly


There are several commercial solutions for G Suite backups including SpinBackup and Backupify.

https://spinbackup.com/products/google-apps-backup/ http://www.datto.com/backupify/google-apps-backup


For Email with IMAP, you have the wonderful offlineimap tool[0], I have been using it for years, you can easily perform a maildir format[1] backups of all your email accounts.

[0]: http://www.offlineimap.org/

[1]: https://en.wikipedia.org/wiki/Maildir


I have been taking a Thunderbird local dump of all my Google mail for years as a backup (Thunderbird's mbox format is readable everywhere) so I can clear my Google account regularly, yet have a backup.

No idea what I'll do when Thunderbird eventually goes away - what is the replacement with identical functionality on macOS? I only want to grab mail and append to my existing mbox files.


Hopefully it won't go away. It's transitioning to an independent support setup.

You can donate to the project, I just did so today in fact:

https://wiki.mozilla.org/Thunderbird/Donate


Thanks for the info.


Not sure if Postbox on the Mac will meet your needs or not but it's based on Thunderbird and done by a company founded by Thunderbird's lead engineer. It's a paid product, but well worth it...I use it as my main email app.

https://www.postbox-inc.com


Thanks for the link, I will take a look. Do you happen to know what its mailbox format is underneath? That's the main crux issue for me. It would have to be a format I could migrate easily like mbox.

eg. my Outlook PSTs and OSTs are useless to me as I have nothing that will open them.


offlineimap is pretty good. You can use the (very!) standard Maildir format, and eventually re-upload your emails elsewhere if you move.


Agree - Maildir is a pretty good format, because it's just RFC822 (5322 these days, but who's counting) files with weird filenames. mbox format isn't too bad either.

Calendar data you can mainly download as .ics files. Addressbook data is somewhat trickier, a directory full of VCARDs is probably the gold standard.


mbox format is horrible, because if the irreversible "From" quoting it requires. And as an "editable" format (e.g. If you want to delete an email in the middle of it), it is perhaps the least robust possible.

Maildir is ok. Mbox couldn't be retired early enough.


Yep, .vcf is pretty nice, also stores the contact image inside.


Legally, you're at the mercy of the provider to supply these. Most third-party applications that would provide effective backup solutions could be construed as illegal under the CFAA, as long as the ToS includes boilerplate forbidding automated or proxy access (and almost all do). Even without such a ToS, courts can and have held that merely visiting a page can constitute a copyright infringement based on the momentary copy stored in RAM being unauthorized, and specific notification that the company no longer wants you contacting their servers would also cause any future access to violate the CFAA, more or less regardless of the text of the ToS.

There was a company called Power Ventures. They made it easy to export your Facebook data. They never stored anything the user didn't have a copyright interest in (that is, they only stored the user's own data, like their profile pictures and status updates). Nevertheless, Facebook took them to court and shut them down. The company had trouble retaining a lawyer after the shutdown (and companies must be represented by a member of the bar -- pro se is not allowed) and ultimately, the founder was held personally liable for $3 million in damages.

That's what happens if you look like even a remote threat to a major technology incumbent.

We need to fix our tech access laws.


With e-mail, as long as you have IMAP support you can relatively easily download all your mails and upload them to another server. Just takes a while if you aren't good at cleaning out old stuff. There even are companies offering that as a service if you don't have a fast internet connection, only a mobile device or ...


Or you can use imapsync; make sure you get the latest version from github as the version that ships with most Linux distros is really old. As it is written in Perl you can run it on Linux, Mac, and Windows. It handles one way sync in either direction and two-way sync. It copies all the flags and whether emails are marked read etc.


Blatant violation of the First Sale doctrine. Class action lawsuit incoming in 3..2..


I think the legal theory behind this would be that you have agreed that Google can terminate your account for any reason.

Furthermore, they're not preventing you from reselling your phone at all - just deleting your account. Not "deleting your account if you do resell it" just deleting your account. First sale simply means they can't sue or get you arrested. They can do anything else with you, and refusing to do any further business with you certainly falls within that scope.

Without additional laws there's nothing to do here.

TLDR: never use your main Google, or Facebook, account for anything, not even buying a Google made phone, or buying Facebook ads for your own company, just never ever do that, so that at the very least, the pain is spread. They are businesses, and you do not want to give them a trivial way to retaliate or use this in a negotiation.


>never use your main Google, or Facebook, account for anything, not even buying a Google made phone, or buying Facebook ads for your own company, just never ever do that, so that at the very least, the pain is spread.

Be easy :) . I have 6 facebook accs for 5 of which I forgot passwords, 4 google accs out of which 3 got permalocked because sms confirmations simply never go through to half of Russian numbers, and I think 5 Paypal accounts all of which got blocked because "hey, you are the guy whom we blocked last year! you dared to register again? unforgivable!"

Yes, don't keep things online, you will be better off


>I think the legal theory behind this would be that you have agreed that Google can terminate your account for any reason. //

Just because they claim it doesn't mean it's legal nor moral.

We, as you intimate, probably need legislation to protect the data of users, requiring companies to take due care of it and requiring they provide access to users leaving a service, etc..

Moreover I think work needs to be done on enabling products, including software, when a seller/manufacturer withdraws support. Phones could be required to have systems that enable interoperability across service providers. Games could be required to publish servers and/or protocols allowing them to be used when companies EOL them.


Agree entirely. I considered forming a startup that did this after the fact.


Emain inbox portability would be amazing!


There's really nothing preventing you from jumping providers.

It's just that you have to be prepared before shit like this goes down.


Yup, this is what i'm trying to avoid by backing up my life. The data storage mechanism is my hardest point.. I like Camlistore, but really i'd love something that is accessible from anywhere.

Eg, a distributed access system like IPFS, but for personal use only (closed network, as best possible) would be ideal. Including distributed though, it needs versioning like Camlistore.

Ultimately i'll just go with Camlistore and likely build tools around the access UX. It's the best i've found, without rewriting it myself (too much work for too little gain atm, imo)


I really like the idea of Camlistore. But I really want something my family could actually handle if the worst came to the worst and that just happens to be bitlocker encrypted NTFS. Plug the stick in, plonk in a password and you have all my things.


What would prevent Camlistore from the same model? I guess if you're gone, the server might not be running properly, and they wouldn't know how to start it and etc. Ya?

That's fair. I wonder if it would be worth it to write some type of camlistore extraction tool. Eg, plug in a USB, autoruns a script which mounts a blob store as a fuse FS.

Hell, the blob store could be packed with the USB.. a sort of way to backup Camlistore that your family can always access. I actually like that idea. Fuse may not be a good access model (it's tied to unix of course), but maybe just a couple binaries that will auto run and display the stored camlistore blobstore.

Sounds like a nifty project and nifty way to backup camlistore for family/non-tech oriented. No servers needed, no understanding of the tech you use. As fool-proof as you can make it.

Thoughts on this related to your model?


Some interesting ideas but I've got to ask:

What if the ABI breaks, the CPU architecture changes or the project gives up at some point in the future?

Ergo, I prefer to leave just the data. The data is hard enough on its own: http://www.bbc.co.uk/news/technology-13367398


I mean, the data is still there, fwiw. I'm not sure how generic bitlocker is, but i imagine i have to have a tool specifically tailored to decrypt the bitlocker data.

With Camlistore it's one level extracted. You'd need a tool to decrypt and scoop up all the chunks for a given file - but you could write that in Bash. The Camlistores blob store doesn't do anything fancy (that i recall! i could be wrong), it's just a bunch of json documents with the file contents in them.

Though, Googling it now, it looks like BitLocker comes with Windows, so i can see why you like that. Your family doesn't need any tool, it's built into Windows. Not sure how that works with OSX though.

> What if the ABI breaks, the CPU architecture changes

Totally valid - but i could throw what ifs all day long. What if your family isn't on Windows? Here[1] is what i got for OSX (no idea if it's accurate).

Though this does raise a good point - while a binary is nice for dependency free solutions, having non-bin solutions might be nice too. Eg, a Pyhton solution included is likely to work on all operating systems. The user has to of course install Python, which is bad. A platform specific solution (bash or dos) might be handy too.

Binarys only would indeed be potentially bad, you are correct, thank you!

> or the project gives up at some point in the future?

Well in my proposal, the project is irrelevant. The exporter is already made. As long as the user can run one of the compiled binaries they could access/export it fully (in the concept, of course)

[1]: http://apple.stackexchange.com/questions/239714/open-bitlock...


Bitlocker is quite specific but tailored to where everything already is. None of my children or my wife are OSX fans. I can't find a better cross platform solution if I'm honest - if there was one I'd be there. TrueCrypt was used before I used bitlocker and we know where that ended. Bitlocker works on OSX pretty well with this: http://www.m3datarecovery.com/mac-bitlocker/

Will mull over your ideas; there are definitely things to be gained and there's always tradeoffs that need to be considered.


To be clear, i don't think my ideas are better - this is merely a discussion.

I do like Camlistore's approach to generic data storage though - ie, there is no organizing files/etc. Of course you can always go back and add metadata, but i treat it like a database dump - which is quite nice.

I think what i need is to find the simplest solution to export/expose the data within camlistore. Then i can encrypt like you are, and be sure that family can get data back out. Hmm, much to think on.

Appreciate the discussion :)


VeraCrypt and CipherShed picked up where TrueCrypt left off.


That is why I stick to OSS like Linux, Thunderbird, nextcloud, etc. as much as possible. I got locked into a closed source platform once and it was a pain to get out of it. I will never let it happen again.


Self storage is fine but does it guaranty long term documents safety?

I am very sceptical about my ability of maintaining it on the long term.


This is usually a difficult problem. Then I divided everything I have data-wise into two buckets: stuff I can't afford to lose, stuff I can. It's now simple. Also I mandate that 'everything is a file'.

Turns out the former is only around 22Gb of mainly code, documents, videos and photos. The latter is 250Gb of music, films etc.

The latter goes on a NAS with a mirror on the laptop.

The important stuff lives on the laptop protected by bitlocker, an encrypted USB stick protected by bitlocker that is on me 24/7, the NAS and another offline unencrypted USB stick that I drop off at my parents' and cycle every six months. All disks are replaced every three years. All USB sticks once a year.

All file transfers are done with Beyond Compare by hand and verified after.


> It's now simple.

~> A handful of manual steps you need to remember to do.

The only offsite you have is at your parents, and is only "uploaded" every 6 months.

Isn't it just better and easier (at least long term) to just use duplicity (or equivalent) and sync your NAS to any backend (Drive/Onedrive/Dropbox/Hubic/etc)? And then just use your NAS as your "true" storage? Then it'll just run until your configuration changes (NAS switch, service discontinued, etc) at which point you reconfigure it once.


Yes that 6 months window I decided is ok for me. It might not be for you. If my house burns down, my car burns down and I end up in hospital, losing 6 months of data potentially isn't a major issue.

If you make it a conscious scheduled process you know it's working.

I'm a relative expert with duplicity (I run a whole pile of stuff in AWS that uses the S3 back end for backups) and it's not a solution I really entirely trust. First you incur the wrath of configuration i.e. the initial ramp up to get it working, then there's the monitoring overhead which isn't trivial as it isn't the quietest bit of software known to man, and finally we have the complexity perspective which introduces a lot more code, network transport etc.

Plus it is horribly buggy, particularly with incrementals, metadata and corruption. The same is true with Google Drive, OneDrive, Dropbox which I have used.

Edit: comedic timing perhaps, but since I wrote this post I've just got a duplicity failure to deal with...


This is why I went with CrashPlan. Backing stuff up to a friend's computer? Free and only limited by their storage.

or.. put a box at your friends house with as much storage as you want. Back when I had FIOS (and it was fast & reliable) this is what I did. Put a NUC with a friend, had an external drive, we were each others offsite backup location. Quite handy.


Every six months is a very painful potential loss window. There are great sync tools that can work point-to-point over the Internet. The cost of having a NAS at home and a NAS at your parents, and then syncing between them is totally worth it.


crashplan has a client that handles this, it's free for this sort of usage, you only pay if you use their cloud service.


Are you seriously less trusting of your own ability to drop a bunch of documents onto a USB drive every week or few than you are of a company which explicitly tells you they can shut off your access with no warning and no recourse for any reason?


...yes?

Because the likelyhood of Google banning your access is way lower than * Data corruption * House fires * Human error (Cleanup, house moves, random acts of brain farts, and suddenly you can't find your USB stick)

Google's data is presumably replicated across multiple AZs, and they have more automation invested in data integrity.


This is, I believe, the correct analysis.

I am personally/professionally qualified to keep my data extremely safe and distributed. It's one of the things I do at work, at scale. But it's not easy. It is, after all, work. I don't have to worry about that using Google and other online services.

And, in order to mitigate against the extremely unlikely event of Google going haywire and perma-deactiviating my account, I run takeouts twice a month. These large data dumps don't need to be heavily redundant, since it's exceedingly unlikely I'll need them at all.

Granted, going from a takeout backup back to 80% functionality would be a ton of work, but I'd lose very little, and I could indeed become functional again in relatively short order.

I wonder if people who decide to ditch most things Google/cloud for no other reason than concern about the risk of said cloud providers terminating their access have truly considered the risk/reward. Bad news, like specific cases of 'unjust/surprising' account termination percolates up to wide visibility quickly and easily, and stays with the people who read such things a long time. The hundreds of millions of accounts that have no such problems escape our attention.

I don't know the odds of my Google account getting terminated, but I'm pretty certain that it's in the same magnitude as the number of people winning the lottery per year.

Having said that, there are a lot of other good reasons to think about ditching cloud providers.


I have a home server, which is then mirrored to a rented server. Anything critical and entirely irreplaceable goes onto blu-ray disks, because I can't accidentally delete those; though those are kept at home as well, which is not ideal.

So: 2 backups, from which one is off-site and archives, just in case - this should keep you going for a while with self storage.


>Anything critical and entirely irreplaceable goes onto blu-ray disks, because I can't accidentally delete those

There's bit-rot though: https://en.wikipedia.org/wiki/Data_degradation#Decay_of_stor...


I'm aware of that too well; blu-ray, however, is slightly better than the predecessors: even the current, non-archival grade single layer Panasonics should - according to some accelerated tests - last 5-10 years. Now, looking at the current ideas from Sony[1], within 8-10 years every data I ever had will need 1 disk, so I'm not worried.

[1]: http://www.computerworld.com/article/3057889/data-storage/so...


Blu-ray? Really? Sure, they may last, but, will you have a blu-ray reader?

I've worked in IT for over ten years, and have not once, once seen a blu ray in person, or ever handled a machine capable of reading one. It'd be incredible afraid to have my backups in something that requires some expensive exotic device to be written/read.

You'd be much better off with USB sticks.


Check out M-Disc, most new drives, especially from LG, support burning them: http://www.mdisc.com/

They claim the discs should last 1,000 years. Obviously no-one has tested this.


I've settled on having a NAS at home that backs up my most important stuff onto Amazon S3. I also have a lot of stuff with a paid dropbox account, that of course has local copies on my desktop and laptop. I'm looking into using Fastmail vs having my custom domain with an old grandfatherhed in google apps for your domain account.


And for email ?


I'm myself using a non-profit email redirection service as my main e-mail address. They do not provide an email box, just the redirect, so they can keep the service lean with a very modest one-time fee for new members.

This allows me to change the actual e-mail provider when needed. I already moved (successfully) away from Gmail, and I'm currently considering moving again as the spam protection of my current paid-for email service isn't that great.

I think the redirection service is ingenious. Sadly it isn't available worldwide, so I won't advertise it here, but I'm sure there are others like that.


How does it work for sending, though?


Sent via the email provider, but I'm using clients that can set a custom "From" and/or "Reply-To" header fields, containing of course the redirecting address.


Thanks for your answer. What about DKIM? Are you forgoing it, or do your clients have support for signing the emails?


To be frank I haven't even thought to consider DKIM, so I guess it's fair to say it hasn't been a problem. This is a private e-mail address with quite low number of outgoing e-mails, so hard to say how universal my experience on this is.


As an anecdote, I've never used DKIM or even SPF and have no delivery problems from my domain.


I have a DigitalOcean droplet running Postfix, which provides edge security and a private IP, but no storage. All my mail is routed through this droplet across a VPN to my home Exchange server. Exchange backups are encrypted and stored on Amazon Cloud Drive. Yes, there's a reliance on cloud services for backup storage, but the only time I'd need the offsite backup is if my home servers both became unavailable for some reason. I'm happy with taking the chance that, if that happens, it won't happen at the same time as Amazon closing my Cloud Drive account.

I admit though, this is probably over the top for most people. I do it because email is my job, so it's useful to have my own servers for testing stuff.


The parent poster is correct and it's a good assertion. I'm doing the same thing, even though I'm using Windows as a base operating system, primarily for convenience at this point in time.

Email is very portable if you keep it in a place you control. You're pretty much just paying for a collection and caching service if you use POP3/IMAP and store your important folders locally. That is portable in a couple of hours between hundreds or thousands of different companies who operate standard protocols.

And then there's the possibility of running your own MX with postfix/dovecot etc if you really want.


thanks for posting this cautionary tale. I am completely dependent on Google today so if that happened i'd be F'd. Will look into exporting all my emails this weekend.

But why was Google unable to re-instate you? Was it because you had no way to prove your identity to them? Were you able to reach anyone?

for those in similar situation you can back up your email/calendar here: https://takeout.google.com/settings/takeout/custom/gmail,cal...


Contacting Google support, unless you're an Apps customer which I wasn't, is a complete waste of time. Unless you can, to quote a colleague, piss through the eye of a needle, when it comes to the security questions and details then you can't even get over the first hurdle.


From any situation where your account has been disabled, I've seen a grand total of two positive resolution strategies:

- Get a lawyer and have them contact.

- Know a Googler personally.


Any product which relies on knowing someone at the company or a good lawyer should be marked instantly as suspect! :)


It would be great if someone put together a guide on how to migrate from a closed source systems (e.g. gmail, google drive, dropbox, etc) to open source systems. One with detailed, but easy to follow, instructions.


Ultimately information in the cloud, or anywhere is not backed up if it only exists in one place. Backing it up for one's self is essential.

This leaves most people in two categories: those who haven't (yet) had a catastrophic, unrecoverable data loss, and those who have. Leaving it to others, or all your eggs with just one service is an invitation to the first group. What I can say is it's almost certain something unimaginable will happen, be it a data center, service shutting down, or something getting corrupted.

I want to echo my experience of losing 16 years of email with Hotmail over at Microsoft due to the wind blowing arbitrarily in a different direction for a few months. I had my MSN messenger log in automatically to keep my account active on Hotmail, a criteria which was quietly ended. Unforgivable for me. Had some of it backed up luckily in real email clients but lost some critical emails and photos with a friend who passed away.

People who either haven't generated enough of a digital footprint and lost it are going to be in for an inevitable surprise with the online services that they take for granted as being ubiquitous. While the cloud is awesome, it is still quite in it's infancy.


> Now using a cheap Nokia 106, POP3 box with gandi.net

+1 for gandi.net - they are great.


Questions: how did you get lightning assuming you're talking about the browser for Android which does indeed not require Google integration, on a Nokia 106?

And is this link by Google not an easy enough of a solution for backing up your Google stuffs? https://support.google.com/accounts/answer/3024190?hl=en


I'm talking about Lightning as in the Mozilla calendar. I don't use a smartphone any more.

Google takeout isn't or at least wasn't comprehensive at the time. There are other lock in items. Also it takes time and effort moving it somewhere else still, isn't instantly useable etc unless you can read vCards and iCal feeds..


I want to do the same but I don't know of anything that has Google-Level replacement for Drive/Docs/Sheets/Calendar. I really want one thought.

If I can get Email, Document Storage (Docs, Spreadsheets, PowerPoints, Calendars) I'd move to a personal in-home solution ASAP. If it could integrate with Android via F-Droid apps I'd be even happier.


The lesson you should have learnt here is to keep backups. I'm amazed at how people store all their stuff on a single company's servers, and keep no backup at all (either locally, or at some other company).


That was the lesson learned. Also that you should store everything in easy to access formats.


Backups! Even in the cloud era you still need backups.


This is not just about backups; this is the reason why I keep my mail on my own domain. ( It could by my own domain on gmail; it's not, but that a slightly different story ) This way I can move it to another company, alter DNS, do whatever I want with it to fix an issue.

When you're relying on a company you cannot circumvent in a situation like this (xyz@gmail.com as primary address), you might end up not being able to use your primary account, which might effect your business.

EDIT: I'm not going to address the problems with the DNS system itself, which is similarly flawed - you are only leasing a domain, not owning it, and the company maintaining it has the power over it. In theory, this could have been addressed with .onion IDs, but those are impossible to remember and with namecoin's .bit, bit this is not supported by enough real life DNS systems, so there is no alternative to that (yet).


This really seems like it needs to be regulated in law. For telephone companies, there are rules about when they may disconnect you, e.g. the Arizona Utilities Division write

> f I am unable to pay my entire bill, what can I do to maintain local dial tone?

> The Arizona Administrative Code specifically states that a telephone company may not disconnect a customer for failure to pay an unregulated portion of their bill. To maintain local service, you must pay for the regulated (landline) charges on your telephone bill while you work to resolve problems with the other portion of your bill. If you fail to pay the unregulated charges on your bill, those services may be subject to disconnection and a deposit to reestablish. (R14-2-509)

> How much notice does a telephone company have to give before disconnecting service?

> A telephone company is required to give 5 days advance written notice before disconnecting service. (R14-5-509 Section E)

In this case, Google killed people's email without any prior warning, and in retaliation for an unrelated business transaction (selling smartphones). Having your email disrupted like that is at least as bad as getting your phone cut off.


Fastmail. I'm just a regular (paying) customer, not a business or anything. I've opened a small number of tickets, one or two of the RTFM variety. I've always got a human response and satisfaction, even a "here, let me RTFM that for you."

I can't imagine being locked out of my fastmail account for anything other than abuse of my fastmail account. Or not paying my bill.


We also stalk you on... I mean, we read the same tech news sites you do.

(I'm on third line ticket duty right now, so if you have something significantly more complex than RTFM, or an actual bug, you'll probably be talking to me this week)

The most common cause of getting locked out other than you abusing your fastmail account is having your credentials stolen and used for spam/fraud, which is why we recommend 2 factor authentication:

https://www.fastmail.com/help/account/securityupgrade.html

But yeah, even then we don't lock you out forever - just need you to reconfirm your identity and re-secure your account.


Awesome - I moved across to fastmail a couple of days ago. I've been using a custom domain for email for awhile (josephg.com), merged with a gmail account. I'm very happy I set that up because moving to fastmail was a cinch - there's no forwarding to do, just a few DNS records to reconfigure. And with a custom domain I'll have that email address for life, no matter what happens to fastmail.

My gmail account (josephg@) gets a tremendous amount of email for other people. Earlier this year I was getting a lot of marketing trash from a particularly excited group of car dealerships in Illinois. Around the same time youtube suspiciously started advertising new cars to me. Its all way too creepy, and reading articles like this about people's gmail accounts getting locked out I'm very happy to reinforce my digital independence from google.


The only thing that has put me off Fastmail very recently, and indeed I moved to another provider (Runbox), is the loss of their Family plans.

Requiring three accounts now for instance would cost $150 a year minimum for the size I would have needed and unfortunately because I needed to rearrange my old grandfathered plan to re-organise accounts I'd have lost my previous plan.

Basically, Fastmail is good (very good), and you can still do admin type stuff by creating your master account first and creating your 'users' under it, but do look around if you are price conscious.

NOTE - I know you can't please everyone and that doesn't detract from the fact Fastmail was extremely stable, fast and had excellent customer support so don't take this as a 'Fastmail is bad' type post, because it isn't. Just look around and make sure you're getting the rid price/value for your needs.


Fastmail killed their Family plan?

Damn. I was going to move to them at the end of this year when my VM (where I currently run my mail) is up for renewal. But if I now need to buy several Standard plans instead, and get several gigabytes of storage I don't need, then that's less appealing.

Runbox looks good. Any other suggested alternatives?


PloarisMail is pretty 'barebones' on the face of it but works well:

https://www.polarismail.com/

Zoho is actually very good too but they (like Gmail) enforce IMAP connection limits, so it you have a lot of folders etc or use mobile clients like K9 that open a connection per folder then you can get errors very regularly.

The above is true for Zoho on the free plans anyway, but it may be different for the paid ones. But the free ones have pretty much all you could need if you don't run into the high number of IMAP connections issues.

https://www.zoho.com/mail/

If you have enough accounts to make it worthwhile I think Rackspace is supposed to be very good, but last I looked you needed a minimum of 5 accounts (I only had 4) so it didn't work out:

https://www.rackspace.com/email-hosting/webmail


Really helpful. Thanks.


> Fastmail killed their Family plan?

They announced this on 18 August: https://blog.fastmail.com/2016/08/18/easier-user-management-...


> My gmail account (josephg@) gets a tremendous amount of email for other people.

Same with my josephb@. It's amazing how many companies start sending personal identifiable information to a random email address without validating it.

Doctors, real estate, universities, banks and the list goes on.


Previously I've been hesitant to disuse Gmail, but now I'm 100% confident to actually transition to Fastmail. And I'll take Fastmail in consideration for my company usage too (we're a smb).


You should, it's awesome :)


I also transitioned from gmail to fastmail a few months back and am very happy so far. Haven't had any issues and moving over was less stressful than I had imagined.


I've been w/ you guys since there was a 'bounce' function (miss that, btw). Used to use 2FA w/ a Yubikey, but stopped for some reason that made sense at the time, though I don't recall what happened, was so long ago.

What keeps me from enabling 2FA again, is that there's always some kind of "I lost my 2FA device" function which essentially allows it to be bypassed. So whoever's determined enough could find answers to secret questions or whatever to gain unauthorized access. If it were possible to disable this attack vector I'd get another Yubikey & try again- if...

...The other thing that prevents me from going this route, which is: The fact that it's impossible to implement an additional Yubikey functioning as a "clone" of the one used to secure the account. I can't say I've never lost my (physical) keys. But when I do I just grab my backup copies, make new backup copies, & all is well. No can do with a Yubikey.

-My 2c


Isn't making "impossibly" hard security questions and storing them where you would store your secondary yubikey basically the same thing? Or can't you pick your own security questions?

Sorry for butting in uninformed.


Nice. :) Reading this in the context of this thread made me setup my own trial account, with a new domain name. As soon as those MX records propagate, I'll be good to test it for a while.

Wish you had a dark theme, that'd be my only feedback for now (Stylish also works). Appears to be very fast, but of course, my account is 100% empty.


ime: it stays very fast, even with 1.5k emails in inbox, ~30k emails / 2.5G total in various folders.

Also, changes propagate faster even than gmail. If you have your inbox open on 2 computers and move an email out of your inbox on one of them, you'll see it replicated in near real time on the second computer. I don't know how they do it, but it works really well.



Thanks, that was fascinating. And props to the salt-n-pepa fan!


Interesting, thanks for that. I'm up and running on my own domain after waiting for the domain name server to transfer from Bluehost where I registered the domain. I did start out doing manual configuration until deciding I might as well use Fastmail's; their DNS config page is rather nicely laid out.

Was very easy in the end, but must admit I had forgotten just about everything I once learned about DNS. As such it was nice to get a little refresher.

EDIT: I would probably have gone for Google Apps / G Suite if not for this article. So, yeah, hope it served Google well to freeze those accounts with no warning.


I started switching to fastmail due to their economical family plan but then they changed plan structures to where that is no longer available and the new plans were all a lot more expensive for a family. I was grandfathered in (I signed up just before the change), but won't start using a service on a deprecated plan. It was to bad because it seemed very good for the week or so I played with it.


Will Fastmail have CDN? I'm currently in Vietnam and latency to Fastmail isn't good (250ms RTT), as I connect to server that's located in US. While my home's internet service might be worse, so I hope Fastmail servers are closer.


Based in AU I'm further away than that by latency. As a fastmail web interface or mobile app user I don't notice the latency.

CDN for unique items like mail probably doesn't offer tons of gain for the additional complexity.


We tried using CDN for static files (interface javascript and such) for a while, but we found that it didn't really give much benefit. The faster connect times got eaten up in the second SSL negotiation required for a different hostname. And it meant fun and games with content security policies or giving a third party SSL certificates that were inside our domain, so it was a wash. We decided the benefits didn't add value.

And yeah, our core dev team is in .AU, so we know all about the latency. It's really not a big deal once you sync up the first time - all the static artifacts are cached and the dynamic data is loaded in the background, often before you need it.


Can you clarify what this means:

"Flexible tamper-proof data retention policies with unlimited archiving space" - from the pricing page.

I am considering to switch to Fastmail, seems nice!


At a techinical level it means we take a copy of each incoming and outgoing (assuming you send via our web interface or via our SMTP servers) email and dump them into a separate folder in a separate account on our server which your admin accounts get a READ-ONLY ACL to, so you can see the messages, but can't remove them or modify them.

Unlimited is a bit buzzwordy, because we do have sending and receiving rate limits, so you can't grow the archive user faster than that.

Also if you go over about 850Gb of data right now you will make me very sad because I don't have facilities for splitting users yet, and we segment users across 1Tb partitions. I'm hoping nobody hits that point before I've got sharding inside users working - but worst case I spin up new hardware with larger individual partitions and put the user there :)


Alright, one more question: where is the data located? My main reason for switching is to move the data from US-based servers and/or companies.

> Our main servers are located at New York Internet (NYI) in New York City, USA.

Nvm... :(


That's awesome. I've just gone through setting up my domain account and it was a slick experience. Neat 2FA authentication etc. Proud to see you're Melbourne based as myself, too.

PS. I hope no-one reads your post now and takes it as "challenge accepted". :-)


some feedback from a happy fastmail customer: please add 2 factor authentication via sms! I neither have a smartphone or yubikey.


SMS is not very secure, there have been quite a few stories of people losing digital access due to an attacker just calling Verizon and taking over their phone account.


That's in the US. In other countries things may be more secure. In Russia I barely can make any changes by phone because they verify so much info. Forwarding will certainly require an in-person visit to the carrier office.

So I guess it's better to leave the choice to the user, with an appropriate warning text.

—Another happy Fastmail customer


There's the other side of it, which is that SMS delivery is awfully unreliable in many places, and it's a frustrating experience for everyone. We can fire off the SMS, but if it fails to reach you it's an expensive and time consuming support headache for us, and a shitty experience for you.

A Yubikey costs less than a year's FastMail service.

So no, we're not leaving this choice to the customer sorry, SMS sucks for too many reasons to consider adding back.


Here is another fastmail customer. Just curious how do you confirm identity? I don't remember setting a backup email.


Possibly something similar to this[0]?

[0] https://www.fastmail.com/help/account/icantlogin.html


Thanks for the link. Need to prepare for it.


Another happy fastmail customer here :-)

Keep up!!!


I might have to switch at some point. It is stories like these that are freaking me out. Were there any instances of them being DoS-ed or you not getting emails from others?

I would also be afraid one day if Google sees people fleeing to them, they'd come in and buy them. I'd almost whish there was a public trust or non-profit who would run an email server. Post office is a government service (for better or for worse), email is a bit like what regular mail was 100 years ago.


ime: their spam detection is definitely inferior to gmail; I've had 2-5 false negatives per month (spam not detected) and a handful of false positives over 3+ years. Plus a payment notice from my student loan that fastmail absolutely positively refuses to believe is not spam not matter how many times I so mark it.

I've had zero deliverability issues.

edit: to be clear, the spam detection works well, and if you're going to make an error, it's far less annoying to bias (as they do) towards a few spam showing up in your inbox rather than actual messages getting lost in spam. Also, they show the spam score, and you can hand adjust your spam threshold if you want.


"a payment notice from my student loan that fastmail absolutely positively refuses to believe is not spam"

That's because it's not spam. I'm pretty sure there's a blog post coming soon about the difference between spam and "email I don't want to receive". If you just don't want to hear from a particular email address, the way to stop it is to put an explicit discard rule for that address in your Rules screen.

Likely changes for next year include making a much easier UI option for "don't show me email from this address again", because that's a fairly common request for situations like this where you have a vexatious sender. I suspect it will be implemented as an addressbook group - the anti-whitelist!


I think you misread the double negative?


You're right / I wasn't clear.

The student loan confirmation is sent to spam every month. I mark it as not spam.

In their defense, the message is full of all caps words that look like a sentence formatted from a sql query with little attention paid to formatting plus it has all sorts of spam words (bank, payment confirmation, loan, etc).


The address killfile sounds awesome.


I get tons of false positives in Gmail. Mostly from mailing lists where I guess someone else reported it as spam because they were too lazy to unsubscribe, but also some others. But it means that I regularly have to dig through all of the Russian camgirl requests to make sure nothing important is there.


That's why I'm using my own domain now for emails. Even if my email provider goes away I still keep the address.


Good point. I have an un-used domain. Maybe this is the time to finally use it.


Yeah, fastmail has some issues (see below), but they offer human tech support that ime knew what they were doing, even at the $40/year price point. And they seem to have slightly raised prices while I've been a customer, but automatically grandfathered me into the previous deal. Which is kind of them / a stand up thing to do.

Issues: they've fixed many of them -- in particular, charging for 2fa at $0.1/sms and the settings area in the web client used to feel like a bad programmer's first js project ever -- but mostly it comes down to, across almost all experiences, they're slightly to mildly inferior to gmail. Google's apps are just best of breed. Fastmail is the best non-google I've found, and I looked pretty hard a couple years ago.

Things I miss from gmail are things like: fastmail is a hybrid conversation based email with folders rather than tags. I miss tags; some folder weirdness occasionally peeks through. Fit and finish like after a message is selected, choosing add rule from message doesn't offer to filter other messages in your inbox that match the new rule. Etc.

Paying $40-ish/year to have email that isn't used for ads and that is run by a company with actual support seems like a good deal to me. Particularly if you don't have a friend inside google or the ability to hit the front page of HN to get customer service.

You can see the improvements in fastmail even over the 3 years. So that's really promising.


Seconding Fastmail. Moved earlier this year from gmail to Fastmail. Also using my own domain now instead of @provider.com.

Never been happier. Their Webmail UI is less cluttered and more intuitive than Gmail (at least to me - but I'm not a huge webmail user anyways).

Well worth the money.


Just chiming in to say I also use FastMail and love it. The only thing I wish they did differently is offer SMS 2FA. (Yeah, I know about the downsides. I am a normal person who doesn't need extreme security.)


Any modern phone should be able to run a TOTP client. For my own FastMail account I have a TOTP client on my phone plus two Yubikeys, one I carry with me and one that I keep at home. We require all our staff use 2FA because emails from us get the magic green tick :)

So yeah, if I have my phone, I have a 2FA option already without SMS. I normally use the Yubikey because it's super easy.


How do you use a yubikey on your phone? Or did you mean in lieu of totp on your phone?


If you have a Yubikey NEO and a phone with NFC, you can store the TOTP secret on the Yubikey instead of the phone, and use the phone purely as a screen with a time source by opening Yubico Authenticator app and touching the Yubikey to it to generate codes.


For Fastmail I plug it into the USB port as usual (using an OTG cable). Last I checked that was still the only way to do it specifically for Fastmail, since they do not support NFC. For Lastpass though, using the Yubikey through NFC works great.


I wanted to report a bug in Fastmail's android client only to discover that their ticket form requires you to type in your password. My fastmail password is gigantic, and typing it in on a phone is a major ordeal. Is it that much of a problem if a non-user submits a ticket?


Willing to bet if any of them were Google Fi or Google Fiber customers, their phones would be cut off as well. Of course, much of their fight with AT&T over pole attachment rights has been Google's unwillingness to be classified as a "telecom"[0]. I suspect Google is very unwilling to be held to these sorts of legal responsibilities.

"Basically, the current regulations require companies with utility poles in the public rights of way to provide access to certified telecommunications providers and to TV/cable companies," Paul Lewis, assistant manager of telecommunications and regulatory affairs in Austin, told Ars. "Google is not a certified telecommunications provider, and it's a video service provider as opposed to a television/cable company."

If Google were to apply to the Public Utility Commission of Texas to become a qualified telecom, "It would make them subject to all of the state and federal telecommunications regulations," Lewis said.

[0]http://arstechnica.com/tech-policy/2013/12/why-att-says-it-c...


Wouldn't Google be able to set up a wholly-owned subsidiary to be the designated telecom in Texas? That's how the ride-sharing companies do it in order to insulate the parent companies from having transportation law apply to their headquarters.

I think it's indicative of more than just Google being unwilling to be held to the legal responsibilities; it appears that even their Fiber arm doesn't want them as well.


And with e-mail, that's often a means of authentication. Many services won't change your e-mail without sending an e-mail to your prior service.

You can essentially get locked out of your Steam account.


I recently got locked out of my old bank account because I didn't use the SIM from my country of origin for 5 months. My mobile operator disabled my ~15yo phone number and I can't recover it without flying there and visiting their office with my ID.

That's why I also feel uneasy towards all these number-based messengers. They're targeted at users who rarely leave their countries.


Or at least get a mail address or similar from everyone whom you're talking to on a number-based messenger, so that you can recover from a lost messenger account.

(Doesn't help, though, if you lose the phone number and your mail account at the same time.)


exactly. if you pay for a service and google or facebook are your authentication, you are locked out of the third party services you pay for.


Google's terms of service say that each user retains the copyright to their content, but grants to Google a license so that Google can provide services.

If Google has the only copy of some of this content, I wonder if a copyright claim might have any leverage. It's one thing to give Google a license; it seems like quite another for Google to deny you access to your own copyrighted material.


That route would only get you copies of your email. It wouldn't help you change a password on a 3rd party service, if their practice was to require confirmation through your address on record.


Opinions about regarding Google as a utility aside, I think the comparison this argument makes isn't as comparable as you make it sound. Using your example with telephone companies, this situation is like saying a specific 3rd party service accessed via telephone should be regulated without actually regulating the telephone companies first. I would like to see ISPs be regulated as a utility before individual web sites are regulated as such.

In the event that becomes reality, the time would have to be taken to define what minimum level of services the web site would have to offer. Simply saying Google must keep X service available would be archaic. Would other email providers be exempt from having to maintain these rights? If your job gave you an email address, would they have to maintain it after you leave the company? These are probably contrived questions, but ones that would certainly have to be answered first.


Gmail is part of the chain of technology that lets me communicate, so I think a comparison with a telco is fair.

Also there could be a distinction in the law for mass communication, e.g. #users > 1M.


> Gmail is part of the chain of technology that lets me communicate, so I think a comparison with a telco is fair.

And it's actually harder to switch to a secondary. With my ISP, if they cut me off I can fall back on my cell provider within minutes. I have no such failover for my Google services.


> This really seems like it needs to be regulated in law.

Or use backups. Don't go crying to the government when you can handle it yourself.


It's not a question of backups. Even with no data loss, the cost of most people being shut out of their Google account is absurdly high. Missed texts. Missed calls. Missed emails. Can't log into third party sites.

If Google wants to have a monopoly on all of that stuff, they need to be subject to regulation that compartmentalizes their services and what they can and can't do arbitrarily.


They don't want a monopoly, you want them to. You opted in to it, and you only end up in such a horrible position when you make a series of horrible decisions.

Missed texts and phone calls? How did you even get into the position where Google controls your telephony? Missed emails? Why are you using gmail.com? Third-party authentication? Did they not have the option to use e-mail or a username?

You can't fix every problem by band-aiding regulation on top of it. Sometimes you need to step back and wonder how you got here, and solve that instead.


> They don't want a monopoly, you want them to.

Of course they do. Every strategic decision the company has made over the last two decades is to try to secure a monopoly on your data.

You make it sound like it's easy to run your own full stack of all web-connected applications. It's not. The cost is INSANELY high. So your real choice is whether to use one company, or dozens of individual companies for every individual service. The latter protects you against the risk of something like this happening. But it comes at a day-to-day expense which will far outweigh the prevented risk for 99.9% of people.


If your concern is data _loss_ as opposed to data _ownership_ you can still use Google all you want as long as you use it redundantly (backups, separate domain, &c.) What you're saying is more applicable to people who want Google not to see their data.


Regulate a free service?

I wonder if any G Suite customers had their accounts closed.


> This really seems like it needs to be regulated in law

Absolutely not! That way you are slowly making people to lose any bits of the common sense they might still have. Perhaps losing data once or twice will make people look for alternatives. Throwing in another regulation will just increase barrier of entry for companies offering emails and who knows what else some dumb politicians could come up with, maybe this will open the gate to even not being able to self host an email server.


Disclaimer: I don't speak for Google and don't have any real context into why this occurred. Speaking as myself, a private citizen.

I work in Spam & Abuse and it's possible that this is the result of some clustering algorithm that was trying to take down sharders / phone buying rings. It's very possible that the SWEs responsible didn't consider this possibility (that legitimate customers would be used to shard purchases) and I'm pretty sure if the affected customers appeal they'll be reinstated, maybe with a warning. I certainly wouldn't characterize this as intentionally punishing the individuals who purchased phones on Google's part -- notice that only users who directly sent their phones to the reseller's address were taken down. Smells like automation to me.

The "deleting all their data if the appeal doesn't go through" thing is actually because of privacy policy and Google can't keep your data around for longer than 90 days give or take after your account is suspended. Again it seems heavy-handed but is more a perfect storm of big-company policy decisions with good intentions overall. Know that if you ask Google to remove your account, you'll actually get everything wiped! (That's a good thing imho!)

It really is unfortunate that FPs (or "mostly-FP"s) in Google's systems impact people so badly. FWIW for most Google services if you abuse them you usually get a service level suspension rather than your entire account suspended, probably for this exact reason.


It's very possible that the SWEs responsible didn't consider this possibility

"Very possible"? More like "guaranteed". Everybody who pays the slightest bit of attention knows Google has a gigantic blind spot when it comes to thinking through the consequences of algorithms and automation. And there's no sign that the company is interested in fixing that, ever.


Wait until they get into the thought police business for some real interesting situations.

All jokes aside, for those who remember, it's pretty amazing what Microsoft got punished for (bundling a browser with the OS, with no other restrictions) compared to what Apple and Google get away with.


Bundling a browser with the OS that had 98% of all user share at the time. neither Apple not Google come anywhere close to that market domination with their iOS or Android systems. Also the case was much more broad that just the browser it was for software that runs on the OS. Antitrust is not just about what a company does but mainly about what other alternatives are out there. In Microsoft's case there were no other alternatives while today you can choose between several.

EDIT: One more thing that everyone seems to confuse is that antitrust cases should protect CONSUMER rights not PRODUCER rights. A case can be made that Google and Apple are hurting other companies by offering free services with their products but they ARE NOT HURTING CONSUMERS.


Google only has about 85% marketshare in phones, 96% in Search, still problematic.

And Producer rights are affecting Consumer rights.

Without a free market, we're all worse off — the only justified monopoly is a governmental one.


Key word here is "phones". 85% of phones is still less than half of all users seeing as mobile just surpassed desktop use sometime in 2015. And no, producer rights are not affecting consumer rights since this is a free market. I don't care how many Russian search engines or vertical product marketeers go out of business. They are going out of business because they are not offering a good enough service and I don't want google or any other search engine to channel my experience in not good enough channels just to keep their business afloat. that is not free market. When I and a plenty like me like a service we keep using it no matter if Google promotes it or not. If google had the power you are fear-mongering about we would not have FB, Twitter, Instagram, etc.


> If google had the power you are fear-mongering about we would not have FB, Twitter, Instagram, etc.

All of them were started before Google even started competing with them.

Show me a company started after Google had already established a presence in a market that’s either competing with Google (and having a positive prediction) or that has thrown Google out of the market at all.


it doesn't matter is they are established before or after. all it matters is that users have the choice and choosing these (and other) products over the Google provided ones. Google has bundled a form of messenger app since forever with its services. People just keep choosing other better ones. Google has tried 2-3 time to break into the social scene but even though Google Buzz was bundled with gmail it was not used. although everyone with the gmail account had a G+ account it is not even close to FB or Twitter. The simple fact of bundling is not a problem when there are choices. Amazon even takes Android, takes out EVERY SINGLE REFERENCE to google services and uses it for it's own products. So android can not be considered in any form monopolistic because it offers choices does not block them.


> it doesn't matter is they are established before or after.

Yes, it does, that’s the entire point.

Will we still see as much innovation in 10, 20 years? For that, this part is very important.

> The simple fact of bundling is not a problem when there are choices.

Google forbids OEMs from selling custom Android forks. That’s not choice.

As said, both the EU and US consider this anticompetitive, and are investigating it. If you believe you – which apparantly are unable to use correct orthography – are more knowledged than the top lawyers of the two largest economies, then, sure, go on.

Even Google has admitted they are doing anticompetitive bundling, their defense is that it’s required to fund Android at all. That alone should say everything.


Google forbids OEMs from un-bundling it-s other services not android. OEMs have the choice to build an Android with no Google service whatsoever like Amazon or some Chinese OEMs are doing. What they can not do is offer an Android while picking what google app they offer. Google apps are take it all or leave it for OEMs. for users they can choose to install what they like. I do not believe that I am more knowledged that Lawers but seeing already in plenty other examples that EU is more worried about businesses than consumers I can say that these is just another misuse of the antitrust rules.


Wouldn't it be more accurate to say that Google does not license the Google Play Services to be bundled by OEMs who sell custom Android forks?


Not really, because Google also retroactively removes the license for devices already in production if the OEM later on decides to sell forked devices, as was threatened with Acer.

Or even just delivers parts for such a device, as was threatened with SAMSUNG and Amazon.


I really don't want to defend Microsoft, but Internet Explorer won all that market share because back in the day IExplorer really was the best browser available. And given what happened next, I'm actually grateful for the IExplorer monopoly, because Firefox wouldn't have happened otherwise.

We tend to forget that even natural monopolies can be broken by new technology and innovation. And even big companies can be beaten by smaller ones. Microsoft tried to beat Google at search while Google was smaller and much less powerful than it is today. They couldn't, because big companies have a priority to protect their cash cows and don't necessarily have the talent or the focus required to tackle new markets (i.e. the innovator's dilemma). Google tried to beat Facebook at social. They also failed by being too conservative, while at the same time fucking their users. Can you spot a pattern?


I accept Microsoft followed many predatory and anti-competitive practices. They were a nightmare and deserved a good anti-trust kicking.

But hammering them for bundling a browser was just plain stupid. If they didn't bundle a browser, how would people download a competing browser? You'd have had to get hold of a browser on CD somewhere and install it manually just to use the internet. How would that have been an improvement for consumers? It was a misconceived, user-hostile decision.


    ftp ftp.netscape.com


You've convinced me. Ordinary consumers should be expected to know how to use command line tools and have memorized service addresses, without having browser access to look any of it up. That's clearly the answer to improve usability and expand consumer access in this situation. How could I not have seen it sooner.


Life before bundled browsers and Google:

"Sue, how do I get that browser thingie?"

"Erm, Jane wrote it down for me... here's the Post-It"

"Thanks."

We survived OK.


Windows explorer supports ftp. Type ftp://ftp.mozilla.org into your run menu or explorer address bar and you'll get a folder view pop-up. From there it should be rather trivial to find Firefox from inside their ftp directory (not as simple as clicking a download button, but still). I'm not sure if getfirefox.com runs an ftp server.

I'm not aware of any popular OS that doesn't have ftp support on the main UI (except Android, which doesn't have a file management app anyways; not sure about iOS). Nautilus has ftp support. So does thunar, dolphin, konq, etc. You can type ftp addresses into the address bar in osx, iirc.


I recall a couple occasions:

- Didn't want to open a browser one day but wanted to download the latest version of FF. Thought I'd try FTP. Ultimately gave up on trying to find the right path and Googled it.

Another time (later), I vaguely recall being at a kiosk with IE disabled in various boring ways, and I tried to see if I could download FF (just to see if it was possible) after successfully managing to open the FTP site. I might be misremembering, but I think the only reason I was able to locate the dir properly was because I'd previously made a careful mental note where it was. (It downloaded, but executables were disabled. Those sysadmins did a good job.)


True story: Back when I was doing desktop tech support, downloading Ad Aware via command line FTP was a favored method of mine when the user's browser was so fucked by spyware that it was inoperative.


At the time, before browsers were standard equipment, ftp was a normal way to obtain software. There were gui ftp clients available at the time, but I have no idea how people usually got those (whether dialup bbs, downloading with the bundled default ftp utility, passed on a disk by a friend, or bought on a disk).


By bundling competing browsers


Wait if they get into the automated car driving business for some real sad situations.


Due to suspension of your Google account this GoogleCab service is no longer available to you. Please be careful exiting the cab on this narrow strip of interstate hard shoulder 50 miles from anywhere. We have also disabled google authentication access to your phone. Have a nice day.


> please drive me to the hospital, I broke my arm

> I can't do that, the hospital is within 50 miles of a school and you're banned from being within 50 miles of a school, because you commented "she's very pretty" to a picture of your 5-year-old niece and we've decided you're a paedophile.


Try this one http://craphound.com/scroogled.html by Doctorow.


Wow, the HTML for that page fell through a bit of a can opener there.

Also, I must frankly admit my great curiosity at the fact that your last comment was posted 3.61 years ago. Alt account? Deleted comments?


It's amazing what owning the FTC can do. Obama appointee Joshua Wright was a paid Google shill... and Trump just picked him up for the FTC transition team. Google's ability to infect our justice system transcends partisan politics.


But AI is the future and our AI is the only which is true, embrace it! /s


Hopefully you haven't given up on reading the comments to your post and you see this. Small practical suggestion, no flames.

It might be a very very good idea to lobby to get company policy instated that says "if the system thinks a user has gone rogue/bad, their account gets locked and all, but the data gets kept around until the user says to kill it, or for 6 months."

Because if Google thinks the account has gone bad, that's not the user saying "delete me," so the privacy policy (and associated laws) don't apply! There's nothing stopping you even stashing the data away indefinitely until the user explicitly asks for it to be killed (but that's scary).

At the end of the day though, algorithms fail, and IMO this is a practical edge-case policy glitch in the business architecture that should have been countered for.

Or does "user account gone rogue" have to be interpreted as "delete me" for crazy obscure Reasons™?


If you watch an old tech talk re: Google disaster recovery topic, the Googler explains that a user's info is never fully deleted because it's too expensive to do so given back-up duplication is processed multiple times in multiple locations and sometimes over multiple technologies. In other words, cancel your google account today and your data may be "deleted" but it's really, as in actually really, still on magnetic back-up in several locations, but it's just really hard to get to and put back together, so is considered "gone". Unless you're a really big organization with the means to go to such troubles, like maybe the government or Google.


It would be easy to setup a backup system where all backups are encrypted with a set of randomly generated keys. (1 key for each user/service pair or something). The keys are going to be (relatively) tiny, so they could be kept on non-archival storage.

If a user's data needs to be deleted for whatever reason, simply discard the user's corresponding encryption keys. That way you can effectively wipe the user's archive without needing to touch the tapes themselves.


How is that compatible with legal requirements for deletion? I think that, at least in Germany, you can demand that a company delete all data associated with you, and the company has to comply with it.

(Whether German data protection law applies in Google's datacenters is a wholy different story though.)


It's not required in Germany either. The data protection law allows to "lock" data instead of really deleting it from all devices. And IMO that's the only sane solution to deletion requests.

Otherwise, any kind of backups would be unlawful for a company.


Though this requirement is moot even in Germany, as it is impossible for you to verify such a deletion.


Can you point me to that tech talk? I think this info is outdated, at least it conflicts with what I believe to know.


I agree, AIUI this is no longer the case.


<Blah blah disclaimer IANAL & speak for myself>

I think this may have changed since that talk. I think Google still doesn't technically guarantee full deletion (who knows if someone's GC process messed up or has a bug) but in practice it happens, at least AFAIK. It is expensive. And it does take time, I wouldn't expect all my stuff to be purged until at least 180 days (the 90 days they are supposed to delete after + ~90d for the delete to fully propogate).

It also drives every engineer nuts when they're asked is your service wipeout compliant and they realize omg I can't store this data longer than x days?! shit shit shit

European Privacy Shield compliance is yet another bag of legal worms every service has to deal with. More deleting, encryption at rest, etc.


Huh. I now get the focus on pure-HDD storage as opposed to using tapes.


Things change


From watching a tech talk a few years ago by Googler on backup, my understanding is that they just delete the encryption key (I believe everyone's data is encrypted with a per user key).

Your data may still live out on some server - but it is effectively unrecoverable.


I also remember that talk. I haven't verified by watching again, but if anyone's interested I suspect this is the one: https://youtu.be/eNliOm9NtCM


I recommend the takeaways you get from this thread (especially as someone in Spam & Abuse) to communicate with those you work with and your superiors at El Goog.

- Automation is going to be the end of your job. Not because your job will be replaced by an algorithm, but because overuse of algorithms is leading to the collapse of trust people place in Google. Major actions like the banning of someone's Google account should never be done by algorithms. If you can't afford the humans[0], you shouldn't be in the business of holding people's valuable data.

- The support and appeals process must be human. Ever tried Microsoft's Answer Desk? Talking to humans isn't difficult even with one of your largest scale competitors, even for free tier products. Humans want to talk to humans, and Google's customer base consists of humans. FastMail ticket support? Incredible. It feels like Google isn't even trying to treat customers well in comparison.

- Google shafted 200 of their customers, and from the looks of it, this thread has another 200 ready to leave. The Guardian just picked up the story, so expect this effect to continue. One bad behavior by automation can cost you multiples of damage, especially if someone writes a blog post about the incident.

[0]Google can definitely afford the humans, especially with that princely sum they have stashed in offshore accounts.


You are kidding, right?

Human decency dictates that, at the very least, someone be warned that their account is now headed for non-negotiable suspension and be given 30 days to clear out their stuff and move on.

I couldn't care less what algorithm decided what. At some point a person coded-in the rules and, for some incomprehensible reason, this person or people decided it would be perfectly fine to take the path of most damage to consumers.

Your company, Facebook, Amazon and others deserve to get hit with a massive class action lawsuit that results in equally massive financial penalties and requires corrective actions. Maybe then you'll learn how to behave like human beings.


I can confirm that I heard many stories of Android developers getting their Google Play dev account suspend for various reasons (which is already really bad in itself, if you have a popular app that makes a significant part of your revenue), but I rarely heard about full Google account suspension for a Play Store violation (maybe once or twice among dozens of Play Store suspensions stories).

I'm still puzzled that they take such a drastic measure automatically, without having one human checking whether the account is actually a real person's account.

I really want to see what comes out of this, if everyone gets his account reinstated and how long they had it suspended.


Yeah my account was wiped without warning after what I suspect was an automatic app review that Google introduced in Play Store at that time. It was just a niche hobby app but damn, it's not like I was a free user. I paid for the dev account. Good thing I had a separate google account for that.

I had some sloppy ndk computer vision running there, maybe it triggered something? I have no idea really. It's not like you can appeal anywhere. I was very busy with other things and let it slide at the time. I got away with a very cheap lesson I guess


is more a perfect storm of big-company policy decisions

Naming storms like this is about rare they are. A "10 year storm" or "100 year storm" only happen once in that period. So they refer to a 10% or 1% chance that an X-year storm that would happen in any given year.

Is this cock-up is so bad that you don't expect a Google company to make a similar or more severe cock-up for DECADES? Then it's not a perfect storm. This was a common storm. In fact, I'm very doubtful it was as a "storm" inside of google at all. This is just another "whoopsie" bug fix, isn't it?

This right here is why people get the impression google thinks it's farts don't stink. Not only that you act as if this is a "perfect storm" but the arrogance it takes to design a system where just because an engineer didn't consider a use case, you're perfectly happy to assume it must be abuse.

Yes, this case will probably be fixed, but would it have been if it didn't pop up on the right back channels to get Googlers attention?


Retention should be longer if an account is suspended on Google's initiative than on the user's initiative.


I believe automating a whole account suspension is not a good idea at all.


What does "FP" stand for?


False Positive


Yay for algorithms without any human supervision! In googles defense, you can't really expect them to spend such a small company to pay a human when the task is so trivially automated and handled so well.


Honestly, I feel like if you start trying to game the system with some shady practices, you should be ready for eventualities like this. That's almost as careless as putting your real info up on an .onion site, and almost exactly like torrenting without any kind of proxy. I hope they get off with a warning, but these people were up to some shenanigans.


thanks for clarifying, I thought the same thing right away as well: smells exactly like automation. I could never see Google suspending an entire account for one person selling one phone.


The world's growing dependence on mega-services provided by the likes of Google is why I started the Free Data Foundation.

The goal of the project is to support OSS that can replace "free" services that subsist on our data. Interestingly enough the maiden project is tentatively called Tmail (short for torrent mail).

It works somewhat like TOR in that it will depend on volunteers to host nodes that will communicate with existing email providers (outlook, gmail, yahoo, etc) and relay the mail over 80 to RPis preloaded with MDA (mail delivery agent) software.

The goal is be able to expand the service to allow people to sign up for email accounts without running their own software (a la gmail).

It gets way deeper than that, but I'll leave it there. You can follow the project at https://github.com/freedatafound/. I've also bought http://freedatafoundation.org but there's currently nothing there.


Rule Zero: Never rely on a URL that you don't control. Use your own domain name for your e-mail addresses. Use your own domain name for canonical links to content. If you control the URLs, you do not depend on any one provider.

Rule One: If you only have one copy, you have no copies. It is an act of faith to assume that a Youtube video or a file in Google Drive will remain available, just as it's an act of faith to assume that a hard drive will never fail. Anything from a hacker to a natural disaster could destroy your data. The "cloud" is made of servers, not magic.

If you follow these two rules, you have nothing to fear. Google could suspend my account tomorrow and it would be nothing more than an inconvenience. I change a couple of DNS records, restore some data from nearline and I'm back in business like nothing happened.


While I'm in complete agreement with you (everyone should be responsible for protecting and ensuring the integrity of their data), it seems a little unreasonable to expect the average gmail user to purchase a domain name, link it to an email provider, (optionally) migrate their emails, etc.

Same goes for YouTube videos. Content creators typically maintain copies of their work, but casual youtubers don't.


I don't think it is unreasonable. I think we've fallen into a culture of low expectations regarding the ability of "normal users". Many people will (perfectly legitimately) choose convenience over quality or reliability, but I think we should be pushing users to engage more seriously with the tools that they use.

We can certainly do more as developers to make things easier, but I think we have a tendency to pander to an imaginary "AOL granny". We often present oversimplified advice, because we expect too little of users. To pick a random example, I think we're too eager to say "use Dropbox" rather than "use Dropbox, but buy yourself a NAS too because X, Y and Z".

I think that there's a substantial latent desire among ordinary users to have more control over their technological lives. People are increasingly worried about the power of big tech companies, but they don't know what to do. We aren't doing a good enough job of informing users; those big companies have an obvious incentive to keep users uninformed. We're not communicating the risks and benefits well enough, we're not providing clear explanations of the alternatives to the Big Five.

In the process of writing this comment, I've had several startup ideas. I hope that the people reading this are having ideas of their own. I think that there are substantial opportunities to start returning control to users.


For a whole variety of reasons, you need know what you're doing to properly host your own email now.

From the risk of domain name takeover, to hosting provider takeover, to modern spam requirements (ip reputation, dkim, spf, dmarc), to just plain sysadmin ability and ideally run an HA system.

Agree that there are probably some startup opportunities, but the the reality is that you'll just be transferring the user's trust from AmaGooFaceSoft to you. You might be more trustworthy... or you might go out of business.

EDIT: To be fair, I'm probably missing a whole bunch of creative solutions that give the user control without requiring them to run a service.


There are a whole spectrum of options between "running a mail server in your basement" and "having to reprint your business cards if your Google account is suspended".

We can make big steps towards trustworthiness and control in SaaS, it's just often orthogonal to profitability. Lock-in is the obvious example. Lots of vendors expend huge efforts to simplify data ingress, but create arbitrary obstacles to data egress. We worry about SaaS providers going bust because we're inured to the idea that getting your data back is really difficult. The interests of the user do not align with the interests of the vendor. Predatory practices are so normal that we've half-forgotten that they're predatory.


Quite a few you're missing indeed.

Many ISPs give out a domain name and email service for free with internet contracts — you can set it to redirect to gmail until you need it, then just switch it over.

Tada, problem solved.


Until your ISP closes your account for whatever reason.


That’s why you use a trustworthy ISP.

My current ISP, for example, is actually a local company providing datacenter colocation and consulting services to the state’s government and local and national companies, but they also run a small ISP as side business.


>they also run a small ISP as side business

Which means their small ISP business is something they wouldn't mind so much getting rid of, along with your account.

The point is, you'll always depend on someone else. Your data will always flow through someone else's network. The cloud is someone's computer, and the internet is someone's cable.


You always have to rely on someone, but you can structure your affairs so that you're only temporarily reliant on them to provide service today, not to provide service indefinitely.

If your email address is "me@gmail.com", you're stuck with Google. If they suspend your account, you're in big trouble. If your email address is "me@myname.com", you're a free agent. You can use Gmail or Fastmail or some random hosting company or a mailserver on a Raspberry Pi. You can use DNS or forwarding to send your mail wherever you like, you can transfer your domain name to any registrar you like. Rule zero.

If all your files are in Google Drive or Dropbox and nowhere else, suspension of your account could mean total data loss. If you have a local backup on a NAS or a mirror on Glacier or Backblaze, you're just mildly inconvenienced. Rule two.

Eliminate single points of failure wherever possible. Avoid vendor lock-in. Don't rely on a service unless you have a contingency plan if that service fails. Treat everything as if it were hopelessly unreliable.


I think someone who figures out an easy way to do it will get some nice money coming in :)

Technology is already there, just need an easy way to order a domain and a server configured to use that domain. You control 100% of the data.


This is the opposite advice I've heard after reading about scenarios like this:

https://news.ycombinator.com/item?id=7141532


The fault in that case lies entirely with GoDaddy's poor security. Use a competent registrar, preferably one that supports 2FA with a hardware token.

https://konklone.com/post/protect-your-domain-name-with-two-...


And do you ever control an URL? No, you don't. So the only way to satisfy Rule Zero is by never engaging in any URL-related activity.


>And do you ever control an URL? No, you don't.

Well, yes. If I own a domain name, I can point that domain at any resource I choose. I might be technically "renting" the name from a registry via a registrar, but for all practical purposes I'm in control of it.


Until a government, registry or large ISP decides to take that control from you, which can happen nearly instantly. Or someone uses social engineering to take the domain from you: https://en.wikipedia.org/wiki/Sex.com


> Rule Zero: Never rely on a URL that you don't control. Use your own domain name for your e-mail addresses. Use your own domain name for canonical links to content. If you control the URLs, you do not depend on any one provider.

You do not own your domain name. It's better than using google.com, but your domain name can be stolen or seized just as well.


Domains can be stolen or seized, but somehow the internet still manages to function. If you're not doing anything silly or shady, domain names are extremely durable. They're certainly more durable than an e-mail address or a subdomain on someone else's domain, more durable than a phone number or a street address. If you can choose only one identifier by which people can contact you, there is no better choice than a domain name under your own control.


Your definition of "silly" or "shady" might not be congruent with every other person's. com domains have been seized for a variety of reasons. However, them being stolen is much more likely. As a security-inclined person, the domain registrar is the first thing I would target as an adversary. Very often they don't have 2FA; and once you have access, e-mail follows.

It goes without saying that this is only a small part of a bigger picture; using your own domain name is a good idea, but not a perfect solution.


Not to mention they are stealing not only your e-mail data but your entire digital identity. Now they can reset the password of all your accounts, send e-mails in your behalf, buy things in your name.

I just don't trust DNS, domain registrars and all the things I would need to secure to have a custom domain e-mail.


Can you access Nearline (Google Cloud product) when your google account is suspended?


I was referring to nearline in the generic sense; I was unaware that Google had a product with that (rather confusing) name.


Does anyone provide a service to set this scheme up easily? I'd pay $$$ if all of my 'cloud' content and accounts could be migrated to something like this. I just don't have the time to set it up or manage it.


This is a big wake up call for me.

I have everything in google: Drive, email, voice, docs, sheets, etc. I was actually about to sign up for Fi. The convenience of everything in one place is great. But I don't think I had quite thought through a disaster like this.

With this article in mind, need to reevaluate. I guess either regular local backups and/or diversification of service providers would be a good step.


1. Have your own domain name. You can change provider from Z to Y at the flash a DNS record gets updated. Email is designed as a federated service, but to be so your email _address_ needs to be too.

2. For files, use a cloud solution and have 2-3 computers updating their local copy (home PC, work PC, phone, small Pi box acting as server). I have a Digital Ocean box running ownCloud, soon to change to nextCloud. Put your code or next essay on Git.

3. Don't trust any service provider, especially if they're not dependent on explicit income. You can still have everything in one place, but that place is many places at the same time.

4. Don't store what you don't need to. Complication and confusion also comes from hording. Don't need it? Delete it, and be assured it is completely deleted.


Don't forget about the guy whose twitter account was stolen because a hacker got access to his email _because_ the weak link was a custom domain and poor security at Godaddy. The domain was hacked, giving the attacker full access to email, and therefore ability to change passwords, transfer ownership of a prized twitter account and more. It has been discussed here quite a bit. The folks that answer phones at domain registrars don't usually have adequate training and social engineering is common.


Then don't trust a registrar.

Get a domain directly through a NIC that offers that directly.


Can you recommend one? I've never heard of this.


Many NIC's support this but they aren't really setup to handle individuals (they prefer resellers do that) expect to pay a lot more for the privilege. You can usually find the Registrar by just going to nic.tld (e.g. http://nic.io/)


Your email is always the keys to the kingdom, but I trust Gandi a lot more than I trust Google.

GoDaddy is probably the worst choice someone could make. 2FA is mandatory for email and domains.


Point one here is the BIGGEST. If you do nothing else, own your domain name, and forward mail to a service provider of your choice. In my case, I made my new email address forward to Gmail, and then started changing everything over to use my new address. Then, when I moved providers to FastMail, all I really had to do was re-point my domain name.

Even if for some reason I lost my FastMail (pretty unlikely), I'd just repoint my domain to a new mail service, and I could easily recover all my other accounts. And of course, my email archive is backed up locally, so there's no risk of losing that.


> If you do nothing else, own your domain name, and forward mail to a service provider of your choice.

Even this may not be sufficient. I had a domain name registered through my ISP (UKFSN). At some point I had a disagreement about payment with my ISP, who refused to discuss it. Instead of replying to my messages, they disabled all my domain records and my emails started bouncing. I think this was illegal (and eventually I forced an apology and compensation out of them - long story). Anyway, I would recommend only having a domain name registered through a dedicated registrar who you are not using for any other services.


This is good advice too. I actually have my domain name and web hosting through different companies, particularly for this reason, if I have service issues or something with my web host, I wanna make sure I can switch web hosts or threaten them with the wrath of God or something, without worrying about my domains.


I foresee a slight chicken and egg problem here. Registering a domain requires an email address, so it seems that I would need a third-party email address anyway.


Bootstrap and go from there.


Next cloud looks good, cheers


> ownCloud, soon to change to nextCloud

Why the switch? A quick look at both hasn't resulted in a clear winner in my mind.


The founder and most of the development community has moved to NextCloud. ownCloud is mostly the old corporate people maintaining status quo, from what I understand.


I think not using anything Google is probably the wisest move as they have made it very clear on numerous occasions that they simply do not care about customer service.

The problem is, they're so damn convenient.


> The problem is, they're so damn convenient.

And this is the crux of the problem. "Oh, that'll never happen to me" until it does. I've been asked several times, "why do you go to the trouble of [hosting your own e-mail | not having the same mobile # on SMS as on Hangouts | using ownCloud instead of Google Drive | and other greatest hits]". Stories like this are why. They're not at all uncommon, they're a disaster for the people affected, and they're clearly not a wake up call for Google to get any better about their free-to-the-end-user services, so I've no motivation to change my practices.


I've got a domain name and an E-mail address on it that forwards to my gmail account, but I find out of laziness I usually end up directly specifying my @gmail.com account when signing up for online services. It might be time to slowly start switching over to using my personal account, so, in case I'm ever banished from gmail it's simply a matter of pointing my forwarder to a different E-mail provider.

Sooooo many accounts to switch over though, probably will take a few days...


When you update email addresses, I'd strongly recommend having a catchall and then theirdomain@yourdomain.com. Makes it easy to see where spam comes from, and more easily delete it.


As someone who has done this, including project fi, I maintain my own backups on a personal server at home and another one on a VPS.

Owncloud / nextcloud provide automatic syncing of photos if need be. I sync up all my important documents but as of now I don't see the point of backing up my emails. The last missing piece is syncing my contacts which is also possible in my current setup.

With that said, I am still going to use Google services because of their convenience. I just like knowing that the data I care about is safe.


Especially so, with the rising gig economy. To more and more people, their digital assets and how and when they access them are how they make money.


devil's advocate(or in this case, google's i guess), unless you do something shady prohibited by google's TOS(which i recommend you read and understand if you value your data), google is pretty good about everything. even when they shutter services they give you plenty of advance warning and have options to takeout backups of data easily always remember google offers all of these services for free and you're still getting more value than you paid for


> even when they shutter services they give you plenty of advance warning

The original article is about how this is absolutely false in the case discussed.


Parent was probably referring to closing down entire products (e.g. Google Reader).


Ah yes, that makes more sense. Thanks.

More

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: