First post, might as well be a cautionary tale. My father, a pretty old programmer by anyone's standards, regularly warns me of this sort of thing. He was pretty much shafted by CompuServe many years ago on a miniscule scale compared to what is possible now. He lives his life in what I previously described as a paranoid bubble of data control.
Until I inevitably burned myself with Google. I have no idea what happened but my account was terminated suddenly. No warning and no explanation as my backup address was no longer valid. This was two years ago. I lost documents, account details, contacts, calendars, email history, conversations between people on hangouts plus my phone decided to ask me to sign in again and became as useless as a dumbphone instantly.
Took about a month to reorganise my life and I lost contact with people, failed to complete tasks because my record was gone, lost control over my personal finances which were in Google sheets. Probably burned a week of my life on this as well.
Now using a cheap Nokia 106, POP3 box with gandi.net, mozilla Firefox and lightning, encrypted USB sticks for backup and LibreOffice. Never been happier.
I am genuinely afraid of going through this again. Everything remains portable between OS and provider now. Things are more volatile than we realise. I understand my father now.
I'm not against using all in services like Google but you need backups, an exit plan and a DR strategy explaining where all the services will go plus the time to carry it out. If you don't have these or it's too expensive to do this even for a personal user, don't even cross the starting line with the product.
Edit: Also beware of potential mergers, political whim and products being redacted or broken for long periods of time. All of these have affected me over the years.
The way Google made us used to transform an email box as a storage and backup place is terrifying. Sending 2Mo attachments become a norm[1] and lots of people consider having their life stored there.
It just seem not sustainable. If you would do this with paper in the past, your place would just be full of junk. Our cloud life is an horrific stack of garbage. We just don't need most of the things we store, keeping everything as proof of evidences for a potential event that will surely never happen, as if we were all super important targets of an improbable crime scene.
I hate this ideology. Thinking about getting out of it is perfectly sane.
[1] Yes I know storage is cheap, but then forget about ecology and climate change control, I have no proof of this but can't believe that all the Google servers of the world don't have an impact, even if it seems quite clean
> transform an email box as a storage and backup place ... and lots of people consider having their life stored there.
That might be viable if Google had kept its promise about users never having to delete their emails. As it is, the total capacity (shared with Gdrive) is 15GB, which wouldn't be much of a life.
I was one of the first Gmail users outside Google and got to 14.99GB some time ago, just with email. And I delete loads of it.
But I don't worry too much about losing Gmail. First, all incoming email is forwarded to an Outlook.com mailbox (which never complains about lack of space). Second, I use my own domain name. As long as I never forget to renew that, I should be OK....
> keeping everything as proof of evidences for a potential event that will surely never happen, as if we were all super important targets of an improbable crime scene.
Great point, and I see a chilling effect in your file storages being used to determine your "character" should you be involved in a lawsuit of some kind.
As an innocuous example, perhaps due to my being a millennial, I save thousands of memes on my phone that I find funny and share them with friends on a daily basis.
I would be shocked to hear if myself, or someone I'm friends with, was deemed a "horrible person" by the courts because some Shutterstock images with overlaid text have some dark humor attached.
> [1] Yes I know storage is cheap, but then forget about ecology and climate change control, I have no proof of this but can't believe that all the Google servers of the world don't have an impact, even if it seems quite clean
This is ridiculous reasoning. The best (though imperfect) proxy for the climate impact of a given service is how much it costs. If Google is giving away the service for free, it can't be costing them a lot of energy to run (or alternatively it's producing a lot of value for them).
I don't have a good answer here, but I believe it may be instructive to consider externalities (https://en.wikipedia.org/wiki/Externality). For instance, think carefully about how they may apply here.
I tend to delete lots of things people might keep. I keep my inbox empty as well. Life is easier that way rather than deferring all the storage decisions later.
I'll repeat what I said in my prior comment on this thread: We need a massive class action lawsuit against these companies ASAP.
Google should not be allowed to cut someone off from all products without, at the very least, a reasonable period of time during which data is available in useful export formats, email still functions 100% so one can transition important accounts that use it, etc.
Consumers are getting hurt in a big way by these giants and nobody is doing a thing about it.
While I don't disagree, and I'm not sure if this applies specifically to Google in this case, but as a general trend oftentimes users sign their class action rights away in the EULA by way of an arbitration clause.[0] This, in and of itself, is also IMO a huge abuse of power. But it's perfectly legal and only serves to further entrench the power of the monopolists.
Nobody reads these things. Ergo, nobody agrees to them.
Let's get it in front of a Jury. What do you want to bet that not one person in the Jury has ever read these incredibly one-sided, purposely obscure, usually incredibly long and complex agreements? Nobody. Not the Judge nor the Jury.
Not to get political, this is precisely one of those things that earned Democrats a defeat. Demeaning and diminishing others eventually has consequences. Being completely insensitive to the needs and plight of average folks. To hide behind EULAs crafted by the powerful, for the powerful and damn you little insignificant people is disgusting. To think so little about people and users that it is deemed OK to upend their lives instantly by a mindless, heartless algorithm.
This is the behavior of a mean vindictive totalitarian dictator, not of a business that purports to be guided by Democratic ideals and concepts such as "first do no evil". The hypocrisy is deep and wide.
Getting in front a jury means surviving summary judgment. A good contract is designed to allow any disputes be resolved at the summary judgment stage.
It's been a while since I've looked at the enforceability of clickwrap class-action waivers, but it's either enforceable or not as a matter of law. No factual issues in dispute = no jury required.
I could very easily argue they are fraudulent. The technology has existed for years to ensure that people agree to such important matters as giving up all your rights. Of course they don't want to put that in front of people because they'd have massive push-back. Imagine an interactive EULA being presented to a user clause-by-clause with clear large print and a clause-by-clause agreement button.
I'd be surprised if these things could survive a well mounted legal challenge purely based on common sense. The intention of these companies is to take it all from the user and have exactly zero responsibility and exposure. Way too one-sided for companies that affect hundreds of millions of people, particularly if they claim not to do evil.
If public shaming won't do it maybe government intervention will.
I'm a huge fan of GmVault. I backup all my email accounts with it to a home server that syncs my mailboxes over to Dropbox as well. Pretty painless to setup and very reassuring to know my mail is safe.
I can't speak to that. I've not looked at the output of Google Takeout. Also GmVault (for me at least) is 100% automated so I will at very worst lose 6hrs of email. Google Takeout is a manual process AFAIK.
Going on a tangent, there should probably be a set of universal backup formats that can be advertised as being somewhat portable. So that, if you need to can take your mail and other online business stuff elsewhere if need be. Beyond this article a user might start working for some place that does not allow external app use, but they can bring their data with, to be loaded onto the service. I guess like github and git. but with mail and calendar stuff.
We do have those formats. Mbox for mail, iCalendar for calendars, vCard for contacts. They're all IETF standards.
Google provide data export from nearly all of their services in standard formats. Where no established open standard exists, they provide clean HTML or JSON.
I wouldn't actually call Mbox a standard. Thunderbird supports it, but I'd argue it sucks as a way to escape Gmail, because no competitor to Gmail supports it as an import method. In fact, even Gmail itself can't import from Mbox. It may be a standard in that it's defined somewhere officially, but it's not really a standard in the definition that it's commonly used.
As someone who has nearly completed their GExit, I'd say I found Takeout to be borderline useless as an export strategy.
On the one hand, there are many mbox variations and you may encounter some difficulty in getting your emails out of the Takeout mbox file.
On the other hand, please understand that there is no better option. Said differently: Google Takeout has made the BEST choice here. I giggled with delight when I saw they chose mbox.
And it's pretty easy. I have a few accounts on Thunderbird and I can drag and drop e-mail directly from one account to another, I think they are .eml files. You can also have local accounts just for storage.
For Email with IMAP, you have the wonderful offlineimap tool[0], I have been using it for years, you can easily perform a maildir format[1] backups of all your email accounts.
I have been taking a Thunderbird local dump of all my Google mail for years as a backup (Thunderbird's mbox format is readable everywhere) so I can clear my Google account regularly, yet have a backup.
No idea what I'll do when Thunderbird eventually goes away - what is the replacement with identical functionality on macOS? I only want to grab mail and append to my existing mbox files.
Not sure if Postbox on the Mac will meet your needs or not but it's based on Thunderbird and done by a company founded by Thunderbird's lead engineer. It's a paid product, but well worth it...I use it as my main email app.
Thanks for the link, I will take a look. Do you happen to know what its mailbox format is underneath? That's the main crux issue for me. It would have to be a format I could migrate easily like mbox.
eg. my Outlook PSTs and OSTs are useless to me as I have nothing that will open them.
Agree - Maildir is a pretty good format, because it's just RFC822 (5322 these days, but who's counting) files with weird filenames. mbox format isn't too bad either.
Calendar data you can mainly download as .ics files. Addressbook data is somewhat trickier, a directory full of VCARDs is probably the gold standard.
mbox format is horrible, because if the irreversible "From" quoting it requires. And as an "editable" format (e.g. If you want to delete an email in the middle of it), it is perhaps the least robust possible.
Maildir is ok. Mbox couldn't be retired early enough.
Legally, you're at the mercy of the provider to supply these. Most third-party applications that would provide effective backup solutions could be construed as illegal under the CFAA, as long as the ToS includes boilerplate forbidding automated or proxy access (and almost all do). Even without such a ToS, courts can and have held that merely visiting a page can constitute a copyright infringement based on the momentary copy stored in RAM being unauthorized, and specific notification that the company no longer wants you contacting their servers would also cause any future access to violate the CFAA, more or less regardless of the text of the ToS.
There was a company called Power Ventures. They made it easy to export your Facebook data. They never stored anything the user didn't have a copyright interest in (that is, they only stored the user's own data, like their profile pictures and status updates). Nevertheless, Facebook took them to court and shut them down. The company had trouble retaining a lawyer after the shutdown (and companies must be represented by a member of the bar -- pro se is not allowed) and ultimately, the founder was held personally liable for $3 million in damages.
That's what happens if you look like even a remote threat to a major technology incumbent.
With e-mail, as long as you have IMAP support you can relatively easily download all your mails and upload them to another server. Just takes a while if you aren't good at cleaning out old stuff. There even are companies offering that as a service if you don't have a fast internet connection, only a mobile device or ...
Or you can use imapsync; make sure you get the latest version from github as the version that ships with most Linux distros is really old. As it is written in Perl you can run it on Linux, Mac, and Windows. It handles one way sync in either direction and two-way sync. It copies all the flags and whether emails are marked read etc.
I think the legal theory behind this would be that you have agreed that Google can terminate your account for any reason.
Furthermore, they're not preventing you from reselling your phone at all - just deleting your account. Not "deleting your account if you do resell it" just deleting your account. First sale simply means they can't sue or get you arrested. They can do anything else with you, and refusing to do any further business with you certainly falls within that scope.
Without additional laws there's nothing to do here.
TLDR: never use your main Google, or Facebook, account for anything, not even buying a Google made phone, or buying Facebook ads for your own company, just never ever do that, so that at the very least, the pain is spread. They are businesses, and you do not want to give them a trivial way to retaliate or use this in a negotiation.
>never use your main Google, or Facebook, account for anything, not even buying a Google made phone, or buying Facebook ads for your own company, just never ever do that, so that at the very least, the pain is spread.
Be easy :) . I have 6 facebook accs for 5 of which I forgot passwords, 4 google accs out of which 3 got permalocked because sms confirmations simply never go through to half of Russian numbers, and I think 5 Paypal accounts all of which got blocked because "hey, you are the guy whom we blocked last year! you dared to register again? unforgivable!"
Yes, don't keep things online, you will be better off
>I think the legal theory behind this would be that you have agreed that Google can terminate your account for any reason. //
Just because they claim it doesn't mean it's legal nor moral.
We, as you intimate, probably need legislation to protect the data of users, requiring companies to take due care of it and requiring they provide access to users leaving a service, etc..
Moreover I think work needs to be done on enabling products, including software, when a seller/manufacturer withdraws support. Phones could be required to have systems that enable interoperability across service providers. Games could be required to publish servers and/or protocols allowing them to be used when companies EOL them.
Yup, this is what i'm trying to avoid by backing up my life. The data storage mechanism is my hardest point.. I like Camlistore, but really i'd love something that is accessible from anywhere.
Eg, a distributed access system like IPFS, but for personal use only(closed network, as best possible) would be ideal. Including distributed though, it needs versioning like Camlistore.
Ultimately i'll just go with Camlistore and likely build tools around the access UX. It's the best i've found, without rewriting it myself (too much work for too little gain atm, imo)
I really like the idea of Camlistore. But I really want something my family could actually handle if the worst came to the worst and that just happens to be bitlocker encrypted NTFS. Plug the stick in, plonk in a password and you have all my things.
What would prevent Camlistore from the same model? I guess if you're gone, the server might not be running properly, and they wouldn't know how to start it and etc. Ya?
That's fair. I wonder if it would be worth it to write some type of camlistore extraction tool. Eg, plug in a USB, autoruns a script which mounts a blob store as a fuse FS.
Hell, the blob store could be packed with the USB.. a sort of way to backup Camlistore that your family can always access. I actually like that idea. Fuse may not be a good access model (it's tied to unix of course), but maybe just a couple binaries that will auto run and display the stored camlistore blobstore.
Sounds like a nifty project and nifty way to backup camlistore for family/non-tech oriented. No servers needed, no understanding of the tech you use. As fool-proof as you can make it.
I mean, the data is still there, fwiw. I'm not sure how generic bitlocker is, but i imagine i have to have a tool specifically tailored to decrypt the bitlocker data.
With Camlistore it's one level extracted. You'd need a tool to decrypt and scoop up all the chunks for a given file - but you could write that in Bash. The Camlistores blob store doesn't do anything fancy (that i recall! i could be wrong), it's just a bunch of json documents with the file contents in them.
Though, Googling it now, it looks like BitLocker comes with Windows, so i can see why you like that. Your family doesn't need any tool, it's built into Windows. Not sure how that works with OSX though.
> What if the ABI breaks, the CPU architecture changes
Totally valid - but i could throw what ifs all day long. What if your family isn't on Windows? Here[1] is what i got for OSX (no idea if it's accurate).
Though this does raise a good point - while a binary is nice for dependency free solutions, having non-bin solutions might be nice too. Eg, a Pyhton solution included is likely to work on all operating systems. The user has to of course install Python, which is bad. A platform specific solution (bash or dos) might be handy too.
Binarys only would indeed be potentially bad, you are correct, thank you!
> or the project gives up at some point in the future?
Well in my proposal, the project is irrelevant. The exporter is already made. As long as the user can run one of the compiled binaries they could access/export it fully (in the concept, of course)
Bitlocker is quite specific but tailored to where everything already is. None of my children or my wife are OSX fans. I can't find a better cross platform solution if I'm honest - if there was one I'd be there. TrueCrypt was used before I used bitlocker and we know where that ended. Bitlocker works on OSX pretty well with this: http://www.m3datarecovery.com/mac-bitlocker/
Will mull over your ideas; there are definitely things to be gained and there's always tradeoffs that need to be considered.
To be clear, i don't think my ideas are better - this is merely a discussion.
I do like Camlistore's approach to generic data storage though - ie, there is no organizing files/etc. Of course you can always go back and add metadata, but i treat it like a database dump - which is quite nice.
I think what i need is to find the simplest solution to export/expose the data within camlistore. Then i can encrypt like you are, and be sure that family can get data back out. Hmm, much to think on.
That is why I stick to OSS like Linux, Thunderbird, nextcloud, etc. as much as possible. I got locked into a closed source platform once and it was a pain to get out of it. I will never let it happen again.
This is usually a difficult problem. Then I divided everything I have data-wise into two buckets: stuff I can't afford to lose, stuff I can. It's now simple. Also I mandate that 'everything is a file'.
Turns out the former is only around 22Gb of mainly code, documents, videos and photos. The latter is 250Gb of music, films etc.
The latter goes on a NAS with a mirror on the laptop.
The important stuff lives on the laptop protected by bitlocker, an encrypted USB stick protected by bitlocker that is on me 24/7, the NAS and another offline unencrypted USB stick that I drop off at my parents' and cycle every six months. All disks are replaced every three years. All USB sticks once a year.
All file transfers are done with Beyond Compare by hand and verified after.
~> A handful of manual steps you need to remember to do.
The only offsite you have is at your parents, and is only "uploaded" every 6 months.
Isn't it just better and easier (at least long term) to just use duplicity (or equivalent) and sync your NAS to any backend (Drive/Onedrive/Dropbox/Hubic/etc)? And then just use your NAS as your "true" storage? Then it'll just run until your configuration changes (NAS switch, service discontinued, etc) at which point you reconfigure it once.
Yes that 6 months window I decided is ok for me. It might not be for you. If my house burns down, my car burns down and I end up in hospital, losing 6 months of data potentially isn't a major issue.
If you make it a conscious scheduled process you know it's working.
I'm a relative expert with duplicity (I run a whole pile of stuff in AWS that uses the S3 back end for backups) and it's not a solution I really entirely trust. First you incur the wrath of configuration i.e. the initial ramp up to get it working, then there's the monitoring overhead which isn't trivial as it isn't the quietest bit of software known to man, and finally we have the complexity perspective which introduces a lot more code, network transport etc.
Plus it is horribly buggy, particularly with incrementals, metadata and corruption. The same is true with Google Drive, OneDrive, Dropbox which I have used.
Edit: comedic timing perhaps, but since I wrote this post I've just got a duplicity failure to deal with...
This is why I went with CrashPlan. Backing stuff up to a friend's computer? Free and only limited by their storage.
or.. put a box at your friends house with as much storage as you want. Back when I had FIOS (and it was fast & reliable) this is what I did. Put a NUC with a friend, had an external drive, we were each others offsite backup location. Quite handy.
Every six months is a very painful potential loss window. There are great sync tools that can work point-to-point over the Internet. The cost of having a NAS at home and a NAS at your parents, and then syncing between them is totally worth it.
Are you seriously less trusting of your own ability to drop a bunch of documents onto a USB drive every week or few than you are of a company which explicitly tells you they can shut off your access with no warning and no recourse for any reason?
Because the likelyhood of Google banning your access is way lower than
* Data corruption
* House fires
* Human error (Cleanup, house moves, random acts of brain farts, and suddenly you can't find your USB stick)
Google's data is presumably replicated across multiple AZs, and they have more automation invested in data integrity.
I am personally/professionally qualified to keep my data extremely safe and distributed. It's one of the things I do at work, at scale. But it's not easy. It is, after all, work. I don't have to worry about that using Google and other online services.
And, in order to mitigate against the extremely unlikely event of Google going haywire and perma-deactiviating my account, I run takeouts twice a month. These large data dumps don't need to be heavily redundant, since it's exceedingly unlikely I'll need them at all.
Granted, going from a takeout backup back to 80% functionality would be a ton of work, but I'd lose very little, and I could indeed become functional again in relatively short order.
I wonder if people who decide to ditch most things Google/cloud for no other reason than concern about the risk of said cloud providers terminating their access have truly considered the risk/reward. Bad news, like specific cases of 'unjust/surprising' account termination percolates up to wide visibility quickly and easily, and stays with the people who read such things a long time. The hundreds of millions of accounts that have no such problems escape our attention.
I don't know the odds of my Google account getting terminated, but I'm pretty certain that it's in the same magnitude as the number of people winning the lottery per year.
Having said that, there are a lot of other good reasons to think about ditching cloud providers.
I have a home server, which is then mirrored to a rented server. Anything critical and entirely irreplaceable goes onto blu-ray disks, because I can't accidentally delete those; though those are kept at home as well, which is not ideal.
So: 2 backups, from which one is off-site and archives, just in case - this should keep you going for a while with self storage.
I'm aware of that too well; blu-ray, however, is slightly better than the predecessors: even the current, non-archival grade single layer Panasonics should - according to some accelerated tests - last 5-10 years. Now, looking at the current ideas from Sony[1], within 8-10 years every data I ever had will need 1 disk, so I'm not worried.
Blu-ray? Really? Sure, they may last, but, will you have a blu-ray reader?
I've worked in IT for over ten years, and have not once, once seen a blu ray in person, or ever handled a machine capable of reading one. It'd be incredible afraid to have my backups in something that requires some expensive exotic device to be written/read.
I've settled on having a NAS at home that backs up my most important stuff onto Amazon S3. I also have a lot of stuff with a paid dropbox account, that of course has local copies on my desktop and laptop. I'm looking into using Fastmail vs having my custom domain with an old grandfatherhed in google apps for your domain account.
I'm myself using a non-profit email redirection service as my main e-mail address. They do not provide an email box, just the redirect, so they can keep the service lean with a very modest one-time fee for new members.
This allows me to change the actual e-mail provider when needed. I already moved (successfully) away from Gmail, and I'm currently considering moving again as the spam protection of my current paid-for email service isn't that great.
I think the redirection service is ingenious. Sadly it isn't available worldwide, so I won't advertise it here, but I'm sure there are others like that.
Sent via the email provider, but I'm using clients that can set a custom "From" and/or "Reply-To" header fields, containing of course the redirecting address.
To be frank I haven't even thought to consider DKIM, so I guess it's fair to say it hasn't been a problem. This is a private e-mail address with quite low number of outgoing e-mails, so hard to say how universal my experience on this is.
I have a DigitalOcean droplet running Postfix, which provides edge security and a private IP, but no storage. All my mail is routed through this droplet across a VPN to my home Exchange server. Exchange backups are encrypted and stored on Amazon Cloud Drive. Yes, there's a reliance on cloud services for backup storage, but the only time I'd need the offsite backup is if my home servers both became unavailable for some reason. I'm happy with taking the chance that, if that happens, it won't happen at the same time as Amazon closing my Cloud Drive account.
I admit though, this is probably over the top for most people. I do it because email is my job, so it's useful to have my own servers for testing stuff.
The parent poster is correct and it's a good assertion. I'm doing the same thing, even though I'm using Windows as a base operating system, primarily for convenience at this point in time.
Email is very portable if you keep it in a place you control. You're pretty much just paying for a collection and caching service if you use POP3/IMAP and store your important folders locally. That is portable in a couple of hours between hundreds or thousands of different companies who operate standard protocols.
And then there's the possibility of running your own MX with postfix/dovecot etc if you really want.
thanks for posting this cautionary tale. I am completely dependent on Google today so if that happened i'd be F'd. Will look into exporting all my emails this weekend.
But why was Google unable to re-instate you? Was it because you had no way to prove your identity to them? Were you able to reach anyone?
Contacting Google support, unless you're an Apps customer which I wasn't, is a complete waste of time. Unless you can, to quote a colleague, piss through the eye of a needle, when it comes to the security questions and details then you can't even get over the first hurdle.
It would be great if someone put together a guide on how to migrate from a closed source systems (e.g. gmail, google drive, dropbox, etc) to open source systems. One with detailed, but easy to follow, instructions.
Ultimately information in the cloud, or anywhere is not backed up if it only exists in one place. Backing it up for one's self is essential.
This leaves most people in two categories: those who haven't (yet) had a catastrophic, unrecoverable data loss, and those who have. Leaving it to others, or all your eggs with just one service is an invitation to the first group. What I can say is it's almost certain something unimaginable will happen, be it a data center, service shutting down, or something getting corrupted.
I want to echo my experience of losing 16 years of email with Hotmail over at Microsoft due to the wind blowing arbitrarily in a different direction for a few months. I had my MSN messenger log in automatically to keep my account active on Hotmail, a criteria which was quietly ended. Unforgivable for me. Had some of it backed up luckily in real email clients but lost some critical emails and photos with a friend who passed away.
People who either haven't generated enough of a digital footprint and lost it are going to be in for an inevitable surprise with the online services that they take for granted as being ubiquitous. While the cloud is awesome, it is still quite in it's infancy.
Questions: how did you get lightning assuming you're talking about the browser for Android which does indeed not require Google integration, on a Nokia 106?
I'm talking about Lightning as in the Mozilla calendar. I don't use a smartphone any more.
Google takeout isn't or at least wasn't comprehensive at the time. There are other lock in items. Also it takes time and effort moving it somewhere else still, isn't instantly useable etc unless you can read vCards and iCal feeds..
I want to do the same but I don't know of anything that has Google-Level replacement for Drive/Docs/Sheets/Calendar. I really want one thought.
If I can get Email, Document Storage (Docs, Spreadsheets, PowerPoints, Calendars) I'd move to a personal in-home solution ASAP. If it could integrate with Android via F-Droid apps I'd be even happier.
The lesson you should have learnt here is to keep backups. I'm amazed at how people store all their stuff on a single company's servers, and keep no backup at all (either locally, or at some other company).
This is not just about backups; this is the reason why I keep my mail on my own domain. ( It could by my own domain on gmail; it's not, but that a slightly different story )
This way I can move it to another company, alter DNS, do whatever I want with it to fix an issue.
When you're relying on a company you cannot circumvent in a situation like this (xyz@gmail.com as primary address), you might end up not being able to use your primary account, which might effect your business.
EDIT: I'm not going to address the problems with the DNS system itself, which is similarly flawed - you are only leasing a domain, not owning it, and the company maintaining it has the power over it. In theory, this could have been addressed with .onion IDs, but those are impossible to remember and with namecoin's .bit, bit this is not supported by enough real life DNS systems, so there is no alternative to that (yet).
This really seems like it needs to be regulated in law. For telephone companies, there are rules about when they may disconnect you, e.g. the Arizona Utilities Division write
> f I am unable to pay my entire bill, what can I do to maintain local dial tone?
> The Arizona Administrative Code specifically states that a telephone company may not disconnect a customer for failure to pay an unregulated portion of their bill. To maintain local service, you must pay for the regulated (landline) charges on your telephone bill while you work to resolve problems with the other portion of your bill. If you fail to pay the unregulated charges on your bill, those services may be subject to disconnection and a deposit to reestablish. (R14-2-509)
> How much notice does a telephone company have to give before disconnecting service?
> A telephone company is required to give 5 days advance written notice before disconnecting service. (R14-5-509 Section E)
In this case, Google killed people's email without any prior warning, and in retaliation for an unrelated business transaction (selling smartphones). Having your email disrupted like that is at least as bad as getting your phone cut off.
Fastmail. I'm just a regular (paying) customer, not a business or anything. I've opened a small number of tickets, one or two of the RTFM variety. I've always got a human response and satisfaction, even a "here, let me RTFM that for you."
I can't imagine being locked out of my fastmail account for anything other than abuse of my fastmail account. Or not paying my bill.
We also stalk you on... I mean, we read the same tech news sites you do.
(I'm on third line ticket duty right now, so if you have something significantly more complex than RTFM, or an actual bug, you'll probably be talking to me this week)
The most common cause of getting locked out other than you abusing your fastmail account is having your credentials stolen and used for spam/fraud, which is why we recommend 2 factor authentication:
Awesome - I moved across to fastmail a couple of days ago. I've been using a custom domain for email for awhile (josephg.com), merged with a gmail account. I'm very happy I set that up because moving to fastmail was a cinch - there's no forwarding to do, just a few DNS records to reconfigure. And with a custom domain I'll have that email address for life, no matter what happens to fastmail.
My gmail account (josephg@) gets a tremendous amount of email for other people. Earlier this year I was getting a lot of marketing trash from a particularly excited group of car dealerships in Illinois. Around the same time youtube suspiciously started advertising new cars to me. Its all way too creepy, and reading articles like this about people's gmail accounts getting locked out I'm very happy to reinforce my digital independence from google.
The only thing that has put me off Fastmail very recently, and indeed I moved to another provider (Runbox), is the loss of their Family plans.
Requiring three accounts now for instance would cost $150 a year minimum for the size I would have needed and unfortunately because I needed to rearrange my old grandfathered plan to re-organise accounts I'd have lost my previous plan.
Basically, Fastmail is good (very good), and you can still do admin type stuff by creating your master account first and creating your 'users' under it, but do look around if you are price conscious.
NOTE - I know you can't please everyone and that doesn't detract from the fact Fastmail was extremely stable, fast and had excellent customer support so don't take this as a 'Fastmail is bad' type post, because it isn't. Just look around and make sure you're getting the rid price/value for your needs.
Damn. I was going to move to them at the end of this year when my VM (where I currently run my mail) is up for renewal. But if I now need to buy several Standard plans instead, and get several gigabytes of storage I don't need, then that's less appealing.
Runbox looks good. Any other suggested alternatives?
Zoho is actually very good too but they (like Gmail) enforce IMAP connection limits, so it you have a lot of folders etc or use mobile clients like K9 that open a connection per folder then you can get errors very regularly.
The above is true for Zoho on the free plans anyway, but it may be different for the paid ones. But the free ones have pretty much all you could need if you don't run into the high number of IMAP connections issues.
If you have enough accounts to make it worthwhile I think Rackspace is supposed to be very good, but last I looked you needed a minimum of 5 accounts (I only had 4) so it didn't work out:
> My gmail account (josephg@) gets a tremendous amount of email for other people.
Same with my josephb@. It's amazing how many companies start sending personal identifiable information to a random email address without validating it.
Doctors, real estate, universities, banks and the list goes on.
Previously I've been hesitant to disuse Gmail, but now I'm 100% confident to actually transition to Fastmail. And I'll take Fastmail in consideration for my company usage too (we're a smb).
I also transitioned from gmail to fastmail a few months back and am very happy so far. Haven't had any issues and moving over was less stressful than I had imagined.
I've been w/ you guys since there was a 'bounce' function (miss that, btw). Used to use 2FA w/ a Yubikey, but stopped for some reason that made sense at the time, though I don't recall what happened, was so long ago.
What keeps me from enabling 2FA again, is that there's always some kind of "I lost my 2FA device" function which essentially allows it to be bypassed. So whoever's determined enough could find answers to secret questions or whatever to gain unauthorized access. If it were possible to disable this attack vector I'd get another Yubikey & try again- if...
...The other thing that prevents me from going this route, which is: The fact that it's impossible to implement an additional Yubikey functioning as a "clone" of the one used to secure the account. I can't say I've never lost my (physical) keys. But when I do I just grab my backup copies, make new backup copies, & all is well. No can do with a Yubikey.
Isn't making "impossibly" hard security questions and storing them where you would store your secondary yubikey basically the same thing? Or can't you pick your own security questions?
Nice. :) Reading this in the context of this thread made me setup my own trial account, with a new domain name. As soon as those MX records propagate, I'll be good to test it for a while.
Wish you had a dark theme, that'd be my only feedback for now (Stylish also works). Appears to be very fast, but of course, my account is 100% empty.
ime: it stays very fast, even with 1.5k emails in inbox, ~30k emails / 2.5G total in various folders.
Also, changes propagate faster even than gmail. If you have your inbox open on 2 computers and move an email out of your inbox on one of them, you'll see it replicated in near real time on the second computer. I don't know how they do it, but it works really well.
Interesting, thanks for that. I'm up and running on my own domain after waiting for the domain name server to transfer from Bluehost where I registered the domain. I did start out doing manual configuration until deciding I might as well use Fastmail's; their DNS config page is rather nicely laid out.
Was very easy in the end, but must admit I had forgotten just about everything I once learned about DNS. As such it was nice to get a little refresher.
EDIT: I would probably have gone for Google Apps / G Suite if not for this article. So, yeah, hope it served Google well to freeze those accounts with no warning.
I started switching to fastmail due to their economical family plan but then they changed plan structures to where that is no longer available and the new plans were all a lot more expensive for a family. I was grandfathered in (I signed up just before the change), but won't start using a service on a deprecated plan. It was to bad because it seemed very good for the week or so I played with it.
Will Fastmail have CDN? I'm currently in Vietnam and latency to Fastmail isn't good (250ms RTT), as I connect to server that's located in US. While my home's internet service might be worse, so I hope Fastmail servers are closer.
We tried using CDN for static files (interface javascript and such) for a while, but we found that it didn't really give much benefit. The faster connect times got eaten up in the second SSL negotiation required for a different hostname. And it meant fun and games with content security policies or giving a third party SSL certificates that were inside our domain, so it was a wash. We decided the benefits didn't add value.
And yeah, our core dev team is in .AU, so we know all about the latency. It's really not a big deal once you sync up the first time - all the static artifacts are cached and the dynamic data is loaded in the background, often before you need it.
At a techinical level it means we take a copy of each incoming and outgoing (assuming you send via our web interface or via our SMTP servers) email and dump them into a separate folder in a separate account on our server which your admin accounts get a READ-ONLY ACL to, so you can see the messages, but can't remove them or modify them.
Unlimited is a bit buzzwordy, because we do have sending and receiving rate limits, so you can't grow the archive user faster than that.
Also if you go over about 850Gb of data right now you will make me very sad because I don't have facilities for splitting users yet, and we segment users across 1Tb partitions. I'm hoping nobody hits that point before I've got sharding inside users working - but worst case I spin up new hardware with larger individual partitions and put the user there :)
That's awesome. I've just gone through setting up my domain account and it was a slick experience. Neat 2FA authentication etc. Proud to see you're Melbourne based as myself, too.
PS. I hope no-one reads your post now and takes it as "challenge accepted". :-)
SMS is not very secure, there have been quite a few stories of people losing digital access due to an attacker just calling Verizon and taking over their phone account.
That's in the US. In other countries things may be more secure. In Russia I barely can make any changes by phone because they verify so much info. Forwarding will certainly require an in-person visit to the carrier office.
So I guess it's better to leave the choice to the user, with an appropriate warning text.
There's the other side of it, which is that SMS delivery is awfully unreliable in many places, and it's a frustrating experience for everyone. We can fire off the SMS, but if it fails to reach you it's an expensive and time consuming support headache for us, and a shitty experience for you.
A Yubikey costs less than a year's FastMail service.
So no, we're not leaving this choice to the customer sorry, SMS sucks for too many reasons to consider adding back.
I might have to switch at some point. It is stories like these that are freaking me out. Were there any instances of them being DoS-ed or you not getting emails from others?
I would also be afraid one day if Google sees people fleeing to them, they'd come in and buy them. I'd almost whish there was a public trust or non-profit who would run an email server. Post office is a government service (for better or for worse), email is a bit like what regular mail was 100 years ago.
ime: their spam detection is definitely inferior to gmail; I've had 2-5 false negatives per month (spam not detected) and a handful of false positives over 3+ years. Plus a payment notice from my student loan that fastmail absolutely positively refuses to believe is not spam not matter how many times I so mark it.
I've had zero deliverability issues.
edit: to be clear, the spam detection works well, and if you're going to make an error, it's far less annoying to bias (as they do) towards a few spam showing up in your inbox rather than actual messages getting lost in spam. Also, they show the spam score, and you can hand adjust your spam threshold if you want.
"a payment notice from my student loan that fastmail absolutely positively refuses to believe is not spam"
That's because it's not spam. I'm pretty sure there's a blog post coming soon about the difference between spam and "email I don't want to receive". If you just don't want to hear from a particular email address, the way to stop it is to put an explicit discard rule for that address in your Rules screen.
Likely changes for next year include making a much easier UI option for "don't show me email from this address again", because that's a fairly common request for situations like this where you have a vexatious sender. I suspect it will be implemented as an addressbook group - the anti-whitelist!
The student loan confirmation is sent to spam every month. I mark it as not spam.
In their defense, the message is full of all caps words that look like a sentence formatted from a sql query with little attention paid to formatting plus it has all sorts of spam words (bank, payment confirmation, loan, etc).
I get tons of false positives in Gmail. Mostly from mailing lists where I guess someone else reported it as spam because they were too lazy to unsubscribe, but also some others. But it means that I regularly have to dig through all of the Russian camgirl requests to make sure nothing important is there.
Yeah, fastmail has some issues (see below), but they offer human tech support that ime knew what they were doing, even at the $40/year price point. And they seem to have slightly raised prices while I've been a customer, but automatically grandfathered me into the previous deal. Which is kind of them / a stand up thing to do.
Issues: they've fixed many of them -- in particular, charging for 2fa at $0.1/sms and the settings area in the web client used to feel like a bad programmer's first js project ever -- but mostly it comes down to, across almost all experiences, they're slightly to mildly inferior to gmail. Google's apps are just best of breed. Fastmail is the best non-google I've found, and I looked pretty hard a couple years ago.
Things I miss from gmail are things like: fastmail is a hybrid conversation based email with folders rather than tags. I miss tags; some folder weirdness occasionally peeks through. Fit and finish like after a message is selected, choosing add rule from message doesn't offer to filter other messages in your inbox that match the new rule. Etc.
Paying $40-ish/year to have email that isn't used for ads and that is run by a company with actual support seems like a good deal to me. Particularly if you don't have a friend inside google or the ability to hit the front page of HN to get customer service.
You can see the improvements in fastmail even over the 3 years. So that's really promising.
Just chiming in to say I also use FastMail and love it. The only thing I wish they did differently is offer SMS 2FA. (Yeah, I know about the downsides. I am a normal person who doesn't need extreme security.)
Any modern phone should be able to run a TOTP client. For my own FastMail account I have a TOTP client on my phone plus two Yubikeys, one I carry with me and one that I keep at home. We require all our staff use 2FA because emails from us get the magic green tick :)
So yeah, if I have my phone, I have a 2FA option already without SMS. I normally use the Yubikey because it's super easy.
If you have a Yubikey NEO and a phone with NFC, you can store the TOTP secret on the Yubikey instead of the phone, and use the phone purely as a screen with a time source by opening Yubico Authenticator app and touching the Yubikey to it to generate codes.
For Fastmail I plug it into the USB port as usual (using an OTG cable). Last I checked that was still the only way to do it specifically for Fastmail, since they do not support NFC. For Lastpass though, using the Yubikey through NFC works great.
I wanted to report a bug in Fastmail's android client only to discover that their ticket form requires you to type in your password. My fastmail password is gigantic, and typing it in on a phone is a major ordeal. Is it that much of a problem if a non-user submits a ticket?
Willing to bet if any of them were Google Fi or Google Fiber customers, their phones would be cut off as well. Of course, much of their fight with AT&T over pole attachment rights has been Google's unwillingness to be classified as a "telecom"[0]. I suspect Google is very unwilling to be held to these sorts of legal responsibilities.
"Basically, the current regulations require companies with utility poles in the public rights of way to provide access to certified telecommunications providers and to TV/cable companies," Paul Lewis, assistant manager of telecommunications and regulatory affairs in Austin, told Ars. "Google is not a certified telecommunications provider, and it's a video service provider as opposed to a television/cable company."
If Google were to apply to the Public Utility Commission of Texas to become a qualified telecom, "It would make them subject to all of the state and federal telecommunications regulations," Lewis said.
Wouldn't Google be able to set up a wholly-owned subsidiary to be the designated telecom in Texas? That's how the ride-sharing companies do it in order to insulate the parent companies from having transportation law apply to their headquarters.
I think it's indicative of more than just Google being unwilling to be held to the legal responsibilities; it appears that even their Fiber arm doesn't want them as well.
I recently got locked out of my old bank account because I didn't use the SIM from my country of origin for 5 months. My mobile operator disabled my ~15yo phone number and I can't recover it without flying there and visiting their office with my ID.
That's why I also feel uneasy towards all these number-based messengers. They're targeted at users who rarely leave their countries.
Or at least get a mail address or similar from everyone whom you're talking to on a number-based messenger, so that you can recover from a lost messenger account.
(Doesn't help, though, if you lose the phone number and your mail account at the same time.)
Google's terms of service say that each user retains the copyright to their content, but grants to Google a license so that Google can provide services.
If Google has the only copy of some of this content, I wonder if a copyright claim might have any leverage. It's one thing to give Google a license; it seems like quite another for Google to deny you access to your own copyrighted material.
That route would only get you copies of your email. It wouldn't help you change a password on a 3rd party service, if their practice was to require confirmation through your address on record.
Opinions about regarding Google as a utility aside, I think the comparison this argument makes isn't as comparable as you make it sound. Using your example with telephone companies, this situation is like saying a specific 3rd party service accessed via telephone should be regulated without actually regulating the telephone companies first. I would like to see ISPs be regulated as a utility before individual web sites are regulated as such.
In the event that becomes reality, the time would have to be taken to define what minimum level of services the web site would have to offer. Simply saying Google must keep X service available would be archaic. Would other email providers be exempt from having to maintain these rights? If your job gave you an email address, would they have to maintain it after you leave the company? These are probably contrived questions, but ones that would certainly have to be answered first.
> Gmail is part of the chain of technology that lets me communicate, so I think a comparison with a telco is fair.
And it's actually harder to switch to a secondary. With my ISP, if they cut me off I can fall back on my cell provider within minutes. I have no such failover for my Google services.
It's not a question of backups. Even with no data loss, the cost of most people being shut out of their Google account is absurdly high. Missed texts. Missed calls. Missed emails. Can't log into third party sites.
If Google wants to have a monopoly on all of that stuff, they need to be subject to regulation that compartmentalizes their services and what they can and can't do arbitrarily.
They don't want a monopoly, you want them to. You opted in to it, and you only end up in such a horrible position when you make a series of horrible decisions.
Missed texts and phone calls? How did you even get into the position where Google controls your telephony? Missed emails? Why are you using gmail.com? Third-party authentication? Did they not have the option to use e-mail or a username?
You can't fix every problem by band-aiding regulation on top of it. Sometimes you need to step back and wonder how you got here, and solve that instead.
Of course they do. Every strategic decision the company has made over the last two decades is to try to secure a monopoly on your data.
You make it sound like it's easy to run your own full stack of all web-connected applications. It's not. The cost is INSANELY high. So your real choice is whether to use one company, or dozens of individual companies for every individual service. The latter protects you against the risk of something like this happening. But it comes at a day-to-day expense which will far outweigh the prevented risk for 99.9% of people.
If your concern is data _loss_ as opposed to data _ownership_ you can still use Google all you want as long as you use it redundantly (backups, separate domain, &c.) What you're saying is more applicable to people who want Google not to see their data.
> This really seems like it needs to be regulated in law
Absolutely not! That way you are slowly making people to lose any bits of the common sense they might still have. Perhaps losing data once or twice will make people look for alternatives.
Throwing in another regulation will just increase barrier of entry for companies offering emails and who knows what else some dumb politicians could come up with, maybe this will open the gate to even not being able to self host an email server.
Disclaimer: I don't speak for Google and don't have any real context into why this occurred. Speaking as myself, a private citizen.
I work in Spam & Abuse and it's possible that this is the result of some clustering algorithm that was trying to take down sharders / phone buying rings. It's very possible that the SWEs responsible didn't consider this possibility (that legitimate customers would be used to shard purchases) and I'm pretty sure if the affected customers appeal they'll be reinstated, maybe with a warning. I certainly wouldn't characterize this as intentionally punishing the individuals who purchased phones on Google's part -- notice that only users who directly sent their phones to the reseller's address were taken down. Smells like automation to me.
The "deleting all their data if the appeal doesn't go through" thing is actually because of privacy policy and Google can't keep your data around for longer than 90 days give or take after your account is suspended. Again it seems heavy-handed but is more a perfect storm of big-company policy decisions with good intentions overall. Know that if you ask Google to remove your account, you'll actually get everything wiped! (That's a good thing imho!)
It really is unfortunate that FPs (or "mostly-FP"s) in Google's systems impact people so badly. FWIW for most Google services if you abuse them you usually get a service level suspension rather than your entire account suspended, probably for this exact reason.
It's very possible that the SWEs responsible didn't consider this possibility
"Very possible"? More like "guaranteed". Everybody who pays the slightest bit of attention knows Google has a gigantic blind spot when it comes to thinking through the consequences of algorithms and automation. And there's no sign that the company is interested in fixing that, ever.
Wait until they get into the thought police business for some real interesting situations.
All jokes aside, for those who remember, it's pretty amazing what Microsoft got punished for (bundling a browser with the OS, with no other restrictions) compared to what Apple and Google get away with.
Bundling a browser with the OS that had 98% of all user share at the time. neither Apple not Google come anywhere close to that market domination with their iOS or Android systems.
Also the case was much more broad that just the browser it was for software that runs on the OS.
Antitrust is not just about what a company does but mainly about what other alternatives are out there. In Microsoft's case there were no other alternatives while today you can choose between several.
EDIT: One more thing that everyone seems to confuse is that antitrust cases should protect CONSUMER rights not PRODUCER rights. A case can be made that Google and Apple are hurting other companies by offering free services with their products but they ARE NOT HURTING CONSUMERS.
Key word here is "phones". 85% of phones is still less than half of all users seeing as mobile just surpassed desktop use sometime in 2015.
And no, producer rights are not affecting consumer rights since this is a free market. I don't care how many Russian search engines or vertical product marketeers go out of business. They are going out of business because they are not offering a good enough service and I don't want google or any other search engine to channel my experience in not good enough channels just to keep their business afloat. that is not free market. When I and a plenty like me like a service we keep using it no matter if Google promotes it or not. If google had the power you are fear-mongering about we would not have FB, Twitter, Instagram, etc.
> If google had the power you are fear-mongering about we would not have FB, Twitter, Instagram, etc.
All of them were started before Google even started competing with them.
Show me a company started after Google had already established a presence in a market that’s either competing with Google (and having a positive prediction) or that has thrown Google out of the market at all.
it doesn't matter is they are established before or after. all it matters is that users have the choice and choosing these (and other) products over the Google provided ones.
Google has bundled a form of messenger app since forever with its services. People just keep choosing other better ones.
Google has tried 2-3 time to break into the social scene but even though Google Buzz was bundled with gmail it was not used. although everyone with the gmail account had a G+ account it is not even close to FB or Twitter.
The simple fact of bundling is not a problem when there are choices. Amazon even takes Android, takes out EVERY SINGLE REFERENCE to google services and uses it for it's own products. So android can not be considered in any form monopolistic because it offers choices does not block them.
> it doesn't matter is they are established before or after.
Yes, it does, that’s the entire point.
Will we still see as much innovation in 10, 20 years? For that, this part is very important.
> The simple fact of bundling is not a problem when there are choices.
Google forbids OEMs from selling custom Android forks. That’s not choice.
As said, both the EU and US consider this anticompetitive, and are investigating it. If you believe you – which apparantly are unable to use correct orthography – are more knowledged than the top lawyers of the two largest economies, then, sure, go on.
Even Google has admitted they are doing anticompetitive bundling, their defense is that it’s required to fund Android at all. That alone should say everything.
Google forbids OEMs from un-bundling it-s other services not android. OEMs have the choice to build an Android with no Google service whatsoever like Amazon or some Chinese OEMs are doing. What they can not do is offer an Android while picking what google app they offer. Google apps are take it all or leave it for OEMs. for users they can choose to install what they like.
I do not believe that I am more knowledged that Lawers but seeing already in plenty other examples that EU is more worried about businesses than consumers I can say that these is just another misuse of the antitrust rules.
Not really, because Google also retroactively removes the license for devices already in production if the OEM later on decides to sell forked devices, as was threatened with Acer.
Or even just delivers parts for such a device, as was threatened with SAMSUNG and Amazon.
I really don't want to defend Microsoft, but Internet Explorer won all that market share because back in the day IExplorer really was the best browser available. And given what happened next, I'm actually grateful for the IExplorer monopoly, because Firefox wouldn't have happened otherwise.
We tend to forget that even natural monopolies can be broken by new technology and innovation. And even big companies can be beaten by smaller ones. Microsoft tried to beat Google at search while Google was smaller and much less powerful than it is today. They couldn't, because big companies have a priority to protect their cash cows and don't necessarily have the talent or the focus required to tackle new markets (i.e. the innovator's dilemma). Google tried to beat Facebook at social. They also failed by being too conservative, while at the same time fucking their users. Can you spot a pattern?
I accept Microsoft followed many predatory and anti-competitive practices. They were a nightmare and deserved a good anti-trust kicking.
But hammering them for bundling a browser was just plain stupid. If they didn't bundle a browser, how would people download a competing browser? You'd have had to get hold of a browser on CD somewhere and install it manually just to use the internet. How would that have been an improvement for consumers? It was a misconceived, user-hostile decision.
You've convinced me. Ordinary consumers should be expected to know how to use command line tools and have memorized service addresses, without having browser access to look any of it up. That's clearly the answer to improve usability and expand consumer access in this situation. How could I not have seen it sooner.
Windows explorer supports ftp. Type ftp://ftp.mozilla.org into your run menu or explorer address bar and you'll get a folder view pop-up. From there it should be rather trivial to find Firefox from inside their ftp directory (not as simple as clicking a download button, but still). I'm not sure if getfirefox.com runs an ftp server.
I'm not aware of any popular OS that doesn't have ftp support on the main UI (except Android, which doesn't have a file management app anyways; not sure about iOS). Nautilus has ftp support. So does thunar, dolphin, konq, etc. You can type ftp addresses into the address bar in osx, iirc.
- Didn't want to open a browser one day but wanted to download the latest version of FF. Thought I'd try FTP. Ultimately gave up on trying to find the right path and Googled it.
Another time (later), I vaguely recall being at a kiosk with IE disabled in various boring ways, and I tried to see if I could download FF (just to see if it was possible) after successfully managing to open the FTP site. I might be misremembering, but I think the only reason I was able to locate the dir properly was because I'd previously made a careful mental note where it was. (It downloaded, but executables were disabled. Those sysadmins did a good job.)
True story: Back when I was doing desktop tech support, downloading Ad Aware via command line FTP was a favored method of mine when the user's browser was so fucked by spyware that it was inoperative.
At the time, before browsers were standard equipment, ftp was a normal way to obtain software. There were gui ftp clients available at the time, but I have no idea how people usually got those (whether dialup bbs, downloading with the bundled default ftp utility, passed on a disk by a friend, or bought on a disk).
Due to suspension of your Google account this GoogleCab service is no longer available to you. Please be careful exiting the cab on this narrow strip of interstate hard shoulder 50 miles from anywhere. We have also disabled google authentication access to your phone. Have a nice day.
> I can't do that, the hospital is within 50 miles of a school and you're banned from being within 50 miles of a school, because you commented "she's very pretty" to a picture of your 5-year-old niece and we've decided you're a paedophile.
It's amazing what owning the FTC can do. Obama appointee Joshua Wright was a paid Google shill... and Trump just picked him up for the FTC transition team. Google's ability to infect our justice system transcends partisan politics.
Hopefully you haven't given up on reading the comments to your post and you see this. Small practical suggestion, no flames.
It might be a very very good idea to lobby to get company policy instated that says "if the system thinks a user has gone rogue/bad, their account gets locked and all, but the data gets kept around until the user says to kill it, or for 6 months."
Because if Google thinks the account has gone bad, that's not the user saying "delete me," so the privacy policy (and associated laws) don't apply! There's nothing stopping you even stashing the data away indefinitely until the user explicitly asks for it to be killed (but that's scary).
At the end of the day though, algorithms fail, and IMO this is a practical edge-case policy glitch in the business architecture that should have been countered for.
Or does "user account gone rogue" have to be interpreted as "delete me" for crazy obscure Reasons™?
If you watch an old tech talk re: Google disaster recovery topic, the Googler explains that a user's info is never fully deleted because it's too expensive to do so given back-up duplication is processed multiple times in multiple locations and sometimes over multiple technologies. In other words, cancel your google account today and your data may be "deleted" but it's really, as in actually really, still on magnetic back-up in several locations, but it's just really hard to get to and put back together, so is considered "gone". Unless you're a really big organization with the means to go to such troubles, like maybe the government or Google.
It would be easy to setup a backup system where all backups are encrypted with a set of randomly generated keys. (1 key for each user/service pair or something). The keys are going to be (relatively) tiny, so they could be kept on non-archival storage.
If a user's data needs to be deleted for whatever reason, simply discard the user's corresponding encryption keys. That way you can effectively wipe the user's archive without needing to touch the tapes themselves.
How is that compatible with legal requirements for deletion? I think that, at least in Germany, you can demand that a company delete all data associated with you, and the company has to comply with it.
(Whether German data protection law applies in Google's datacenters is a wholy different story though.)
It's not required in Germany either. The data protection law allows to "lock" data instead of really deleting it from all devices. And IMO that's the only sane solution to deletion requests.
Otherwise, any kind of backups would be unlawful for a company.
I think this may have changed since that talk. I think Google still doesn't technically guarantee full deletion (who knows if someone's GC process messed up or has a bug) but in practice it happens, at least AFAIK. It is expensive. And it does take time, I wouldn't expect all my stuff to be purged until at least 180 days (the 90 days they are supposed to delete after + ~90d for the delete to fully propogate).
It also drives every engineer nuts when they're asked is your service wipeout compliant and they realize omg I can't store this data longer than x days?! shit shit shit
European Privacy Shield compliance is yet another bag of legal worms every service has to deal with. More deleting, encryption at rest, etc.
From watching a tech talk a few years ago by Googler on backup, my understanding is that they just delete the encryption key (I believe everyone's data is encrypted with a per user key).
Your data may still live out on some server - but it is effectively unrecoverable.
I recommend the takeaways you get from this thread (especially as someone in Spam & Abuse) to communicate with those you work with and your superiors at El Goog.
- Automation is going to be the end of your job. Not because your job will be replaced by an algorithm, but because overuse of algorithms is leading to the collapse of trust people place in Google. Major actions like the banning of someone's Google account should never be done by algorithms. If you can't afford the humans[0], you shouldn't be in the business of holding people's valuable data.
- The support and appeals process must be human. Ever tried Microsoft's Answer Desk? Talking to humans isn't difficult even with one of your largest scale competitors, even for free tier products. Humans want to talk to humans, and Google's customer base consists of humans. FastMail ticket support? Incredible. It feels like Google isn't even trying to treat customers well in comparison.
- Google shafted 200 of their customers, and from the looks of it, this thread has another 200 ready to leave. The Guardian just picked up the story, so expect this effect to continue. One bad behavior by automation can cost you multiples of damage, especially if someone writes a blog post about the incident.
[0]Google can definitely afford the humans, especially with that princely sum they have stashed in offshore accounts.
Human decency dictates that, at the very least, someone be warned that their account is now headed for non-negotiable suspension and be given 30 days to clear out their stuff and move on.
I couldn't care less what algorithm decided what. At some point a person coded-in the rules and, for some incomprehensible reason, this person or people decided it would be perfectly fine to take the path of most damage to consumers.
Your company, Facebook, Amazon and others deserve to get hit with a massive class action lawsuit that results in equally massive financial penalties and requires corrective actions. Maybe then you'll learn how to behave like human beings.
I can confirm that I heard many stories of Android developers getting their Google Play dev account suspend for various reasons (which is already really bad in itself, if you have a popular app that makes a significant part of your revenue), but I rarely heard about full Google account suspension for a Play Store violation (maybe once or twice among dozens of Play Store suspensions stories).
I'm still puzzled that they take such a drastic measure automatically, without having one human checking whether the account is actually a real person's account.
I really want to see what comes out of this, if everyone gets his account reinstated and how long they had it suspended.
Yeah my account was wiped without warning after what I suspect was an automatic app review that Google introduced in Play Store at that time. It was just a niche hobby app but damn, it's not like I was a free user. I paid for the dev account. Good thing I had a separate google account for that.
I had some sloppy ndk computer vision running there, maybe it triggered something? I have no idea really. It's not like you can appeal anywhere. I was very busy with other things and let it slide at the time. I got away with a very cheap lesson I guess
is more a perfect storm of big-company policy decisions
Naming storms like this is about rare they are. A "10 year storm" or "100 year storm" only happen once in that period. So they refer to a 10% or 1% chance that an X-year storm that would happen in any given year.
Is this cock-up is so bad that you don't expect a Google company to make a similar or more severe cock-up for DECADES? Then it's not a perfect storm. This was a common storm. In fact, I'm very doubtful it was as a "storm" inside of google at all. This is just another "whoopsie" bug fix, isn't it?
This right here is why people get the impression google thinks it's farts don't stink. Not only that you act as if this is a "perfect storm" but the arrogance it takes to design a system where just because an engineer didn't consider a use case, you're perfectly happy to assume it must be abuse.
Yes, this case will probably be fixed, but would it have been if it didn't pop up on the right back channels to get Googlers attention?
Yay for algorithms without any human supervision! In googles defense, you can't really expect them to spend such a small company to pay a human when the task is so trivially automated and handled so well.
Honestly, I feel like if you start trying to game the system with some shady practices, you should be ready for eventualities like this. That's almost as careless as putting your real info up on an .onion site, and almost exactly like torrenting without any kind of proxy. I hope they get off with a warning, but these people were up to some shenanigans.
thanks for clarifying, I thought the same thing right away as well: smells exactly like automation. I could never see Google suspending an entire account for one person selling one phone.
The world's growing dependence on mega-services provided by the likes of Google is why I started the Free Data Foundation.
The goal of the project is to support OSS that can replace "free" services that subsist on our data. Interestingly enough the maiden project is tentatively called Tmail (short for torrent mail).
It works somewhat like TOR in that it will depend on volunteers to host nodes that will communicate with existing email providers (outlook, gmail, yahoo, etc) and relay the mail over 80 to RPis preloaded with MDA (mail delivery agent) software.
The goal is be able to expand the service to allow people to sign up for email accounts without running their own software (a la gmail).
Rule Zero: Never rely on a URL that you don't control. Use your own domain name for your e-mail addresses. Use your own domain name for canonical links to content. If you control the URLs, you do not depend on any one provider.
Rule One: If you only have one copy, you have no copies. It is an act of faith to assume that a Youtube video or a file in Google Drive will remain available, just as it's an act of faith to assume that a hard drive will never fail. Anything from a hacker to a natural disaster could destroy your data. The "cloud" is made of servers, not magic.
If you follow these two rules, you have nothing to fear. Google could suspend my account tomorrow and it would be nothing more than an inconvenience. I change a couple of DNS records, restore some data from nearline and I'm back in business like nothing happened.
While I'm in complete agreement with you (everyone should be responsible for protecting and ensuring the integrity of their data), it seems a little unreasonable to expect the average gmail user to purchase a domain name, link it to an email provider, (optionally) migrate their emails, etc.
Same goes for YouTube videos. Content creators typically maintain copies of their work, but casual youtubers don't.
I don't think it is unreasonable. I think we've fallen into a culture of low expectations regarding the ability of "normal users". Many people will (perfectly legitimately) choose convenience over quality or reliability, but I think we should be pushing users to engage more seriously with the tools that they use.
We can certainly do more as developers to make things easier, but I think we have a tendency to pander to an imaginary "AOL granny". We often present oversimplified advice, because we expect too little of users. To pick a random example, I think we're too eager to say "use Dropbox" rather than "use Dropbox, but buy yourself a NAS too because X, Y and Z".
I think that there's a substantial latent desire among ordinary users to have more control over their technological lives. People are increasingly worried about the power of big tech companies, but they don't know what to do. We aren't doing a good enough job of informing users; those big companies have an obvious incentive to keep users uninformed. We're not communicating the risks and benefits well enough, we're not providing clear explanations of the alternatives to the Big Five.
In the process of writing this comment, I've had several startup ideas. I hope that the people reading this are having ideas of their own. I think that there are substantial opportunities to start returning control to users.
For a whole variety of reasons, you need know what you're doing to properly host your own email now.
From the risk of domain name takeover, to hosting provider takeover, to modern spam requirements (ip reputation, dkim, spf, dmarc), to just plain sysadmin ability and ideally run an HA system.
Agree that there are probably some startup opportunities, but the the reality is that you'll just be transferring the user's trust from AmaGooFaceSoft to you. You might be more trustworthy... or you might go out of business.
EDIT: To be fair, I'm probably missing a whole bunch of creative solutions that give the user control without requiring them to run a service.
There are a whole spectrum of options between "running a mail server in your basement" and "having to reprint your business cards if your Google account is suspended".
We can make big steps towards trustworthiness and control in SaaS, it's just often orthogonal to profitability. Lock-in is the obvious example. Lots of vendors expend huge efforts to simplify data ingress, but create arbitrary obstacles to data egress. We worry about SaaS providers going bust because we're inured to the idea that getting your data back is really difficult. The interests of the user do not align with the interests of the vendor. Predatory practices are so normal that we've half-forgotten that they're predatory.
Many ISPs give out a domain name and email service for free with internet contracts — you can set it to redirect to gmail until you need it, then just switch it over.
My current ISP, for example, is actually a local company providing datacenter colocation and consulting services to the state’s government and local and national companies, but they also run a small ISP as side business.
Which means their small ISP business is something they wouldn't mind so much getting rid of, along with your account.
The point is, you'll always depend on someone else. Your data will always flow through someone else's network. The cloud is someone's computer, and the internet is someone's cable.
You always have to rely on someone, but you can structure your affairs so that you're only temporarily reliant on them to provide service today, not to provide service indefinitely.
If your email address is "me@gmail.com", you're stuck with Google. If they suspend your account, you're in big trouble. If your email address is "me@myname.com", you're a free agent. You can use Gmail or Fastmail or some random hosting company or a mailserver on a Raspberry Pi. You can use DNS or forwarding to send your mail wherever you like, you can transfer your domain name to any registrar you like. Rule zero.
If all your files are in Google Drive or Dropbox and nowhere else, suspension of your account could mean total data loss. If you have a local backup on a NAS or a mirror on Glacier or Backblaze, you're just mildly inconvenienced. Rule two.
Eliminate single points of failure wherever possible. Avoid vendor lock-in. Don't rely on a service unless you have a contingency plan if that service fails. Treat everything as if it were hopelessly unreliable.
Well, yes. If I own a domain name, I can point that domain at any resource I choose. I might be technically "renting" the name from a registry via a registrar, but for all practical purposes I'm in control of it.
Until a government, registry or large ISP decides to take that control from you, which can happen nearly instantly. Or someone uses social engineering to take the domain from you:
https://en.wikipedia.org/wiki/Sex.com
> Rule Zero: Never rely on a URL that you don't control. Use your own domain name for your e-mail addresses. Use your own domain name for canonical links to content. If you control the URLs, you do not depend on any one provider.
You do not own your domain name. It's better than using google.com, but your domain name can be stolen or seized just as well.
Domains can be stolen or seized, but somehow the internet still manages to function. If you're not doing anything silly or shady, domain names are extremely durable. They're certainly more durable than an e-mail address or a subdomain on someone else's domain, more durable than a phone number or a street address. If you can choose only one identifier by which people can contact you, there is no better choice than a domain name under your own control.
Your definition of "silly" or "shady" might not be congruent with every other person's. com domains have been seized for a variety of reasons. However, them being stolen is much more likely. As a security-inclined person, the domain registrar is the first thing I would target as an adversary. Very often they don't have 2FA; and once you have access, e-mail follows.
It goes without saying that this is only a small part of a bigger picture; using your own domain name is a good idea, but not a perfect solution.
Not to mention they are stealing not only your e-mail data but your entire digital identity. Now they can reset the password of all your accounts, send e-mails in your behalf, buy things in your name.
I just don't trust DNS, domain registrars and all the things I would need to secure to have a custom domain e-mail.
Does anyone provide a service to set this scheme up easily? I'd pay $$$ if all of my 'cloud' content and accounts could be migrated to something like this. I just don't have the time to set it up or manage it.
I have everything in google: Drive, email, voice, docs, sheets, etc. I was actually about to sign up for Fi. The convenience of everything in one place is great. But I don't think I had quite thought through a disaster like this.
With this article in mind, need to reevaluate. I guess either regular local backups and/or diversification of service providers would be a good step.
1. Have your own domain name. You can change provider from Z to Y at the flash a DNS record gets updated. Email is designed as a federated service, but to be so your email _address_ needs to be too.
2. For files, use a cloud solution and have 2-3 computers updating their local copy (home PC, work PC, phone, small Pi box acting as server). I have a Digital Ocean box running ownCloud, soon to change to nextCloud. Put your code or next essay on Git.
3. Don't trust any service provider, especially if they're not dependent on explicit income. You can still have everything in one place, but that place is many places at the same time.
4. Don't store what you don't need to. Complication and confusion also comes from hording. Don't need it? Delete it, and be assured it is completely deleted.
Don't forget about the guy whose twitter account was stolen because a hacker got access to his email _because_ the weak link was a custom domain and poor security at Godaddy. The domain was hacked, giving the attacker full access to email, and therefore ability to change passwords, transfer ownership of a prized twitter account and more. It has been discussed here quite a bit. The folks that answer phones at domain registrars don't usually have adequate training and social engineering is common.
Many NIC's support this but they aren't really setup to handle individuals (they prefer resellers do that) expect to pay a lot more for the privilege. You can usually find the Registrar by just going to nic.tld (e.g. http://nic.io/)
Point one here is the BIGGEST. If you do nothing else, own your domain name, and forward mail to a service provider of your choice. In my case, I made my new email address forward to Gmail, and then started changing everything over to use my new address. Then, when I moved providers to FastMail, all I really had to do was re-point my domain name.
Even if for some reason I lost my FastMail (pretty unlikely), I'd just repoint my domain to a new mail service, and I could easily recover all my other accounts. And of course, my email archive is backed up locally, so there's no risk of losing that.
> If you do nothing else, own your domain name, and forward mail to a service provider of your choice.
Even this may not be sufficient. I had a domain name registered through my ISP (UKFSN). At some point I had a disagreement about payment with my ISP, who refused to discuss it. Instead of replying to my messages, they disabled all my domain records and my emails started bouncing. I think this was illegal (and eventually I forced an apology and compensation out of them - long story). Anyway, I would recommend only having a domain name registered through a dedicated registrar who you are not using for any other services.
This is good advice too. I actually have my domain name and web hosting through different companies, particularly for this reason, if I have service issues or something with my web host, I wanna make sure I can switch web hosts or threaten them with the wrath of God or something, without worrying about my domains.
I foresee a slight chicken and egg problem here. Registering a domain requires an email address, so it seems that I would need a third-party email address anyway.
The founder and most of the development community has moved to NextCloud. ownCloud is mostly the old corporate people maintaining status quo, from what I understand.
I think not using anything Google is probably the wisest move as they have made it very clear on numerous occasions that they simply do not care about customer service.
And this is the crux of the problem. "Oh, that'll never happen to me" until it does. I've been asked several times, "why do you go to the trouble of [hosting your own e-mail | not having the same mobile # on SMS as on Hangouts | using ownCloud instead of Google Drive | and other greatest hits]". Stories like this are why. They're not at all uncommon, they're a disaster for the people affected, and they're clearly not a wake up call for Google to get any better about their free-to-the-end-user services, so I've no motivation to change my practices.
I've got a domain name and an E-mail address on it that forwards to my gmail account, but I find out of laziness I usually end up directly specifying my @gmail.com account when signing up for online services. It might be time to slowly start switching over to using my personal account, so, in case I'm ever banished from gmail it's simply a matter of pointing my forwarder to a different E-mail provider.
Sooooo many accounts to switch over though, probably will take a few days...
When you update email addresses, I'd strongly recommend having a catchall and then theirdomain@yourdomain.com. Makes it easy to see where spam comes from, and more easily delete it.
As someone who has done this, including project fi, I maintain my own backups on a personal server at home and another one on a VPS.
Owncloud / nextcloud provide automatic syncing of photos if need be. I sync up all my important documents but as of now I don't see the point of backing up my emails. The last missing piece is syncing my contacts which is also possible in my current setup.
With that said, I am still going to use Google services because of their convenience. I just like knowing that the data I care about is safe.
devil's advocate(or in this case, google's i guess), unless you do something shady prohibited by google's TOS(which i recommend you read and understand if you value your data), google is pretty good about everything. even when they shutter services they give you plenty of advance warning and have options to takeout backups of data easily
always remember google offers all of these services for free and you're still getting more value than you paid for
The worst thing about it is that it's almost impossible to talk to a human about the problems you're having with Google's free services. Even if this was a honest mistake, there's no human to talk to in order to correct it. And yes, you could pay for Google's G Suite (former Apps), which does have support available, but then again that locks you in, because you can't migrate purchases and connections to a free account later.
Free stuff is never free, you end up paying one way or another.
I have long since migrated off Google Apps and am paying for FastMail and Dropbox (with the 1-year history add-on), which ends up being about $243 per year, or about $20 per month. Now that's kind of expensive. Along with other recurring payments for online services, I end up paying about $38 per month for online stuff.
Now I'm being a frugal kind of guy, having suffered from poverty in the past and I'm not paying for useless shit I don't need, but if you can afford it, then allocating about $50 per month for your online independence is worth it, because the alternative is to be held hostage by companies like Google.
Pretty incredible - especially with how little that a hardware product purchase has to do with a user's data. Imagine for a moment that google required people to have an account to access all their services - that they have the ability to cut you off arbitrarily across ALL their services for a TOS violation should scare anyone. Imagine if facebook cut your account and thereby ties to many of your friends and acquaintances for promoting a competing ad company?
These companies have lulled us into their systems with good intentions and free services, and now they wield tremendous power over our lives. I don't actually want to go back before the days where these services were fragmented and it was very difficult to juggle many closed services instead of a few. Still, its what happens when the company owns the whole vertical of individual user's data.
I remember when Spotify switched to requiring facebook for signup and were pushing linking the accounts on existing users. Perhaps it was a bug but at one point they made finding and following other users very difficult without facebook integration. Apparently they switched back to allowing email signup again some time ago but it left a very sour taste in my mouth. I still have my account today so I suppose that's a testament to how well they've run their service outside of that issue.
Anyway, I hope developers keep incidents like this Google one in mind and let people create standalone accounts. Certainly at the very least supporting more than one provider and allowing you to link another email address if they don't feel comfortable dealing with the very serious responsibility of managing and encrypting usernames and passwords.
Login with Facebook is a nightmare: I've stopped counting the times I've had a problem with accounts created with Facebook Login. It is pain in the ass to switch that account to a regular one, once you did it.
> I don't actually want to go back before the days where these services were fragmented and it was very difficult to juggle many closed services instead of a few
I do. I'm sick of the giant web companies. Especially since they make their money off fucking ads.
People get banned from Facebook every day for stupid reasons, whether it be Facebook's real name policy or otherwise, and I would encourage you and everyone else to keep alternate contact details handy for your friends.
Maybe you should encourage them to get on Signal Private Messenger, so that you aren't SOL if anything happens to Facebook.
I picked up the sarcasm immediately but it's scary how many times I've been told (HERE, on HN of all places) that it's impossible to live a normal life without Facebook. As in: literally, with a straight face someone would claim they would have no contact with friends if not for Facebook and be totally serious about it. Kind of unbelievable but I've heard it multiple times.
i mean facebook gives you the means to provide alternate contact points(phone numbers) to your friends. people don't choose to use it coz of whatever reason deserve to be cut off-why wouldn't you want your friends phone numbers in your phone?
Nowadays the means of keeping contact information when making new friends is whatsapp or facebook. So yes, this would not be a problem for now, but it would be in a few years when mobile numbers become really obsolete (hopefully not).
> he people affected don’t have access to Gmail, Google Drive, Google Voice, or anything from Google. They don’t have any access to gift cards, bills, travel confirmations, work documents, etc that were saved in their Gmail accounts.
Yikes. That is scary. A large part of my online life is tied to Google. I was even debating getting a Project Fi phone too. Because well it is convenient and cheaper, but it would mean sink everything even deeper into Google.
For fun though, let's imagine if Google or Facebook ran a country. They would control the news you read, the apps you can install, they know where you are at every single instant (via your phone), they know all your secrets (who you talked to, what sites you visit, how often), they know who you know (contacts), Nest thermostat at home even controls how warm or cold you should be. In return you get all the super shiny and new stuff: latest technology, watches which measure your cholesterol, VR games, best email experience, unlimited archiving of your photos, really fast tear-free rendering of web pages. But if you make a wrong step your plug is pulled and you have no recourse. You go to the store to buy something, you just don't exist in the system - no access to you account. Can't travel because it refuses to route you. You can't talk to email or chat to other people because they can't reach you.
Yeah, that's why they don't want to run countries (be a government) - legitimacy of political power comes with a social contract, fluid and quite vague, unlike TOS.
Violating it often ends up in bloodshed and revolutions.
Most people are missing the important piece here: The terms of service is preventing you of doing whatever you want with a physical product you bought.
The F!. You bought the phone with full retail price. You didn't break any laws (as far as I understand it). Why does Google has a say on what you can do with "your" phone.
2018: You can't sell your phone (as a used phone).
2020: Google Drone picks up user phone from his apartment as he is banned from Google.
But the phone's terms did state (according to TFA): “You may only purchase Devices for your personal use. You may not commercially resell any Device, but you may give the Device as a gift.”
This is (one of) the problem with EULAs: even if I noticed that while not really skimming the EULA, I would ignore it as it seems completely unenforceable from a legal standpoint. I buy something from you and you get to determine what I can and can't do with it? Don't let EA and the other AAA game makers hear about this!
You're free to sell the phone, you're just not isolated from the consequences of doing so. Google are fully within their rights (since they wrote their rights, in the agreement you clicked through) to terminate your account at their whim.
I'm co-founder of Daplie (https://Daplie.com) and we offer a home cloud (pointedly dubbed "Cloud") that competes with some (or potentially all) of Google's G Suite.
The Internet never seemed so small, closed, and locked as when we got our notice that our ads account was suspended (and we got no explanation other than that the reason was 'on a list they weren't allowed to talk about'). It suddenly became super clear just how much Google monopolizes the web and had the power to censor products and services and ideas they don't want.
Google has simply gotten too big and too impersonal. If they were smaller, only did one or two things, and locked you out of those things because of a ToS violation it'd be frustrating but it wouldn't be catastrophic. Similarly if they just had more humans interacting with their customers, then incidents like this would get resolved in a more humane way (but can you really do that at Google scale?).
We live in the era of tech giants owning vast swathes of worldwide markets because they got there first and developed proprietary IP to make it work. Which they deserve plenty of credit and have been rewarded richly for but I would prefer to see the pendulum swing back at this point to businesses which have a more personal touch. Fewer giants, more mom'n'pop shops which might not ever make anyone a billionaire but would create jobs for people who interact with other people.
Customer service, consulting, service businesses built on open source IP, humans running the machine--that is one possible future. The other is a couple of tech giants controlling everything and the machine running the humans. I know which one I'd rather live in. One change we can all make to promote this is simply limiting the business we do with companies that make it hard for you to get in touch with a person. If the market starts to value the human touch more then these companies will improve or be replaced.
Besides not depending on centralized (especially 'free') offerings of any single company ourselves and spreading the word, warning people with less technical insight, there are some things we can do when building services to help the average user avoid this:
- Offer at least one properly decentralized authentication option. Do not force your users to depend on google/facebook/github/whatever authentication services.
- Provide a way for registered users to change their email address and/or authentication method.
- Even on your backend, try your best to avoid locking yourself in to the services of a single provider, be it hosting, storage, email or anything. By doing so, you are not only locking in yourself, but indirectly your users as well. Prefer open source and self hosted services.
This is why Apple and Google will eventually become horrible evil companies. I won't do anything to piss off Google or Apple because my life is stored in their ecosystems. This, they can get away with being shittier than AT&T.
The financial loss I would sustain if Google locked me out would be substantial. The emotional loss if Apple locked me out would also be substantial. My entire personal life is basically in iCloud in some form or another.
My situation might be a little extreme because I travel constantly and stay in touch with my family digitally but my tight coupling with a digital ecosystem will become the norm.
> My entire personal life is basically in iCloud in some form or another.
True enough, only for me it's just not stored only in iCloud, (something that is cumbersome to accomplish with Google services). If I get locked out of my iCloud account, everything (that matters) is right there locally on my Mac.
Is it legally enforceable for a company to dictate what you can or cannot do with a phone that you bought from them? Sure, the terms said whatever they said, but is it enforceable/constitutional? I mean, people sell their phones all the time for whatever reason.
I would have thought the Doctrine of First Sale protects you legally (as in, they can't sue you for reselling a phone), but I don't think there's any legal protections on provision of a service.
The doctrine of first sale is dead. It died to the copyright cartels. You own nothing where a copyright is involved. The copyright maintains ownership of the device, not you.
The courts may have once done something about books with shrinkwrap agreements forbidding sale, but the same does not apply to software or things containing software.
Probably not. In this case, everyone set their shipping address to one location though, so Google simply cancelled the orders. (And then digitally killed everyone who placed them.) Had they shipped them to themselves and then shipped them elsewhere, this would not have been possible, but it would have cut into their profit margins a lot.
Did the terms say you can't resell the phone or that if you resell the phone Google will terminate your account? The latter is completely legal as far as I understand it.
Can I ask what your email stack was? I'm working on a project that's a cross between TOR and bit torrent to provide free (encrypted) email to the masses that doesn't monetize data. I've been on a crash course of all things email lately.
Ancient, set up maybe 15 years ago. Postfix, spamassassin (which wasn't effective, spam being the bulk of the problem pun intended), RBLs, and a nice almost two decade old .procmailrc for categorization.
I'm still in the process of trialling new providers. I'll be using fetchmail along with my existing procmailrc. The part I'm outsourcing is the spam filtering and availability on the MX.
Not the OP, but I've been looking at Fastmail for a while to replace Gmail for a robust dedicated email service. I haven't felt the push to pull the trigger yet, until reading this article.
Does FastMail have any equivalent to Inbox (reminders/snoozing emails)? I started to migrate last month, got lazy when I realized how much I used those, and then I think my trial account lapsed.
This article might scare me enough into trying again anyway, but if I can find any replacement for reminders (Fastmail or otherwise) that's as nice to use I'll jump over so fast.
We don't have snooze yet, but it's getting really close. We have a plan for it which I started on nearly a year ago (Christmas day 2015!) and then it got mothballed behind other things - but we have a grand plan for how it would work, so it's a matter of some more internal plumbing.
That is fantastic to hear! I currently use the iOS Reminders app to remind me to check out that email again, and it would be really nice not to have that layer of indirection.
While we're on the topic of wishlist items: I'd love to have sync in the app. It sucks not being able to access any emails when I don't have internet (on the subway or a car/train in some remote area, even in some shielded buildings, etc). It would be fantastic if I could tell it to store the last two weeks' emails (possibly even per-folder, "store all in folder X, last week in Y, last month in Z"). That's the feature I miss most from your app.
Other than that, keep rocking :) FastMail is awesome!
How so? It gives us an opportunity to ask questions to make sure the service is right for us. I think it's pretty cool that I could talk directly to a Fastmail employee if I wanted to, without having to call support or open a chat session.
Besides, I'm the one he directly replied to, and I'm not complaining. Why do you care?
FWIW, I migrated all of my email from gmail to fastmail with a script I found online about 2 years ago and setup email forwarding from my gmail account to my fastmail account. I also linked my domain name to my fastmail email (before I just used an @gmail.com email).
I've really enjoyed fastmail so far. Their UI is intuitive (after the first few days), and the service is very fast and stable.
A while back I set up email using my personal domain using Google Apps after discarding the idea of managing the while thing on a vps and after checking out a few providers like Protonmail. It basically came down to price and convenience; Google was on par with others for price and I really like the Inbox interface.
That is exactly why I transferred my email to paid fastmail account. That is why I'm gradually resigning from usage of any Google services except search. That is why I'll never ever buy anything from google.
I had figured out everything when they closed Google Reader. I understood that they give no flying whatever about their users.
Because you, people, are not their customers. You are their commodity and advertisers are their customers. So yeah, don't mess with your owner.
> At a bare minimum Google should have allowed emails to be sent to their accounts and not bounce back to the sender as undeliverable during the appeal process.
I don't know. When an email is delivered to the destination mail server, that counts similarly to having a letter delivered to your physical mailbox. The time of delivery is important for any deadlines mentioned in the letter/email. If I'm locked out of my Gmail for 4 weeks, and then find a 3-week-old mail that had a 2-week objection period, I'm out of luck. (Unless I've got a good attorney and the willingness to defend my case in court.)
Also, when a mail is bounced as undeliverable, the sender will notice that I won't be able to react to the mail, which might prompt them to contact me on another mode of communication if the matter is urgent.
You can register a domain for ~$15/yr from a registrar like Gandi, and they will include several email accounts. Anyone who cares about their online presence should do this.
And susceptible to the whims of and demands upon your registrar or registry. "Torrentz.eu Domain Suspended After UK Police Request " etc
Probably best to pick a TLD and registrar outside your immediate jurisdiction as well as that of the USA and EU, which rather narrows the choices. .ch or .me seem reasonable.
Little wonder 'normal' people don't bother with all this stuff.
I just did a cursory search for options to backup google account.
The most comprehensive option seems to be https://takeout.google.com/settings/takeout, which offers to save data from almost all google services to a downloadable ZIP file. That is manual solution though, with no official way to automate.
Other option is to back up data from each service separately with different tools:
* offlineimap for GMail,
* goobook for Google Contacts (mainly for Android contacts),
* gdrive for Google Drive.
* other tools for other services.
I'm curious to hear other's thoughts on their experiences with this.
Could this have been fraud detection automation? I would be shocked if they didn't at least let you dump the contents of your account and setup temporary mail forwarding. It's their service and these people didn't follow the rules but when they ask us to essentially entrust our digital lives to them they owe even the misbehaving users (as opposed to criminal users) who broke a TOS agreement something more than just scorched earth tactics.
It's often quite stunning how quickly posts showing malpractice by Google disappears off the front page of HN. I wouldn't dare speculate as to why, but it's pretty common.
"Quite frankly it’s scary to think about how much I rely upon Google for everyday life. Losing everything that I’ve accumulated with Google for the past 15 years would be devastating."
It's probably best not to lean on a private entity like Google so heavily. People are literally giving them their whole lives. I've stopped using practically all of their services (maybe a search here or there), for this and many other reasons. I've hardly been inconvenienced at all.
I can't help but wonder how many people had this kind of account suspension for random reasons? I bet most of them aren't noticed. These people should be more vocal, because regular folks just have no idea how risky to rely on just one company for everything they do online.
In future, I'd hope some sort of digital risk management become a common practice, just like a fire drill or food storage in real life. They should also be taught in schools.
I had an account suspended, I still don't know why. It was a generic account my roomate and I used to manage stuff that we shared at the time. I still have some stuff hooked up to it. Logged in one day to get my new credentials from PIA and it was disabled. All I did was open a ticket from the backup account listed (my main account) asking what the deal was, and....POOF! account reactivated.
The same Gmail block happened to me circa 2010 without any explanation. It just stated that I "may be violated one of the service policies". Lost all data and access to every service that I didn't remember password for. Since then:
1. Use my own domain for email w/ Google apps to be able to reset it to different mail provider fast if something happens w/ Google access. Office 365 allows to use own domain--while paying for Office and cloud anyway why not connect own domain to the service.
2. Never use Facebook etc to authenticate anywhere--the same thing could happen w/ Facebook access. Access to services should not be directly connected to social activity. Now always password and email so access to a service could be easily recovered via email.
1. Don’t mess around with Google or any company that you simply can’t live without.
I know a better rule: Organize your life and data so you don't depend on a company.
Many people forget that Google isn't some sort of official service provided by the government but a public for-profit company that's largely guided by shareholder value maximization. While there's no doubt that the latter has big advantages over the former in many areas, there's a lack of public education on this matter. People (unfortunately including me) trust Google with so many kinds of personal data, it's scary.
> I know a better rule: Organize your life and data so you don't depend on a company.
Quite unfeasible request. You'll meet companies at the end of one line or another. You have to trust some company. You still need server providers, you still need a domain name, you still need reliable hardware manufactured by a... company.
This is a watershed moment for Google. Providing free email service was a way for them to get lots of data. The goal of course being to learn to massively scale computer networks, how to maintain them, back them up etc. Your data was the equivalent of 'cannon fodder' in their secret goal of controlling the world. Clearly, email has now become a burden. They can get orders of magnitude more data from the internet of things whose number now exceeds the human population on this planet. And all these things are talking to each other, sending data, etc. Our lives are inextricably dependent on these things - like automobiles, telephones, electricity, factories, etc- When google learns to optimize these networks, supply chains, distribution channels, etc. they will control the substrate on which we base our lives. People's behaviors, choices, values , etc will be manipulated without them even knowing it. Witness the first and most superficial attempt at this game - facebooks' 'fake news' campaign. Eventually, the AI that will inform these choices will be so complex that humans will not even know how to recognize it, let alone stop it.
I'd say I'm surprised that Google would lock you out of your own data despite their claims that you still own your own data, but Google has repeatedly demonstrated that this is not the case. I would be surprised if any of these users get their data or their accounts back without involving a lawyer, based on prior examples. The author says they've contacted the EFF, and hopefully the EFF will offer assistance.
This is one of the biggest problems with these vertically-integrated ecosystems, your entire online life becomes managed by a single company, which can revoke your access at will, effectively deleting your existence from the Internet. Don't be the sort of person who falls for this. Get a domain you control, direct mail from it to a mail service controlled by a different company than the domain. Make sure you have a contingency for issues with either one. Ideally make sure neither of those services are run by Google.
Much like a landowner owning all of the land around your property cannot reasonably deny you the right to cross their property to get to yours, I'd argue if Google does not own your data on their service, they must grant you access to that data at bare minimum.
This just disgusts me. This is the problem with giving everything we rely on to a for profit corporation like Google, et al.
It's not your data if they can take it away from you. Your data is their profit center so we should demand more of these companies or simply avoid them as much as possible.
Cheese off the government enough, and they'll freeze everything, bank accounts, ability to be hired, your freedom to not be in jail, everything, not just "your account with them".
The problem isn't the "profit" bit, it's the "everything" bit.
I agree that the "for profit" bit isn't the problem, it's the sheer size of Google. Everyone who has been paying attention has watched with dismay as Apple and "don't be evil" Google (along with other, smaller, actors) have become increasingly amoral over the last decade. Same goes, of course, for the government.
I don't see any reason to believe that there's anything other to it than sheer size: as a company gets larger, it becomes less driven by humans and more driven by its corporate structure, or whatever.
I use FastMail, and I don't imagine for a second that it would act any more ethically if it were in the same position of market dominance.
The good (really, the bad) news is that whatever seems to have happened, haven't really happened.
No user's data is ever deleted by Google (or any other company) ever, even if you have deleted your account.
If you run some hosting company, you know it. You have backups and backups of backups.
Once I contacted a website who frequently SMS'd me to scrub my phone number and to not do that again.
They did it right, but after a few weeks I began receiving SMS again. Probably they ran into some issues and some of their data were restored from their backup.
Some companies could even have read-only backups so that they can have their data saved even in a massive attack.
Some developers have argued me not to ever delete user data. Just mark it is deleted, and never show it to user again. Having a way to actually delete your data may be used by some attacker to bring your service down.
At Googles scale you can be sure that if they didn't delete things they said they did they would be in big trouble.
In the modern world it isn't acceptable to keep backups indefinitely. Big web companies keep backups for 14 days. When you close your account, 30 days later they delete it off the main servers, 44 days later they delete it from the backups, which might take 4 days in case of a national holiday or strike in the drive-crushing department, so 48 days.
Hm. Another lesson - avoid Google for critical accounts. Having your account handled by someone who can suspend it because they didn't like how you bought your hardware is simply too risky, besides just how weird it sounds. It highlights that Google wields too much power over their users.
Didn't some kid get their email shut down because they were under the age for having a G+ account?
It is insane how coarse grained Google is regarding all this. You would think they could shut down one part of the account without killing the whole account.
I think this would be illegal in the UK due to the Data Protection Act:
Some excerpts from Wikipedia on DPA:
"Personal data shall be accurate and, where necessary, kept up to date."
- Would Google be allowed to discard emails sent to you from others? Would this constitute personal information?
"Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."
- Would Google be allowed to prevent access to your personal information?
That's an interesting point, but my reading of that is that Google would be fine. They can't accidentally delete your data, but they can do it deliberately.
This sort of thing truly needs to run into regulatory force. I don't believe in government being up our collective skirts for everything but regulation does have its place and this, I think, would be appropriate use of such power.
And this does not apply to just Google. We've had run-ins with Google, Facebook and Amazon on different fronts and for different issues. And, in all cases, our clients had their accounts suspended forever, permanently, done, no more.
One case happened about six years ago. Google opened-up a product called, if I remember correctly, "AdSense for Domains". The idea was that, rather than park your domains with GoDaddy (or whoever) and have GoDaddy earn $0.02 and give you $0.005 on ads placed on your domains you could, instead, park them directly with Google and get paid directly.
One of our clients had over 250 domains on GoDaddy. They decided to move them ALL to Google. The process entailed moving them over to the Google provided DNS, followed by an automated approval process that took minutes. All 250+ domains got moved and all 250+ domains got approved.
About three days later: "All your Google accounts have been suspended due to fraudulent activity on your Google for Domains pages". Upon digging, it appears they claimed excessive clicks on ads. Well, nobody clicked on any of them. At least not our client. The domains were many years old and were logging ad clicks on a regular basis when parked with GoDaddy for years. In other words, normal behavior.
So, Google acted like a totalitarian regime run by an asshole and cut off our client. All for the $50 a month these parked domains were going to earn him. What really sucked was that his AdWords account got rolled into that as well, so they lost all ability to use AdWords to promote their legitimate business. No appeal. No email. No way to communicate.
Can't get more despicable than that.
Oh, wait, you can!
A different client. They had been advertising their products on Facebook with some results. Nothing great, but they were learning. Their product, for women, featured images of a woman wearing a normal bikini. No, nothing racy, just a normal looking bikini worn by a model. Facebook flagged the ads as inappropriate despite the fact that, during the same period of time, you could regularly see half-naked Victoria's Secret ads on FB all the time. So these guys, not wanting to get into trouble, changed-up their ads to simple graphics. No problem.
About six months later they decide to take advantage of a lucrative affiliate program for a business course. They decided on a budget and started to advertise it on FB. No scam, a course tens of thousands of people had taken. Legit through and through. About a week into this FB emails: "Your advertising account has been suspended permanently." No reason given.
They reached out to FB with their appeal form. No reply. Tried again. Snotty reply saying "Please consider this decision final. This will be our last communication".
And so, this company, a valuable and upstanding member of society, is now cutoff from advertising on Facebook forever. Done. For life.
This, in no uncertain terms, is pure highly refined bullshit totalitarian crap. This is NOT how business is done outside of the realm of games played by petulant children. It is disgusting, to say the least.
In the real world business people engage in conversations to find common ground. If a magazine doesn't like your ads, the editor will discuss them with you and seek modifications. They don't cut you off for life. That's some violent bullshit there.
No, I think it's high time the likes of Google and Facebook visit the receiving end of a good government style reaming. I'm so sick of it I am more than willing to get the ball rolling. What's the best course of action? Any law firms who read HN interested in a nice fat class action lawsuit?
Consumers can't be treated like this. It has been going on for many years. High time we put an end to it. Any takers?
I don't know if it's so much attributable to malice as it is that it's their business model of working hard to satisfy the 99% but neglecting the concerns of the 1% that cause trouble and take up a lot of labor without yielding commensurate return to the bottom line. I don't know if regulation is the solution, but at the least, we should be mindful of this and try to arrange their lives to be anti-fragile to these unexpected shocks.
I am going to be harsh here. It's not malice. It's the lack of an education. No, I am not talking about college.
I am talking about manners, caring, being considerate, respectful and not insolent, petulant and completely oblivious to what human decency and respect entail.
Places like Facebook are almost entirely populated by a generation of young people who are intellectually smart yet socially vacuous to an unbelievable extent. It is an insolent, immature generation where 27 year olds can actually behave like my 9 year old's do, or worst. And, in many ways, it's like Vulcans with shitty attitudes. No human part at all. An empty logic machine operating with a flawed and fucked-up version of logic they have created.
That's what's going on. They now rule the world and have very little in the way of human decency within them as a guide. And, of course, through intense age discrimination there are no adults to teach them how to behave in the face of real human beings, with real lives, kids, businesses, problems, bills to pay, concerns and needs.
This is the only context within which a person could possibly decide it is OK to utterly destroy someone's income without as much as a conversation.
And, since they don't seem very interested in correcting their behavior (or don't even understand why they should) it might be time to throw the only possible correcting factor people on the outside can reach for: Government goons.
It sure feels like it's about time. Too many of these stories out there.
You hit the nail on the head describing the culture of doing business with these companies. This is not the way the world works and certainly not the way legitimate businesses operate, dealing with them is incredibly frustrating. I laugh every time people complain about comcast or att customer service, just wait until they have to deal with google and facebook's nonexistent customer service.
@"good government style reaming", I just wanted to add that interestingly, a government (at least a democratic government) operates exactly the opposite of Google/Facebook.
By which I mean that there is democratic control over their policies, there is a hierarchy of courts and tribunals, there is a structured appeal process, and there are certain rights that no one, not even a court, can take from you.
It's almost as if at some point, people all around the world noticed that if an organization becomes so big that it's services might be considered "infrastructure", a different approach to decision-making is advisable. And they made that organization adhere to those principles, sometimes by force.
"good government style reaming" still sounds good and satisfying. If you've ever dealt with such agencies as the IRS you know exactly how scary they can be.
Google, Facebook and others need to experience this at a level 100,000 times greater than a typical contentious IRS audit. Maybe then they'll hire a few adults to teach the kids how to behave in the real world.
It's incredibly difficult and time consuming. I've found that a good compromise is to buy a domain name (or use one you already have), and pay for a reseller hosting account with a reputable service provider. You'll get a level of customer support that is far above a standard hosting account, full control over your email settings, and you'll have full root/WHM access to your account. As a bonus you can spin up a website whenever you want for testing or production, and make back your monthly fees by selling webspace to a single client. It sounds like a lot to just have good managed email, but I only pay about $15/month for the reseller account, barely more than a regular hosted account.
I went with A Small Orange, they have incredible support and they stay on top of abuse reports so their emails servers never get blacklisted. I've also used Tiger Technologies in the past and they are superb as well.
With that said, I'm still considering replacing Gmail with something like Fastmail even though I'm satisfied with the email service from ASO. Having a web-based account outside the reseller hosting umbrella makes two-factor auth a lot easier to manage.
You can't run an email server from a residential address b/c most ISP's block port 25 and 587. That being said, there a project called mail in a box, that attempts to be a plug and play solution. You'll have to host it on a VPS provider (Digital Ocean, for example) and even then you'll have a hard time keeping your email from being black holed by major email service providers like Google.
Is it unusual to have such terms in a hardware device? I'm guessing that Google loses money on the hardware but makes up the difference in other ways (i.e. personal data, etc). But, other industries use the same model without such terms. Are they trying to lock down identity so that it almost always has a one-to-one relationship with the device?
I've been thinking a lot about my personal dependencies, and how I can mitigate points of failure. The mental exercise I've been going through is basically imagining Netflix's Chaos Monkey [1] running loose on my life.
How can I be resiliant to data loss? Job loss? Cognitive loss? There are ways I can mitigate these risks, and some ways I can test to see if my mitigation strategies will work in practice. But how do I do that without devoting my life to it?
It's nice to dream of some kind of antifragile existance going forward, but for now the easy conclusions tend to come down to the 'two is one and one is none' variety. Backup everything I can, including but certainly not limited to my data and services.
Wait you have to have a Google account just to order a pixel phone? How dumb would you have to be to do that when you're doing shady reselling deals? But this is why I distrust any online transaction that cannot be done without a guest account unless there's some solid reason. There's no such reason for buying a phone.
Being locked out of my Gmail account is something I have worried about in the past. I have moved all essential email traffic to a domain I control. I do worry about my wife and her photos though. She uses Apple photos primarily but syncs them to Google Photos.
Is there an open-source cloud photo-management solution like Nextcloud or something?
This is a cautionary tale for those who buy solely into one eco-system. I know the convenience makes it tempting, but they control everything and if you do something they don't like, even unknowingly, you'll pay a price. Amazon too, has been known to blacklist folks, without warning and with only one chance to appeal.
"Don’t mess around with Google or any company that you simply can’t live without."
If your life/internet usage is that simple i think you might need to take some computer/internet lessons in learning about alternative services that work just fine. There is internet beyond google and Facebook.
I'm mildly uncomfortable with my primary address being outside my control. (Like most, I use gmail too.) A year or two back I registered stretch.email, as Stretch is, in fact, my last name. Obviously most of the more common 'stretch' domains are taken, but this one was available and seemed appropriate. I have since discovered that enough services don't support newer tlds as to make it basically unusable for authentication purposes.
Anyway, I guess I'll probably end up with mail@[firstname][lastname].com, but with some disappointment. I suppose I can always keep the .email and just forward it to the other though.
Strange – I've been using a .coffee domain and haven't run into a problem yet (although I've only used it maybe 30 times, not adding too many new accounts these days)
Many things support it, but many don't. I'd say something like 1/4 of the time I have problems. And often stupid problems, like sign-up works, but unsubscribe doesn't. That's frustrating.
It's really a problem with Google offering more and more services. On the one hand it is nice and convenient, but every additional service increased the risk of everything being lost because of some silly mistake.
I lost a Google account for using it to post a combative message on the State Department's youtube channel.
Google didn't tell me that, of course, but I don't use that particular account for many things and it was the only thing I used that account for in a long time.
Likely part of the push by Washington to get information companies to guide what dialogue is acceptable to post online.
I think I'd be really in deep sh*t if this happened to me, I have all my domains under google domains now, not to mention the vast majority of my email/contacts/sheets etc are all google managed... even with a dump, it would be excessively difficult to move/recover my accounts on other systems tethered to my gmail.
Does a service exist that compresses your entire Google Account (GDrive/Docs/Gmail/etc.) to an archive and then uploads it to your Dropbox (or other cloud storage) account?
I don't want to ditch using Google, I'm too integrated, but I would like to back up everything to a second source just in case.
Executive summary lesson: don't by a new android phone, especially if it's a google pixel, or Risk getting your account banned. Good job google, great way to maintain your customer's confidence.
But e-mail is more than that. It's how many services authentication/re-authenticate you. You can't even connect a new computer to your Steam account without 2-factor. And if all you have is an e-mail account, then you loose access.
If this is true it is very disturbing. I have a Google Apps for Work account, I wonder if anyone of these people did. They would lose their business email access.
Maybe a bit of a contrary opinion here but I think Google is in the right. You break the terms that you agreed no when creating your account, you loose your account.
I was in a similar situation recently where I lost my adsense account. My appeal got rejected, and once they made the connection to my other adsense account which was run by a business entity, they banned that adsense account as well for violating the terms with creating another adsense account. That it was linked to a YouTube channel that lost monetization and partner status didn't matter. That it was not even breaking the terms as it was owned by a legal entity instead of me as a person didn't matter either. Try to contact a human to get this mistake out of the way? Impossible.
It's important to know how fragile your entire online existence can be. Plan for these kind of things and backup often. Don't trust cloud services and have a emergency strategy ready.
For me, I took control over my domain, moved it to fastmail and would be ready to rewire the mx records to a different server anytime.
My dropbox account is getting auto-pulled to my NAS at home which is powered by a RAID setup, and once a week the files are compressed and stored somewhere else. It's setup in a way that if dropbox deletes a file, the NAS doesn't delete it unless manually given permission to wipe deleted files.
Same goes for Google Music - all files I buy or upload are getting auto-downloaded to the NAS and securely stored.
I have multiple Google accounts for different things: Music, YouTube, Analytics and all services that allow it have multiple account managers setup, just in case a account is getting terminated and login is no longer possible.
Then I still have 1 google account that I am using as login email for very important things, just because it's the least likely to get compromised.
After signing up somewhere with OAuth, I also immediately go into the settings and give myself a password and valid email to not rely on the OAuth provider.
Paranoid? Don't think so. Since knowing that my data is waiting at home for me and can't just disappear, I am sleeping a lot better. It was a bit annoying to go from the convenient "my google account is my life" to this solution, but the ease of mind is so worth it.
(1) Because the First Sale Doctrine is supposed to give people the right to resell their legally acquired goods. Retaliating against people who resell something they paid for already is extremely bad form on Google's part, even if they have found a tortuous way to legally do so.
(2) Regardless of whether Google was justified or legally within their rights to do so, cutting off people's email with no warning is alarming. Many people depend on Google's email and data storage services; if they're going to cut off your access because they don't like what you've done on something completely unrelated that may be a good sign that all of us should stop using Google's services while we can still do so gracefully. What if next they decide that they don't want to continue offering email service to people who bought an iPhone instead of an Android? Or people who voted for Trump? They could most likely determine both of those facts if you are using GMail as your primary email provider...
People here aren't really approving of what those folks out to make a quick buck were doing specifically -- they're concerned about the way Google does business.
Thanks for (1). BTW, if it makes business sense for the folks to resell mainly for profit; google can also retaliate in a way they like to respond. This is like tax-evasion - if you find better accountants/tax-consultants you do better than your govt.
In principle -> these people tried to outsmart Google -> and got outsmarted.
Not that I am justifying Google's actions.
For (2) I look at it from a different point of view. I am glad that Google did not cut email for some random Joe - just using a random-number-generator. Only those that did something which _may_ be hurting their business. please note, I am not supporting G totally.
> What if next they decide that they don't want to continue offering email service to people who bought an iPhone instead of an Android?
But what is your problem then? If they do not offer please move away. It is the same with apple; unless you have a _actual_ apple hardware you cant open appleID or even watch apple live product launches.
While I am not condoning Google or apple, it is how they want to do business.
Apparently so. On the Google Apps/G Suite (which is basically the paid business version of Google services, including Gmail) page about restoring a suspended user (https://support.google.com/a/answer/1110339), "You can’t restore an account that was suspended for abuse or for breaching the Google Terms of Service. To see why a user was suspended, click the exclamation on their account page for an error message. Then see below for your corresponding recovery options."
TL;DR: At least 200 people participated in a scheme in which they purchased (multiple) Pixel phones and had them shipped to a dealer in NH for resale to others, in contravention of the Google ToS.
In response, Google suspended all their accounts, without the option to download any their stuff, including email and drive data, etc.
Is a ToS rule like that even legal? This comes a bit more from copyright law, but the US has the "right of first sale"[0] which guarantees individuals the right to sell works they purchased to someone else. I can't imagine this protection would be weaker on physical purchases.
Additionally, Google's Terms of Service also says you own your data, including IP rights: "You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours."[1] I would question if refusal to grant users access to download their own data could be considered theft.
Of course, IANAL, but if I were any of these people, I would seek the opinion a real one immediately.
The "right of first sale" means that you can't be sued (well, you can be sued but they would lose) if you sell a book you own. It doesn't say that the publisher of that book must continue to sell you additional copies or that the author won't give you a dirty look if you pass in the street or that someone may take steps that don't involve suing you for copyright infringement to discourage your activity.
This is, by the way, the same trick that powers RHEL – the binaries are all GPL, so you can totally redistribute them to anyone. If you do though, RHEL will cancel your account.
You own your data but not the servers on which that data is stored, so you can't compel Google to give you access to it, any more than you can compel me to produce your comment from my browser cache if you lose it. Refusing to give you access to their servers definitely isn't theft.
Very legal. Arguably unethical, but that's a different question.
As a quick aside, Google EU is based in Ireland, and under Ireland's data protection legislation you _are_ entitled to data the Google stores (including whatever tracking they're doing that you don't normally have access to).
> Under Section 4 of the Data Protection Acts, 1988 and 2003,
> you have a right to obtain a copy, clearly explained, of any
> information relating to you kept on computer or in a structured
> manual filing system or intended for such a system by any entity or organisation
If anyone banned bothers to file a small claims case against Google, they could likely win. I've successfully won cases with significantly more grey area against well informed people in small claims, and Google would be compelled to send a company representative who is wholly unfamiliar with the law and what the case is about due to the way small claims court works.
The most likely outcome is Google will settle well before trial since they know the odds are against them, and the cost to fight it (just in labor) is much more than the cost of any Pixel phone.
I'm sure it varies wildly from state-to-state and country-to-country but I believe where they are required to send a representative that's an employee they can send a lawyer that that they have on staff since they meet the requirement. That said I'm not sure what advantage they'd have since small claims is a very different beast. Not to mention the costs to do so would almost certainly exceed the judgement. Might even be cheaper to simply default than deal with the back-and-forth of settling the matter outside of court.
My response to Google deleting peoples email accounts.
Google deletes artist’s blog, a decade of his work:
This makes me laugh my ass off. This is a bit of a pet peeve I have with people and modern technology. They believe they have a right to use a service even though they're not paying for the usage of the service. Then they turn around shocked and angry when the free service is removed. `Why! why did they do this to me, this is the biggest injustice! How un-professional of them!`.
Kind of like the dicussion I have with my collegues that `shouldn't you know.... support the open source frameworks we use to make money with?`... `Why would we do that?` ... Kind of leaves me speachless.
The guy you're laughing at is about 65 years old. I know nothing about Dennis Cooper, but people of that age are sometimes just not tech savvy. And based on what I've seen of his response to the situation, he never responded in the way you mischaracterized him above. Why is your first response to "laugh your ass off" when something unfortunate happens to someone else, even if that misfortune was brought about by their own ignorance?
Take a look here, his response is actually very thoughtful:
Sure, people should pay & support the tools they use, but there are a lot of clueless, inept people out there who have been trained by Google, Facebook, etc that everything is free.
Whatsapp with the $1 a year charge was a step in the right direction, but Facebook idiotically killed that (decent) business model. That could have made over $80 mil a month in revenue, while being a nominal amount for the average user to pay.
And the open source frameworks.... well it's up to you but I think it should be tackled from the other end. Guys keep your stuff proprietary and sell it. Or at least make the open source version less features. There I said it.
"1. Don’t mess around with Google or any company that you simply can’t live without."
Wrong. Get off of google ASAP. I have my own email. Yes I pay, yes it is a little bit less convenient. But I don't have to worry about such stuff. I still use the search engine but should actually use startpage.com instead.
Gandi offers Email with domains.
If you have your own domain and need email services, you can also use this guys: http://infomaniak.ch/
Less than US$20 per year. And non EU non US jurisdiction as a bonus.
There are python scripts available that back up your google email data via IMAP. I downloaded everything before I moved.
It is beyond shitty that the notification mail doesn't even give a clue as to what the violation was. It's a bit hard to mount an appeal against a genuine mistake if you're clueless as to what that mistake was.
"Ignorance of the terms isn’t an excuse, so be sure to read them."
I stopped reading after this sentence.
The American legal system is so stuck-up and disconnected from reality it would be funny if people wouldn't be screwed by it so often. Lawyers are given way, way to much power and common sense seems to be dead. Lawyers are paid humongous amounts of money for simple tasks, while big companies can and will pretty much screw whoever they like.
Some people had family photos saved in their drive that are now lost. It’s the 21st century version of losing priceless mementos in a house fire.
...I feel no pity for them. That's what backups are for. Real backups. Like, on HDDs that you have in your hands. It has never been cheaper to back up data than today.
I really hope people would stop using google. It's quite scary how people trust these liar companies, that definitely are not your friend. Alternatives needed from nicer companies..
Please don't post unsubstantive comments here, and especially not vitriolic ones. Throwing acid around is damaging to the kind of discussion we're hoping for.
What a bunch of scammers. Not only did they deprive people that actually wanted the phones for their personal use, but they also engaged in a coordinated effort to profit from them.
> What a bunch of scammers. Not only did they deprive people that actually wanted the phones for their personal use, but they also engaged in a coordinated effort to profit from them.
That's pretty harsh. They weren't depriving anyone of anything. Selling the phone on means that someone who wants one for personal use, gets one. And there's nothing inherently immoral about coordinated efforts to make a profit. That's what businesses are after all.
Just curious here, but why are people outraged over this? They clearly violated Google's policy, and there were repercussions. Those rules are there to protect Google; perhaps their only legal recourse to cover themselves after a rule violation is to suspend the account?
Only speaking for myself, but I'm put off because Google is punishing its users with a digital death sentence because they sold a phone that was originally bought from Google at full retail price. Yes, it's against the service agreement for the Fi phone service, but at most Google should only be allowed to suspend the user's Fi account, not irretrievably delete their entire Google identity. It's retaliation and punishment, and it shouldn't be legal. Basically, Google is claiming that these folks paid full retail price for a device they don't actually get to own, as they apparently don't have a resale right to it. That's a load of horseshit as far as I'm concerned.
All of that said, this is a perfect example of why you should diversify your online services and always, always have an offline backup.
In most concepts of justice there is the idea of proportional punishment.
For example it would not be considered just to cut off someone's foot when they are caught speeding. Yes, they broke a rule, but the punishment is a huge overreaction.
Google now has so many services, that so many people use for so many things (at Google's encouragement!) that cutting off everything for a minor violation of purchase terms seems like an unfair overreaction.
And it's bad business. I am most definitely going to think twice before putting data into Google now. In order to grow, Google needs its users to trust it. This seems like a gross violation of that trust.
The problem is that the customers broke the rules of their Google Fi service. I wouldn't be as upset if Google just suspended that one service (though I maintain that Google should not be allowed to do anything in retaliation for a customer exercising their right to resell a full retail purchase).
However, Google is not only suspending their phone service, they are deleting the user's entire Google account. For some people that goes all the way back to 2004 when Gmail started. That's a hell of a slap in the face, and they are doing it without warning nor chance for appeal.
Even if you agree with Google's stance on this, you must realize that this is horribly negative publicity for them, right? There are people (myself included) who are immediately seeking alternative services and planning to drop Google altogether because of this. It's highly disturbing that they would so casually drop the hammer.
The only process that will be happening is a class action lawsuit. The rest is just bad PR for Google atm because they decided to screw enough customers at once.
What if your landlord cut off access to your apartment, and everything inside, because you happened to have 3 guests visit and stay with you this month, instead of the 2 allowed by the lease? Would that be okay with you?
And that wouldn't even be as bad as this, because a lease is a far more legally applicable document unlike TOS's which no one reads. Further, at least your violation there is related to your apartment. The TOS being violated here was for a hardware device that isn't the service being disrupted. And the worst part is that the act that was in violation is one that governments want to encourage, to the point that owners are protected from being sued. Since Google can't attack them the ordinary way, they are using their leverage on those users with their other products to prevent them from conducting this act.
Presumably the argument would be "because otherwise the landlord accepts legal responsibility". Which means that if your apartment burns down with 3 guests in it he not only is not covered by fire insurance (that contractually puts occupancy limits because of legal demands on them), but actually has to pay for the ambulance and medical costs because "he created an unsafe situation".
So "why would people complain" ... it's a matter of perspective and maybe ideology.
I would say the other reaction is easier : make sure you have 5 google accounts. One is email and you DO NOT use it for anything even remotely business related.
What if your "landlord" (and by landlord I mean your buddy who is letting you stay in his apartment complex free of charge other than making you read through the occasional newspaper flier) cut off access to your apartment, and everything inside, because you happened to have a raging house party that encompassed the entire 20th floor of his building. None of those apartments were occupied so you just broke down the doors and let people run wild. They destroyed pretty much every apartment on the floor.
Would you expect that to happen? Would you want a lot of sympathy from other people because he just cut you off without prior warning? No?
The whole thing is terrible only in the way that people like this and the dealer who buy up products that are high in demand and low in supply are the scum of the earth. They provide absolutely no value to the supply chain and make life more difficult for honest buyers.
Even under the worst lease violations you can think of, it is illegal for a landlord to keep your stuff. They can throw it out on the curb, but they cannot keep it.
Google not only cut off services, they cut off access to remove users' content. I don't see how that is defensible.
They cut off access to a COPY of a users content. They didn't TAKE anything from a user. If, in 2016, you're relying on a free service as your only copy of important data, you're a fool.
Countless governments across the world could literally, without any notice, delete all of your data at the drop of a hat on ANY public service. See: megaupload. It's not the job of a free service provider, who literally makes 0 promises of data integrity, to provide you unlimited access to your data until the end of time.
"You don't need to worry about keeping your data anywhere else" is the heart of Google's pitch for all their services, including Gmail, Docs, Drive, and most recently Photos. I mean, the ads for Photos are literally people feeling better knowing that their stuff is safely stored with Google.
It seems reasonable to hold Google responsible for what they say.
Equating "copy of my data" with "my housing situation" is even more silly. Google isn't TAKING anything from you by locking the account, they are simply destroying what should be one of many COPIES of your data.
This would be the equivalent of you putting your key in a mailbox on the corner that you don't own, free of use, with no guarantees around it being there at any point in time. One day you go to grab your key and it's gone. Who's at fault? Google LITERALLY tells you in the TOS that you both don't own any content served up by their platform, and that they may suspend you at any time they choose.
>We may suspend or stop providing our Services to you if you do not comply with our terms or policies or if we are investigating suspected misconduct.
>Using our Services does not give you ownership of any intellectual property rights in our Services or the content you access.
If that's where you're storing your "key" - you should probably re-evaluate your personal storage policies.
Look, i could try and explain this all in detail, but i'm tired of it.
You're acting the same as Google. Cold logic, zero humanity. Go hug someone you care about. Maybe even a child or someone elder. Then run through through your head how it would feel telling them what you said.
A. Landlords can most certainly terminate your lease because of that. They can't throw you out immediately because of tenant protection laws, and they have to let you get your belongings once you're evicted.
B. ToS are just as legally binding as a lease (provided they are presented in the right manner, which is how Google presents them). No one cares of you actually read them or not. As soon as you check the box that said you read and agree to them, you're legally bound to follow them.
C. No one ever said that repercussions have to match the violation. As I said, perhaps suspending the account is the only way Google can comply or protect themselves legally.
D. Google has no interest in attacking anyone. They simply follow the protocol they set for this occurrence.
The common denominator here seems to be that people are getting outraged that they can't break the rules and get away with it.
Actually, many aren't. Many Terms of Service agreements or EULAs are looked at quite critically today because of the fact that companies reasonably expect that nobody has read them. Sensible provisions tend to be upheld, unfair ones... aren't always. If I install an app, and buried in it's EULA is a requirement that I become their indentured servant, it isn't enforceable.
They could've contacted people with a warning first. Act like actual humans. A company acting like a pure machine towards humans is not acceptable.
Besides that: Google is digitally killing people here for doing something whose damage to Google is not obvious to a layperson, and honestly not even obvious to me.
Perhaps they needed to suspend the account immediately to cover themselves legally? Besides most things at Google are automated. It's likely that a human didn't actually press the button that suspended the accounts.
I don't care about technical justifications, i was talking about morality and humanity. Google is still a company composed of humans, but a few people in there seem to lack a certain amount humanity.
Please do keep in mind: They digitally killed people here in something that looks like pure and petty spite from Google. Some of these people might have relied on their gmail account for their livelihood. (Think remote freelancers, etc.)
You can also look at it like this: The punishment is wildly out of proportion to the crime.
Even if Google is staffed by humans (it is), they have to act in-line with their job description. So long as their internal policies are the way they are, Google the company will lack humanity. And you can't change the internal policies because that's against shareholder interests.
I ratified peace treaty with Google - I trust their service more than my ability do properly configure backups and servers.
Example here? Someone abusing T&C and making profit on their phones... It's just like printing counterfeit money, stealing profit from the gov. No wonder why they got unhappy.
Until I inevitably burned myself with Google. I have no idea what happened but my account was terminated suddenly. No warning and no explanation as my backup address was no longer valid. This was two years ago. I lost documents, account details, contacts, calendars, email history, conversations between people on hangouts plus my phone decided to ask me to sign in again and became as useless as a dumbphone instantly.
Took about a month to reorganise my life and I lost contact with people, failed to complete tasks because my record was gone, lost control over my personal finances which were in Google sheets. Probably burned a week of my life on this as well.
Now using a cheap Nokia 106, POP3 box with gandi.net, mozilla Firefox and lightning, encrypted USB sticks for backup and LibreOffice. Never been happier.
I am genuinely afraid of going through this again. Everything remains portable between OS and provider now. Things are more volatile than we realise. I understand my father now.
I'm not against using all in services like Google but you need backups, an exit plan and a DR strategy explaining where all the services will go plus the time to carry it out. If you don't have these or it's too expensive to do this even for a personal user, don't even cross the starting line with the product.
Edit: Also beware of potential mergers, political whim and products being redacted or broken for long periods of time. All of these have affected me over the years.