Hacker News new | past | comments | ask | show | jobs | submit login
Getting Google to ban our entire company (reddit.com)
538 points by highace on May 21, 2018 | hide | past | favorite | 336 comments

None of this makes any sense, I simply don't believe it.

G Suite for Business is an enterprise product costing $5-25/user/month with 24x7 phone support, escalation paths, contractual SLA's, etc. It competes heavily and directly with Microsoft. A company doesn't get "banned".

This smells like black PR to me... playing on Google's lack of support/transparency around free consumer accounts and trying to get people to associate it with their Enterprise division.

I mean come on, just the way it's written: "One of the girls at work was fucking bawling her eyes out since she couldn't access her e-mail either." and the final "I do not know why Google has a scorched-earth policy when it comes to this kind of stuff, but I fucked up and our boss is looking to migrate away from Google even though we just recently signed on not too long ago." It just feels too obvious.

(Also, G Suite for Business accounts don't have recovery e-mails -- your admin takes care of your account -- so the supposed personal bans sound made-up too. EDIT thanks to ballenf below -- by default users can't set recovery e-mails, but a G Suite admin can enable that option for their domain.)

> None of this makes any sense, I simply don't believe it.

Something similar happened to Josh Marshall, who wrote an article about it: https://talkingpointsmemo.com/edblog/a-serf-on-googles-farm:

> So let’s review. We are paying customers of Google. We were forwarding emails from the site’s main address to all staffers. But because we receive a lot of spam, the spam that we were forwarding to ourselves marked us as a major spammer and led to Google banning all our emails with no notice in advance or notification after the fact.

> You might imagine that once we got through to someone at Google and explained this ridiculous situation they’d fix it. Well, no. Once we got through to someone they explained what happened. They told us a few remedial actions we could take. Once we did that, over time the algorithm would cease to think we were spammers.

The article also has this really apt quote for understanding Google and many companies like it:

> Google is so big and its customers and products (people are products) are so distant from its concerns that we’ve gotten caught up in or whiplashed by rules or systems that simply don’t make any sense or are affirmatively absurd in how they affect us. One thing I’ve observed with Google over the years is that it is institutionally so used to its ‘customers’ actually being its products that when it gets into businesses where it actually has customers it really has little sense of how to deal with them.

I don't disagree with most of the takeaways here, but to be clear that email ban was entirely TPM's fault. They even admit to the cardinal sin of email sending: using one address for everything:

>Many of you know that we have one company email address here at TPM. It’s the one linked at the top of the site. It’s the lifeblood of the whole operation.

I also know from personal experience they used to send newsletter/marketing/transactional email from the same address, which you should never do. They probably got a little spammy with some marketing or newsletter emails and got their domain blocked by Spamhaus or another intermediary, and like every other ESP google has automated systems to blanket ban when they see you pop up in a spamhaus list. Pretty simple.

G Suite Business accounts absolutely do have recovery emails that can be, and often are, personal accounts. I'm in my gsuite account looking at the setting right now. And wondering if I should change it.

I wouldn't be so quick to dismiss the whole incident as conspiracy. It sounds relatively plausible to me, but agree that there are clear holes in the guy's knowledge or explanation.

Can also confirm. Here is a screenshot (with personal details removed): https://i.imgur.com/cn7yiet.png

Just click Profile in top right -> My Account -> Sign-In & Security -> Signing in to Google and scroll down just a little.

Yep, I edited my comment, TIL, thanks. It's not available by default, but an admin can turn it on:


> And wondering if I should change it.

It's probably too late. If it was once there, they will keep it forever.

> It sounds relatively plausible to me

Grandparent gave a ton of reasons, though, why this situation is particularly implausible. Why exactly do you disagree?

Again, B2B services like this are bound by actual, legal, signed contracts and real, monentary consideration, not EULAs and "free with ads" business models. Service providers don't have the freedom to unilaterally "ban" you, and that's literally one of the things you pay for.

It didn't happen, at least not as detailed in the post.

> Grandparent gave a ton of reasons, though, why this situation is particularly implausible. Why exactly do you disagree?

None of grandparent's reasons are smoking guns, they're just "things that would fit the conspiracy if it was a conspiracy". The probability that it's fake given those reasons isn't high enough (like by Bayes' Rule) to deem the whole story "definitely implausible".

> "I do not know why Google has a scorched-earth policy when it comes to this kind of stuff, but I fucked up and our boss is looking to migrate away from Google even though we just recently signed on not too long ago."

That seems like something you would definitely overhear your boss talking about if you also heard that they were trying furiously to contact Google.

The best reason it's maybe a conspiracy is that Google would be hesitant to "ban a whole company", but who knows, maybe if the perceived ToS violation appears severe enough (they didn't know OP's persistent piracy was a joke) Google has zero tolerance.

And the contract (Not signed, just a checkbox at least when I last signed a company up for GSuite) probably gives them the right to terminate the service in case of violation. Not that strange really. And for a ~100 people company going up against Google, you're in a pretty rough spot even if you're in the right.

I think it's real, though much of the story involves the "optimal Reddit protagonist": https://www.reddit.com/r/TheoryOfReddit/comments/2hbwoh/the_...

I suspect the company was using the free consumer version. That comes with little escalation, etc. They probably should have used something different for business email for a company with 100+ people, but this is not the point.

The valid point, if true, is that an action of one individual caused a major disruption for a lot of other people that are connected to him only via google algorithms or some other vague means.

Banning non-violating business accounts from the business that breaks ToS is kind-of OK (but should be followed by a human interaction to check); banning personal accounts for folks because of their business ties is not. My 2c.

The free edition was discontinued in 12/6/2012 and only supported 10 users. The new lowest tier, G Suite Basic, has 24/7 phone support.

When Google bans your account, you no longer have 24/7 phone support.

Small correction, the free edition used to support 50 users. I know this because a company that I work for still has it (we only need about 15 users). Still not enough for the size of OPs company.

The free edition started with 50, then they switched it to 10, then I think they got rid of it. I'm grandfathered into the 50 even though I've only used 2.

Is there a way to view your user limit or how long you have had G Suite?

I thought I had it since the beginning and my Gmail account has emails to my custom domain going back to October of 2005 however Google says it launched the service in 2006.

Admin Center, under billing.

> and only supported 10 users.

The original Free Accounts (Back before it was gsuite) was 100 Users, then ti was reduced to 10, then phased out completely.

If you had one of those Apps for Domains accounts back when they were 100 Free Users you still have 100 Free Users but you are limited to like 15GB per user or something like that

From some of people that had to use the phone support, they just enter your complaint into an internal ticketing system and wait for someone to answer back (eventually)

> I mean come on, just the way it's written ... It just feels too obvious.

This is a hugely weak argument. Any legitimate complaint about bad service is likely to sound similar to a false accusation of bad service - that's the whole point, right? Sure a bad actor might say a girl was bawling her eyes out, but there's no reason why a real complainant wouldn't as well.

I doubt its black PR, the possibility of blowback seems to high relative to the gain. Rather, people making up tall tails on the internet to entertain people is entirely banal. And because lies and distortions can be much more interesting or outrageous than the truth they have a sad tendency to spread.

Eh. I doubt it's a PR move. More likely just some redditor making shit up.

This comment sounds like pro Google PR if anything.

And people wonder why I don't want to use Google products... The fact that you might be locked of all your accounts for a random bullshit reason (with no support either) is completely insane. People reading this here on HN, please don't use Google products for any important matter or it might bite you back one day (basically only what you can afford to lose).

Exact same thing happened to our previous startup cohort. To top it off the dev already had a banned account before he joined the startup and had a "poisoned" banned play account. He logged in via google multi-login account to the startup and in a few days google banned the entire startup. The whole seed funding, adsense, docs everything gone up in smoke. Funny thing; only adwords was not banned and they kept siphoning off funds for non existential apps. The Founders found everything banned and didn't bother to check if adwords was also banned; and it wasn't. Sneaky google. Sneaky

Sounds like a nice way to sink a competitor.

How did you resolve it? Did anything happen to the employee?

The startup was dissolved. One more startup with $60 million funding is winding down : https://www.smartcompany.com.au/startupsmart/news-analysis/a...

If all he did was multi-login without otherwise doing anything inappropriate, and the company generally allows signing in to personal accounts, I hope nothing happened to him. That's no reason to discipline or fire someone, even if that was what triggered Google's algorithms.

This is exactly right. Amazon or Microsoft would never do this to you if you were using one of their services. And if, for some reason they had to, you could talk to them about it.

I really hope someone for Google is listening ... I WANT you guys to be successful so that we have more competition in the market. But honestly, you just keep shooting yourselves in the feet.

If you treat Consumers like crap, then you must expect Enterprise customers to be concerned that you are going to do the same thing to them.

It's not like this is an isolated story either ... Google dropping the ban hammer on someone is a recurring theme and it makes me question whether I should be looking at alternatives.

Just a reminder that a guy was locked out of his Amazon services, plus $140,000 of cash and inventory from his shipping business, because he changed the name of the profile on his Kindle Fire to "baba". He was stuck in autoreply hell and wasn't able to get resolution until he made a huge stink on social media as is happening here.


This makes me wonder if there should be laws enshrining corporate responsibility and perhaps a mandatory appeals process.

"But companies are people too, and they should be able to decide whom to do business with at a whim!"

Freedom of speech is meaningless, when you have no voice.

> Amazon or Microsoft would never do this to you if you were using one of their services. And if, for some reason they had to, you could talk to them about it.

Do you seriously believe this?

You understand people get locked out of the cloud accounts with Amazon and Microsoft all the time. And with Amazon and Microsoft they lose much more than access to their (free!) email account, they lose access to Kindle Books and Software Licenses that they've paid for with real money. That's a much bigger deal.

The moral of this story is that US citizens and businesses have zero recourse when they run afoul of web-based services. They have no real legal rights to their digital property. If the US had some kind of GDPR-like law that allowed customers an irrevocable right to their own data then this wouldn't be such a big deal. Indeed it might even spur some competition. But today you've got absolutely nothing. Today the onus is completely on each person to protect their own digital assets.

> Do you seriously believe this?

I know that even on a pretty small spend AWS had assigned us an account rep who would have moved heaven and earth if this had happened to us. I know Amazon retail has real humans in Ireland who will take my calls and take me seriously when I have problems.

I got an email recently from Google saying they were required to inform me they’d hired another gigantic Indian outsourcing company to do ... some kind of customer support work.

> I know Amazon retail has real humans in Ireland who will take my calls and take me seriously when I have problems.

Curious how you know that?

I've seen it happen as well to friends who have had previously stellar AWS reps that fall off the face of the earth when the ban hammer falls.

His was for "too many returns" when there was a huge scammer ring buying the type of items he was selling and returning bricks in the boxes. Took many weeks to get resolved, and the ban of course shut down everything including his personal accounts, AWS accounts, etc.

Amazon, Google, etc. seem to have decent "happy path" support - but if you fall into either an outlier or stuck into a "bad actor" group you may as well effectively not exist if you can't get traction on social media from the few cases of this I've seen.

Google and Amazon use mostly the exact same outsourcing companies for their 1st and 2nd level support.

If this is true AWS either demands more or pays them more because AWS high tier support vs GCloud "platinum" support is a joke.

I can usually get even a very hairy ticket resolved on AWS in a manner of hours, every gcloud ticket we open takes days. Sure the respond in 24 hours but it's usually just a response that says "We'll get back to you eventually". If google actually wants to compete in cloud services they need to step up their game.

There's a regional Amazon support hub (for South America) a few floors down from where I'm sitting. Microsoft has stellar support in this region (I even interviewed once). As far as I know, Google has no equivalent.

If I had to rate them, I'd say Microsoft has by far the best support, followed by Amazon, and Google's is (almost?) non-existent.

Greetings google user. Were sorry that you're having problems at this time. Please check into the forums and go get support from other sorry sods who also need help. Maybe if you can run enough brain cells together, you might be able to solve an issue.

-your favorite google tech support (NONE!)

AWS support is not outsourced but knowledgable US people who can and do page anyone including the engineers for help. There is a reason the top level of support costs an extra 3-10% of spending.

>who would have moved heaven and earth if this had happened to us

Baseless assumption.

>hired another gigantic Indian outsourcing company

How is this confidence inspiring?

I am guessing the giantic Indian outsourcing company is filled with AIs, they probably couldn't afford "real humans"

I absolutely do believe this, I have people from Microsoft reaching out to me constantly regarding our Azure account here. If there was abuse on it or something of that sort, I would not only get an email, I would get a phone call. We don't even spend that much. We don't pay for their upper tier support plans either. At my last job, Microsoft worked very actively to help the corporation (much larger than my current job) move over thousands of emails over to Office 365.

> Microsoft worked very actively to help the corporation (much larger than my current job) move over thousands of emails over to Office 365.

Of course they did. All smart businesses would. Do you think they would also help you to move your mails out of Office 365, to a competitor maybe? That'd be noteworthy.

I'm curious - how are time-sensitive and potentially irreplaceable emails and documents upon which your company's existence or your job may depend, less important than a collection of software licenses that, while expensive, are re-purchasable and not going away anytime soon?

I should have been more specific - I was mainly thinking about AWS or Azure.

I believe for all of Microsoft's business services, you can submit a real ticket to real support people. Completely possible with my organization. It better be too, given that we pay them maybe $15,000/year for Office 365 licenses.

My experience is that this is true for my company's corporate Azure/Office365 type services and ALSO for my personal Office365 Home subscription.

I had an issue sending an email from my personal microsoft account and I submitted a case via the support tool and I had a response from a helpful representative within 12 hours.

Microsoft offers free phone support on free services. I had an issue with parental settings in Microsoft Accounts and Xbox Live. I was able to chat with a person online, receive call backs from 2 different people, spent hours on the phone, and a received a up email many months later from Microsoft notifying me that the issue had been resolved.

It wasn't a pleasant experience but I did get to talk to real people and they did eventually resolve the issue.

The same Amazon who have had publicity for shutting down your entire account, along with associated services, if you have the "wrong" profile of returns?

Sure I know some will abuse returns policies, just as some buy an outfit in the high street, go out, and return it after the weekend. With the amount of defective by design, counterfeit and plain iffy product in Amazon's co-mingled marketplace inventory I expect there's been false positives just by being unlucky in product choices.

Reliance on google is dangerous for sure. A couple months ago my startup’s popular Chrome extension was unceremoniously yanked from the Chrome store. It took weeks to get the situation resolved, and even then it was only because I live in Silicon Valley and know people at Google who could ping the Chrome team until it was fixed. In the meantime, our most popular product was sidelined.

We have since ported to Firefox Quantum to be less reliant on Google.


> Reliance on google is dangerous for sure.

It is also unnecessary. While I understand the convenience, there are plenty of better solutions to use over Google, especially for a software company.

I’m curious to know how a company like mine [1] might offer the same value to users while avoiding google.

When we first launched (on HN, I should note), we checked the browsers that people used to come to our site. It was roughly 90/10 Chrome/Firefox. That’s why we built our first extension for Chrome (and later built for Firefox also). Don’t we have to meet our users where they are?

Would love to hear your ideas!

1: http://www.BeeLineReader.com/individual

> http://www.BeeLineReader.com/individual

Completely off topic but do you receive feedback from some users that your color gradients actually make it harder to read? I was struggling to read your landing page, my eyes kept were involuntarily flitting all over the page. My eyes kept jumping around scanning like they would at a traffic intersection or a pool (I was a lifeguard) for activity. It was kind of weird and stressful.

We do occasionally hear that. Did you try the more subtle color schemes, or just the default (which is the brightest)?

I didn't, I'll go back and give it a try. It seems like a really interesting idea.

> and know people at Google

That seems to be how a lot of these stories (and stories like these aren't really uncommon on reddit or HN) of getting locked out of Google stuff are resolved.

If you don't know someone, you're hosed. How many times have people without inside contacts or reddit/HN accounts gone through this? We'll never know.

One thing that makes me always wonder is that Google can get away without proper Customer Service. Usually if that kind of thing happens and an employee refuses to disclose the details, you talk to their manager and so on, and if the company still refuses to restore the service, you get it to the court for illegal termination of the contract. I mean, you can't terminate the contract with another company without explaining why (and no, "you violated the terms but we can't tell you exactly what" is not an explanation.)

"We have the right to disable your account at anytime, for any reason and without notice" is pretty standard for anything cloud based. IME the business leaders in charge of decisions to move to cloud infrastructure are even less likely to read the terms of service than a general user is.

Except this story doesn't add up, because Google's customer service for even small companies on Google Apps is pretty good.

I'm guessing that the company isn't using G-Suite, but rather a bunch of gmail accounts set up as 'work' accounts. If they were on G-suite, they'd have a support line to call.

Having been a G Suite customer at a school district...their customer service is not great. It's fixable but I wouldn't rely on them. Please understand G Suite for schools is free. You get what you pay for.

I've been in the same boat (gsuite for education, for free) and have had top notch customer support on the couple of occasions something has gone wrong.

Suspect what is happening. G-Suite support is actually pretty good for a tech company.

The story is it's Google Payments that triggered the shutdown. The friend of the writer would have been the Google Apps user.

Google Payments is ridiculous. They escheated my merchant money to Delaware government, but their supports referse to provide the merchantment ID to me so that I can't find back the merchantment from Delaware goverment. It is like threw my money into the ocean. They said Delaware government didn't give them the ID. Who know.

I used them previously and I would say their support was OK .. I would never call it good.

We have platinum support for gcloud, it's terrible.

I still love GMail, the interface works better for me than for others. Just use your own domain (with a third party registrar) and you can just swap the front-end if Google decides to ban you.

Same with a small company, as long as you have control of your domains and regular backups of the emails, having a fail-over isn't that hard. In this case the real damage is personal accounts, the business accounts could probably be up within a few hours at another provider (plus some more hours until backups are restored).

That's a good advice, always have a backup plan for that (and custom domains + email backups are working great as a backup plan).

My personal recommendation is that your domain registrar, web host, and email service should all be different parties. Segregate your risk of losing control of all of these at once, it makes recovery drastically easier.

Bear in mind, if someone's all in with Google, they might have their domain controlled by Google Domains.

Also a rookie mistake to avoid: the contact email address that you provide your email hosting shouldn’t be the domain hosted on that service. If there is a technical problem with a loss of access to emails and you need to contact them,... ask me how I found out!

Ok. How did you find out? :P

Not GP, but I'm guessing something happened with either email delivery or login, which broke either receiving support emails or being able to login to see any email.

This I agree with. I even run my nameservers different to my registrar, meaning that if my registrar has technical issues I can still control the domain routing. If the nameserver company has issues, I can still change nameservers.

I strongly agree with this, but I'd go slightly further and say your domain registrar should be entirely independent of any other services.

At one point I had my domain registered through my ISP, which was run rather eccentrically by a gentleman I eventually had a dispute with. He then (probably illegally) disabled all my DNS records, leaving me without my main email account for a week at a particularly vulnerable point in my life. It was horrific.

Agree entirely.

This should apply to all cloud services. If you use them for anything critical, total migration and DR should be part of your exit strategy for if anything like this happens. Everything you have in the cloud should be backed up in neutral formats off line on your property.

I’ve had a couple of run ins with google and personal accounts a few years back. Once my sign in was broken for two weeks. I couldn’t sign in with it showing a non descript error. I couldn’t find or get anyone to help. If this was anything business critical then it would have been pack up and go home.

Google apps support is notoriously crap as well. Been there, done that, left quickly.

Not that everyone can afford such things but a few companies I have worked for in the past have mirrored their entire cloud infrastructure across more than one provider (aws, google, azure, etc).

One was co-located at one data center that had connectivity issues and they had all traffic automatically rerouted to their development stack in the office which operated as production while their colo sorted out issues.

As a Google Apps/For work admin I also have experienced really hostile policies and support in the past. Its really shortsighted of Google because now they want companies to use their GCP platform which I find insane.

This reminds me to download and remove all my emails from Google’s GMail servers. Does anyone know of a good automated solution to do this on a regular basis?

That was the standard de facto way of accessing mail before web interfaces ruined it all: a lot faster than using a browser and you get full access to all your mail for complex searches etc.

Any offline client will do; I use Claws Mail since ages where I migrated all my email also from past clients such as Eudora under Windows XP. http://www.claws-mail.org/

It's multiplatform, very fast and stable and can keep, index and search huge datasets of emails (mine is over 60K messages since mid 90s) in seconds. Backing up/exporting the email database needs only saving the Mail directory in the user's home; I've successfully moved mail directories between Linux and Windows installations of Claws Mail without a hitch. It made Outlook users drop their jaws when they realized how fast it is and they no longer needed to delete years of mails because the client became slow as molasses.

All you have to do is configure it to access Google servers like any other client then check the option to delete the mail on the server once it has been downloaded. IIRC this option is checked by default.

Gmail (still) supports IMAP, so tools like offlineimap should work just fine.


There's a fairly direct way to dump all of your Google data here: https://support.google.com/accounts/answer/3024190?hl=en

I used it for a grepping through years of emails.

Maybe not what you want, but you could do this using a regular pop3 client and set it to delete copies from the server.

I therefore created a icloud and outlook account. Google allows you to forward all emails to anywhere. That way all three companies have to block you... Hope not

POP3? You can use the gmail pop3 server via your mail retriever program, and set it to not keep mail on the server (which is generally the default). All mail suite software (Thunderbird, Outlook, Evolution, etc.) and individual mail retrieval programs (e.g. mpop, fetchmail, getmail, etc) support it.

Google Takeout can probably be scripted somehow.

If you're on G Suite you can use GAM (https://github.com/jay0lee/GAM) to automate mailbox exports directly to mbox files.

It was a story like this years ago that prompted me to switch to FastMail. Have never looked back.

Suggested alternatives? Anyone ever had a similar / bad experience with Microsoft?

I always recommend fastmail. I’ve used them for decades with no issues. On the rare occasion they have an issue, they go all out to fix it quickly and keep the user community informed. I once asked them to trace a delivery problem through their server logs, which they did in less than an hour - they politely showed me where I screwed up! I can be logged in and making changes from multiple platforms simultaneously and everything works flawlessly. In addition, I think they are honest when they claim they don’t scan or sell my data.

Their web app is very good. (Previously, I was using Gnus.) I also use iOS Mail to access fastmail via IMAP, because the VIP “folder” feature is great for cherrypicking.

I've had nothing but horrible experiences with Microsoft. Frequent down times, high latency, surprise licensing fee increases, vendor lock-in, software that gets worse every year. I wouldn't wish Outlook or Skype on my worse enemy.

Also if you don't pay up, they might raid your office and take your computers.


What's a good gmail alternative?

Your own email account on a VPS or other web hosting? I've been doing this for my work email for years, moved my personal email over at the start of the year and so far it's worked perfectly. Thunderbird's support for long email threads isn't as good as Gmail's but that's about the only downside I've seen (and that's a downside of Thunderbird, not of the approach to email).


No, really. even though free accounts ending. Actually not even sure if you can sign up at the moment. Has basically 'just worked' for years though, hopefully they stay in business. :/

Doesn't look like there's anymore active signup :/

Zoho is excellent and fills almost all the gaps of GSuite.

I've posted many times on HN an anecdote of mine regarding using Google (paid) services. Basically got my ex-employer (30 people) company on board to using google docs accounts to share documents. Since this is a corporation we decided to go with the 50$/user/year, which we duly paid each year.

Things went swimmingly well, until a user reported seeing an error message, and then not being able to access the document at all. Escalation was a joke, and after a whole week of not having access to the critical google spreadsheet, Google was still fumbling around. Finally we got the document back, because one of the employees had kept the email containing the URL of the document (sent out when a document is shared with a group of people).

If it wasn't for that old email kept by an employee, we'd probably never would have 'found' the document again. Google's support was at best incompetent.

Beware dancing with the Dragon that is Google! Backup your files, keep important document URLS!

Hope this helps a poor soul somewhere.

This is basically the opposite of Microsoft. I've only had to call Microsoft less than a handful of times in my career because for the most part, their stuff just works... however on those occasions when I did call them I was able to get quickly through to a person and have my issue resolved within 24 hours.

As a matter of fact, with every MSDN subscription - you get two support incidents worth $500 each and if you tell them it's an emergency, they'll stay on the phone with you until the matter is resolved.

My experience with Microsoft was different. Back in the day, I installed IIS server ( MS official web server) and it wiped my system. I called customer support and they said that I needed to reinstall to fix it. I re-installed everything. Installed IIS and everything was wiped again. Customer Support said that they could not help and I should wait for the next patch.

Sounds like you didn't choose the paid support option.

When you pay them, they stay until it's fixed.

They stay until they exhaust all reasonable chances of fixing the issue, which is different.

There are limits to what tech support can fix, but getting to the point of "wipe it and start over" can be pretty quick.

He said he did this and it happened again.

> if you tell them it's an emergency, they'll stay on the phone with you until the matter is resolved.

That seems like a terrible idea. How many times has someone entered a "CRITICAL URGENT" support ticket regarding not being able to change their background image, or being blocked from downloading a game or something?

Those support calls are screened- "is this a work-stopping event for some % of your business" is a standard screening question. They are also expensive.

Would someone paying you $500 for a support call to change their background image be unwelcome?

I remain neutral on the story's truthfulness but I think there's a difference between the quality of Google's engineers and the customer facing employees they hire.

I've seen comments similar to this before. Why would it matter? As an end user, knowing it was Department A rather than Department B that gave you a crappy experience is meaningless.

The company is responsible, whether that's down to culture or management or whatever else. If they focus on getting the best engineers but don't put the same effort into setting up the best customer service, that is very telling.

Enjoyable user experience isn't a high enough priority for Google. They have the resources and they choose where to focus them.

maybe I wasn't making it clear. I didn't mean they should be different. I'm merely saying their customer facing staff don't seem to be as brilliant in customer service as their engineers in engineering. But reading it twice, i realise it can be interpreted either way. I don't disagree with you.

Are you doubting that a Google spreadsheet disappeared from Google documents, and that support reps had a difficult time finding it?

That seems like a pretty weak criticism to make up. And the account your questioning has a history here, and is not promoting another product, so why would they make that up?

Why couldn't you just search drive? It's not that big of an organization.

Just to be clear, ALL our documents were wiped out from view. We could not search anything.

I'm just trying to understand the story here. Help me understand where my misunderstanding is.

So you're saying that you couldn't view it in Google Drive, because the documents were wiped. However, you were able to access the Google Sheet directly through the URL in an email?

How does that work? If it's a critical document like you say and your organization is operating out of it then that means it shared and it is in the "Shared with me" section. How were you able to access it if it was wiped?

Your original comment said it was one file, and finding the original URL found it. (Also BTW, everyone who is shared on the file can look in "Shared With Me" in Drive, no need to hunt for e-mails.)

Now you're saying that your entire organization's files were all gone from Drive, in other words total and complete organization-wide data loss, and that Google wouldn't help you...?

And yet finding one URL fixed all that again...?

We only had 3-5 documents online. 1 of those documents was a spreadsheet VERY important spreadsheet. All documents disappeared after the reported error occurred. Google wanted the document URLs to retrieve the 'lost' documents. We only were able to get a hold of 1 URL for the critical shared spreadsheet, which was finally recovered.

All other documents were lost, but luckily they were not critical. But we still lost them. Hope this clarifies?

Was it "just" a spreadsheet, or did it use some custom scripting? Or in other words, how would you have backed it up? Just export it as a file every hour, and store somewhere (other than Google drive)?

Where to begin with this.. hmm..

First you:

"I have a friend who creates Android apps on the side. I do something similar to this, but instead my apps revolve around cloning .apk files and restoring them". Why not be clear and just admit you're pirating software off an App Store? Ok, not the smartest activity in the world BUT did you have to do it at work?

Then Google:

"We were all freaking out, our IT guys were trying to get a hold of Google but couldn't get in touch with anyone." - So yea, unless you're one of Google's 'poster' customers, good luck trying to get help when something goes wrong!

"Their policy is to not share any information about what caused this and they will not reverse these actions." - Yup, that's Google. Unless you're one of the customers on this list: https://gsuite.google.com/customers/ you are totally screwed when something goes wrong.

I introduce the world to the ToS-DoS Attack - only a matter of time before this now gets exploited:

- Hack into a companies GSuite account and create a new account.

- Use the new account to commit a range of ToS violations.

- Wait for Google to suspend the entire GSuite account.

" So yea, unless you're one of Google's 'poster' customers, good luck trying to get help when something goes wrong!"

This is just plain wrong. I contact Google for tiny, insignificant clients on a routine basis. This claim has no basis in reality if you're using paid G Suite.

I am involved with paid GSuite at 3 organisations (one of which is a big fish customer) and I can tell you the difference in experience is night and day.

You might be right, however I've never had trouble making contact, or having my issue resolved even for small fish.

Any incidents where Google terminated the paid account? No longer a paying customer at that point.

I got the impression that step 1 isn't needed, it was more:

1. Create a google account and set your recovery email to the victims.

2. Use the new account to commit a range of ToS violations.

3. Wait for Google to suspend the entire GSuite account and every linked account.

For step 1 I don't think there is (or at least wasn't) any validation, I found out a family member had me as their recovery address when they changed passwords.

Wow. Well this just keeps getting better.

No wonder Google don't want to discuss their suspension practices - just another form of '(in)security through obscurity'.

If the hearsay is correct then this appears to be a hole the size of a galaxy!

A "victim" would need to approve being used as a recovery account. (click link in mail etc.)

No. Ironically, this is opt-out, not opt-in.

That is, you (as recovery email holder) would need click the link ONLY if you want to unlink. The URL is in the footer of the email and it is easy to miss.

No. It is opt-in. You need to type the 6 digit code from recovery email id into your settings.

I just now added my personal email as a recovery to my work email to test this. It is opt-out.

> Subject: "Someone added you as their recovery email"

> Someone added <mypersonalemail>@gmail.com as their recovery email

> <myworkemail>@<myworkdomain>.com wants your email address to be their recovery email.

> If you don’t recognize this account, it’s likely your email address was added in error. You can remove your email address from that account. Disconnect email

The "Disconnect email" at the end is an opt-out link.

Having to actually type in a code sounds like a smart move on Google's part, to avoid spear-phishing and XSS attacks.

They recently started to notify the other email, they wouldn't stop emailing me to verify on my new recovery email after I added it in.

Wait, are we sure that this really happened? Seems very unlikely, and even the OP did not present any evidence. I would be really surprised if Google would be scanning emails, and using that to ban the gsuite account of the entire company.

A red flag for me is the claim that Google also blocked accounts that were set for recovery which seems almost close to impossible (or insane).

This is not the first case like this:


I think the post that you linked to describes a much simpler case: One Google account violated the policies and could land Google in bad water (privacy laws around children as well as COPPA), so they blocked access to that specific account. It can be argued that it is reasonable. It can also be argued that Google should put more engineering effort in collecting less information especially when account holder is minor.

However, blocking access of other co-workers as well as blocking access to personal accounts (which are simply set as recovery accounts, and could as well be accounts of spouses/partners) because of some other account holder's mistake is completely different. So, I would argue that the incident described in Reddit is indeed the first case.

Personal gmail (which is used in your example) != gsuite (which is used in company settings)

Google is not scanning emails, he used his work google account to "abuse" the refund policy.

Of course Google scans emails for illegal content. See for example https://www.theguardian.com/technology/2014/aug/04/google-ch...

Afaik they can scan gmail users, but are not doing this for gsuite users.

All Gmail content is scanned. If you get spam filtered, it means your email is scanned. They certainly aren't going to opt their paying customers out of looking for child porn either. And I'm pretty sure their Smart Compose/Smart Reply features are also trained on everyone's mail, G Suite included.

The only thing Gmail has ever said they won't scan G Suite customers' email for is ads, and they don't do that with consumer email anymore either.

Google's ToS state otherwise.

> Our automated systems analyse your content (including emails) to provide you with personally relevant product features, such as customised search results, tailored advertising and spam and malware detection. This analysis occurs as the content is sent, received and when it is stored.


That's the consumer Gmail tos. The gsuite tos is different.

I wouldn’t make that assumption. Any content aware service will flag that content.

"A red flag for me is the claim that Google also blocked accounts that were set for recovery which seems almost close to impossible (or insane)."

Why should that be impossible? They are clearly linked (you have to own to other account, to accept it beeing used as the recovery account of the first one).

And the intention of google is probably to fight scammers etc. - and I can imagine it disrupts them a bit, if all associated accounts get banned. So I can imagine that it is a real case ... of collateral damage

Edit: stating of how I see the situation from the perspective of google, does not mean I approve it, and neither collateral damage in general

Because the implication when you set up a recovery account is that it will only be used for recovering your account. It never says anything like "do you want to link these accounts". It is totally implied that you could use a friend's account for example and banning them for something you did is insane.

Yeah, it is a insane practice. I never declined that. But it is apparently also quite insane to rely so much on one company and especially when that company avoids human support.

> especially when that company avoids human support.

If I understand correctly, that's not true for paid gsuite customers.

These stories pop up on a regular basis. Someone from Google eventually reaches out and fixes it because of all the publicity. Meanwhile, the policy (which is insane, and compounded by the difficulty of reaching a human at Google support) never changes.

If this blows up enough I can believe it changes. Not because Google wants to, but because suddenly people getting fired realize that they can cause significant damage that way.. If this suddenly happens a few hundred times within a week, Google will have to act or will lose a lot of clients.

Standard practice when someone is fired is to remove all their access credentials during or before they're told they are being fired.

How do you un-verify a recovery email address from outwith the account to be recovered?

You disable the account, which means it isn't active and therefore any employee action won't affect the company.

As long as people still sign up to put their data and their businesses futures in Google's hands, they have no reason to get better. Money is flowing in, and fixing their problems would cost them a lot of that money.

G-suite accounts have very responsive tech support (phone and email). Either they're not using G-suite or they're clueless about their tech-support contacts.

Have to distinguish from G-Suite accounts. Google has customer support that is actually very good in my experience.

Kind of surprised people expect different for something that is free.

I got my google account banned several times.

Several years ago I had my account payment features banned with no explanation. That in turn basically banned me from most of Google services because I could not pay for them or use them because payments were banned. No adwords, adsense, no google cloud services, no buying android apps, nothing... With no explanation, no support, and I tried hard just to find out what I did wrong.

After that I come to terms that I have to leave my email that I used for like 10 years and make a new one. But, this time I first bought a domain name and then started paying for google apps. This way if they ban me for whatever reason I could at least take my email address to some other email provider. Anyhow, sometime later youtube enabled Adsense on videos for my country. I enabled it out of curiosity, just to see what is the process of doing and using it. I don`t have videos on my channel except one random from the gym that I uploaded 1-2 years ago. So, I just enabled adsense poked at that for 1 day and left it unused. Sometime after that I got an email that my adsense and adword account is banned for violating policy (not saying which one). No explanation why, nothing!!! I tried to get an explanation like REALLY hard, but could not. You are just stuck in an endless loop of robot answers, or not getting answers at all. They even have google forms for complaints which point me to some URL that I am banned from viewing, lol. And there is some other form that no one answers when you fill it and I filled it 10 times.

Long story short, I slowly started migrating from Google services. This is really maddening and scary that they can just cut you off from your data without explanation. I use Google Photos heavily and even a possibility that they could cut me off from my photos at any time is sickening. That is why I bought NAS which backups my Google Photos to physical drives in my apartment. Now I just need to find something comparable to Google Photos and leave that service for good...

And this is why I have my own domain, specifically for my email address. It doesn't have a website or anything, just a single email address, for my personal use.

That way I have full control of my domain name, right up until the point where I forget to renew it, and a domain squatter takes it from me.

There really must be something better than either of these systems. Being at the whims of Google isn't good, but having your own domain name has its own set of problems.

This also highlights why companies need to ensure that their systems are platform agnostic. This is why I don't trust things like Slack for business critical applications. Once you're locked in, it's bloody hard to get out.

> That way I have full control of my domain name, right up until the point where I forget to renew it, and a domain squatter takes it from me.

This is why i renew my domain for nine (9) years at the time. Currently, my passport expires earlier than my main domain. Yup, I got my priorities straight.

Any particular reason why nine years instead of the 10 years dommain registrars allow?

My registrar allows 9-year renewals at most. I should check, as I renewed my main domain five years ago (four to go!).

I also think am own domain and email is the better option and I cannot understand why a company of 100-150 employees would use google mail. Is it because of searching, sorting options or something else that is much better with gmail?

A company I worked for (about this size) did it because cloud and gdocs and supposedly cheaper than buying exchange and office licenses and paying someone to admin it.

As much as I dislike MS, that still seems better than having your data held hostage.

I find being an admin for office 365 is about the same work as being a GApps admin. The main difference is MS have more licence options.

How do you know the OP wasn't using his own domain? It's pretty much standard fare for G Suite.

I was meaning more for individuals, rather than businesses.

If your business is in G Suite, it is possible to migrate off as you do have your own domain name, just point your DNS records to your new server, and generate new mail accounts.

I was meaning more for personal use. I don't want my personal email address to be at the whim of Google, which it would be if I used an @gmail.com email address.

Obviously my email hosting is still at the whim of the host, who, like Google, can just cut my service if they want, but that's always a risk. I could host my email on DigitalOcean, but DO could cut my service. So I could host it on my home computer, but (ignoring spam filtering problems and uptime) my ISP could cut my service.

Think GSuite only works on your own domain. If you want gmail.com that's just regular Gmail.

I've been doing that for years. Unfortunately, there's a fly in the ointment that seems to have been triggered by moving to a different virtual host on the same provider. AT&T has my new IP address on its own private RBL for some reason, even though a multi-RBL check at mail-abuse.org shows zero hits. SPF+DKIM apparently isn't good enough for them.

I have no problems sending mail to people on Comcast, Yahoo, GMail, or anywhere else - just AT&T domains.

I don't send out large volumes of email, nobody else is abusing my server, and attempts to resolve this go nowhere.

My web host leaves all IPs they own, including statics, on an RBL that lists and blocks dynamic IPs until you explicitly request they remove your IP from it. Essentially it ensures they don't have to worry about 99% of their IPs being used by spammers.

If you manage to forget to renew a domain on GoDaddy, you have only yourself to blame. Even if you have auto renew on, they start nagging you about it months in advance. Downright annoying, but I am always acutely aware of when a domain is expiring any time in the next... Year or two.

I build a small personal email backup solution. This is exactly what I suggest the users to do. If you have a profession that has a lot to do with the internet, having an own domain is almost compulsory.


Greetings. This is Alex Diacre here from G Suite Support. This has been flagged for my team and we’re looking into it. If anyone G Suite customer has trouble accessing their account they can always contact Google Cloud Support here: https://support.google.com/a/contact/admin_no_access (this is a special form to use when you cannot access)

Once again, it seems the only way to reach actual human support on the Google ecosystem is by having a "locked out of my account" thread trending on some social network.

It simply blows my mind that one of the most powerful tech companies in the world is still doing these mistakes. Not even the G Suite tier, which I would assume it's a more professional tier than the free one.

(Disclaimer: I'm assuming this Reddit post is true, which may or may not be the case here.)

Hi danirod

For G Suite Basic, Business and Enterprise customers we provide 24 x 7 support via chat, phone and email.

Does this extend to customers who have had their account suspended?

Hi flukus

Yes - you can create a case at https://support.google.com/a/contact/admin_no_access

TL;DR: After extensive investigation, case review and working with a variety of internal teams, we’ve have not found any supporting evidence to corroborate these claims.

Greetings. This is Alex Diacre again from Google’s G Suite Support team with a followup. In order to protect the privacy of all our customers and users, it is our policy not to disclose information relating to specific customer accounts in public forums. But given the amount of attention this post received, I’d like to offer some insight on the results of our investigation on this matter:

-The original poster on Reddit (OP) did not identify him/herself or the customer account. We have made several attempts to reach out to the OP through PM, but have yet to receive a response. (If the OP or someone from his/her company is reading this, please get in touch with me).

- We have tried to identify the customer based on the information in the original post, including an extensive review of recent support cases, but have not found any cases resembling the description.

To note, Technical Support is available to G Suite customers 24/7 via chat, phone and email. We’re happy to work with the OP to investigate this matter further; until then, we have not found any supporting evidence to corroborate these claims. Technical Support can be accessed at https://gsuite.google.com/support/

>Phone Support

>Available to G Suite administrators only. Log in to your admin account for verification.

If an account is banned, how would they log in to their admin account?

I have nothing to do with OP, don't know who they are, etc... Just curious how this would work when you don't display their phone number until they log in, and their login credentials might not work. Same for email and chat, according to the text of the page you linked (https://gsuite.google.com/support/).

Yet you mention these as ways to get support. Am I missing something?

Hi Alex, is there a chance we could get some follow-up on this? I manage the G Suite account at my company, and the idea that an irresponsible or disgruntled employee could take down our whole account is very worrying. (Especially since our G Suite accounts are tied to our GCP account.)

Assuming the story isn't simply made up, I'd rest easier knowing whatever caused the problem (both the initial mass banning and Google's unwillingness to help) has been fixed.

Hi profmonocle

We're limited on what we're able to share in public forums related to specific customer situations.

If you're not already doing the following we recommend the following steps to protect your G Suite account - have more than one super admin - ensure an up-to-date recovery email is in the account profile - ensure an up-to-date recovery phone is in the account profile - ensure account profile is properly updated - use two factor authentication for all users (ideally user security keys) - at a minimum, ensure that your G Suite administrator users are using two factor authentication

Lots more info on G Suite security best practices can be found here: https://support.google.com/a/answer/7587183

If the story in the OP is true, none of those steps would have mattered, because the entire organization was banned. Protecting admin accounts is very doable, preventing all your employees from ever doing anything bad with their accounts is impossible.

I realize you can't comment on specific incidents, but a simple statement from Google saying "no, we definitely won't ban entire organizations including connected personal accounts because of one user's actions" would go a long way to put people at ease here.

Looks like a pretty big "if" at this point. The user didn't respond to any DMs from Google and the story sounds very suspect.

They won't make a blanket statement like you want because there are bad actors out there that they have to respond to.

Anyways, there's 24x7 phone support and ways to get support even if you're completely locked out. What more do you want?

>Anyways, there's 24x7 phone support and ways to get support even if you're completely locked out. What more do you want?

Umm the 24x7 phone support number is not listed on the web page.

To get the phone number, you need to log in.

How do you log in, if you're locked out?

>What more do you want?

What do you think?

Well, from the post from G Suite support person [1], there's


[1] https://news.ycombinator.com/item?id=17120223

To be honest, your team should make addressing this story in public a priority because it has given you a lot of negative attention. There are hundreds of comments spread out between this HNews post, the sysadmin cross-post, and the tifu post. I'd be really curious to know if the entire story was made up altogether or if there was any missing info that was pertinent to what happened and why.

It not exactly new that Google has zero customer support and not the first (and for sure not the last) horror story about automatic bans on Google services. If anyone treats Google accounts in any way as permanent or reliable - "this" may happen to you too. It may even happen will no fault at all from your side - e.g. someone would have a linked youtube account and bigcorp will take it down for a copyright on a white noise video and then whole linked account structure will crumple down like house of cards. Or any of the thousands alternative reasons.

"It not exactly new that Google has zero customer support"

It's also not true. Maybe for "free" services but paid G Suite accounts have telephone, live chat and email support. I've used it frequently.

I grew my vegetables on a neighbours allotment, he even lent me tools to make the process easier. After a while, out families crops were solely grown there.

One day, we were kicked off the allotment, out access to the crops gone in an instant.

I tried to remonstrate, but just got a waving hand in the face.

I am hoping if I publicise it enough in the local gardening forums, the allotment owner might feel a slight bit of pressure to act in this case, but apparently others who used his land didn't dare so well without someone trumpeting their case.

If only we had maintained the knowledge how to tend our own garden.

I pay for a single user account, and have received good customer support relating to some DKIM issues (including multiple follow-ups months later when a related issue was fixed, without my prompting).

Characterising that as "zero customer support" is unfair.

It's insane that a mere ToS violation (not even anything criminal or large scale) on a different Google product got not only his account banned, but all related accounts across all Google products banned also.

It makes me really worry about things I have done that are truly against their ToS. For example after Google Cloud Platform announced a $300 credit promo for new users, I made another gmail account just to try them out. I don't think what I did is unethical or even against the spirit of their promo so I didn't bother to hide the connection back to my real gmail. Will google use this to ban my real google account one day? Probably not, but before this story I naively believed the answer was definitely no.

> It's insane . . .

Yes. So insane one suspects it may not be true.

They should offer it as a feature.

> not even anything criminal or large scale

Yeah, engaging in corporate piracy, just a minor violation.

When mission critical parts, tools, or infrastructure is moved to "the cloud" (aka computers owned by someone else that you do not control) - often replacing in-house tools with a SaaSS[1] - a second source[2] is rarely discussed as a requirement. The "cloud" doesn't magically solve path dependency.

[1] https://www.gnu.org/philosophy/who-does-that-server-really-s...

[2] https://en.wikipedia.org/wiki/Second_source

edit: my father once mentioned that when he was working at Honneywell in Minneapolis (making home automation in the 80s), some of the engineers frequented a local bar called literally "The Second Source". "Sorry boss, I'm busy this afternoon - I have a meeting at the second source!"

Time to

1) grab/download the entire mailbox from Gmail 2) delete the mailbox at Gmail 3) export all gdrive data, use the export function 4) delete the gdrive data

5) register with fastmail, yandex or protonmail 6) start mailpile on your raspberry pi or similar 7) use mailpile as frontend for yandex/protonmail/other-imap account.

8) nextcloud as good enough but shitty replacement for gdrive

Self-hosted ftw.

I'm still surprised there's no better alternatives to Nextcloud out there yet.

There are. I use Sandstorm.io and Cloudron is also out there. They're modern containerized platforms you can run any number of other open source web apps on.

But how is that an alternative to Nextcloud? An example for that would be Seafile.

In Sandstorm.io's case, I use an app called Davros to store files (which is even compatible with some ownCloud sync clients, actually), and Cloudron.io has a few other options you can use to work with your files, including, actually just hosting Nextcloud or ownCloud on it.

Where these sorts of platforms really excel is in the realm of other features, which Nextcloud tacks onto the existing platform, but a larger app platform can allow you to use a variety of alternatives which are more tailor-made to other specific types of web apps.

>including, actually just hosting Nextcloud or ownCloud on it.

But that's not an alternative anymore, just the same.

Not really the same either, just inclusive. The rest of the ecosystem could potentially have more features altogether.

I am surprised as you. Perhaps people who get started working on it quickly end up working on distributed file systems in general, and disappear in that hole.

Nextcloud could be better in some areas, but I don't see how it's bad. I'm very happy with it for personal cloud storage I can trust.

yesterday was too late to make backups...

I'd really like to hear Google's side of this story, since the story as-written doesn't seem plausible.

>Their policy is to not share any information about what caused this and they will not reverse these actions.

There's their side of the story.

I don't remember of Google providing a PR response to any moderately controversial mistake they made.

They most likely don't have anyone to speak for the company except on bigger issues. Even their product forums are staffed with "community experts" who no one knows if they're Google, community or a 3rd party service and no one with enough authority and knowledge to properly manage things.

>"except on bigger issues"

Internet: You're accused of not caring about any but the very largest of corporate customers, nor individual customers, and damaging companies that use your products.

Google: We don't respond to such minor issues.


It's a massive issue IMO. They know what they're doing, they just don't want to be overt with it as that will damage their rep.

Everybody wants to hear it, but Google can't tell it. One part of the fight with the bad guys is never to tell them how they got caught, so they never know how to protect themselves.

There's a difference between telling someone what they did wrong and telling them how they got caught.

The former should be a legal requirement. But I'm not sure what actually happened in this particular case. We don't even know if it concerns a G Suite account and what the company was or wasn't told about why they got banned.

Non-expert here, but I wonder if the obscurity actually points to an machine learning-based solution at Google's end.

Let's say that Google has developed a deep learning paradigm to identify -- and ban -- low-value users who violate their ToS. The low-value group would probably include all non-paying users, as well as small G Suite accounts. Let's also say that the paradigm was deployed as an automated solution, since it was 99% accurate during testing at picking out ToS violators, though the exact percentage doesn't really matter. I would imagine that the relevant Google execs did a cost-benefit analysis, and figured that the PR hit and revenue loss associated with a liberal and fully automated use of the banhammer against all supposed ToS violators -- including the 1% that were false positives -- was justified by the benefits to Google's bottom line.

Based on this possibility, it seems likely that Google employees would not _know_ why the banhammer fell in any particular instance -- nor would they care to know, since that would involve digging through the data to figure out which events triggered a positive hit in their machine learning implementation. It presumably wouldn't be worth Google's time and effort on behalf of users already classified as "low-value".

This might also explain why, as mentioned in another post, it took a few days for the banhammer to fall on a start-up, after a dev with a "poisoned" Google account joined the team. Presumably it took those few days worth of traffic and usage data for ToS-Hammer(tm) to figure that the dev had spawned new accounts elsewhere.

Again, I'm not an expert, so pardon any flaws in the relevant logic.

This seems realistic, if it's not like that today it may soon be. But I think this is exactly the sort of scenario that doesn't go together with all the claims of responsible use of AI powers.

Given the oligopolistic structure of the industry, throwing an unlucky minority under the bus without recourse just because it's statistically "rational" will not hold up.

I think Google knows that and there will be some sort of more systematic fix (compared to reddit posts and friends at Google).

Some AI algorithms can explain how they came to the conclusion they came to and why not have a paid support option as well.

Sure. Let's go ahead and turn the world into a Kafkaesque nightmare where you are prosecuted but has no right to know why. Justice system is perfect so if the man says you are guilty it's because you are. /S

> Sure. Let's go ahead and turn the world into a Kafkaesque nightmare where you are prosecuted but has no right to know why. Justice system is perfect so if the man says you are guilty it's because you are. /S

The great virtue of private industry over government is the ease with which you can opt out.

Yes, changing to another cloud provider may be less annoying than moving to another country but for how long it will be the case?

Have you tried to opt out of Google services, especially if you got in early on? It's not easy, let me tell you.

I completely agree, it's extremely hard. I can do without Google on my servers at all, and I'm happy about it. On my notebook, it's much harder. On a phone, it's almost impossible, if you have and Android phone. Google is bending over backwards to make you turn on more sensors and gather more data. I recently discovered it's enough to use the Gmail app once with a given e-mail address and it will happily turn on the location service (.i.e. phone tracking) for these accounts, even though you use a completely different account for your phone set up, including Google Play. They want to lay their hands on everything, it's so annoying.

Isn't Google a private company?

The fact that a private company can essentially execute you or your business from the Internet is exactly what's so terrifying.

Only if you give them that power. The popular wisdom not to put all your eggs in one basket is still relevant.

You generally can't opt-out from your government, you definitely don't have to opt-in Google services.

You can opt-out from your government by moving to another country - you have more choice than you have on mobile where there is only Google or Apple... :-)

How is that terrifying? I can access the web, use all the base protocols (email, etc) and store all my documents without having to rely upon Google. If I don't like/trust Google, I can easily migrate away. And, if enough people don't like it to make this "Kafka-esque nightmare" more than hyperbole, then the laws of private organizations will catch up and Google will either shape up or be no more.

This is almost the polar opposite of Kafka-esque.

> I can access the web, use all the base protocols (email, etc)

Well, sort-of, and still. If you use the web, you are constantly being tracked by Google as people mindlessly put GA code on all their websites. As for e-mail, it's more and more difficult to set up an e-mail server these days because of anti-spam measures, and Google/MS are dictating the terms here - but MS has a much more relaxed policy. Each time I set up a new mail server, I have to go through the same set of rituals, only to discover Google came up with another requirement and will not deliver my mail if I don't do it.

So are you arguing that this behavior is acceptable from private companies but not from governments?

You can't argue both 1) companies are allowed to do anything they want and 2) they can grow unlimited monopolies.

If you do, sooner or later they will surpass national states in power and you have an even worst distopia.

No, Google is a publicly traded company.

Yes, of course, but they're not part of government. They're a company...

These Kafka-esque arguments are way over the top when applied to a private, profit seeking organization.

Security through obscurity is a bad design.

From a post higher up:

TL;DR: After extensive investigation, case review and working with a variety of internal teams, we’ve have not found any supporting evidence to corroborate these claims.

Greetings. This is Alex Diacre again from Google’s G Suite Support team with a followup. In order to protect the privacy of all our customers and users, it is our policy not to disclose information relating to specific customer accounts in public forums. But given the amount of attention this post received, I’d like to offer some insight on the results of our investigation on this matter:

-The original poster on Reddit (OP) did not identify him/herself or the customer account. We have made several attempts to reach out to the OP through PM, but have yet to receive a response. (If the OP or someone from his/her company is reading this, please get in touch with me).

- We have tried to identify the customer based on the information in the original post, including an extensive review of recent support cases, but have not found any cases resembling the description.

To note, Technical Support is available to G Suite customers 24/7 via chat, phone and email. We’re happy to work with the OP to investigate this matter further; until then, we have not found any supporting evidence to corroborate these claims. Technical Support can be accessed at https://gsuite.google.com/support/*

Hi jimrandomh

Alex here from G Suite Cloud Support at Google. We're limited on what we're able to share in public forums related to specific customer situations.

Alternative title: Today I realised why going all-in on Google's platform is maybe not a great business decision.

Also note: this isn't me personally.

The idea that one dude on his phone can torch your entire company with no apparent recourse is borderline insane. The fact that an issue with Google service x can cause you to lose access to Google services y and z is absolutely obscene.

I don't understand why anyone could possibly take this sort of risk with their company. As long as Google remains the irresponsible company that it is, they simply cannot be engaged with for any business purpose whatsoever.

It's possible, of course, this guy isn't actually what triggered the lockout, but it really wouldn't change the issue: That 150 Google accounts can get banned, including both personal and work accounts, and that Google can refuse to explain why.

The OP's bosses should be looking for a good law firm, because there's money in this case.

But Google is so diverse now...

I work with G Suite and this story 100% did not happen.

Absolutely. The guy taking the blame on himself really is amazing to me. He has completely accepted the crazy automated rules google decided for their service, and thought he was the culprit.

Guys, just because something is anounced and written in an EULA , doesn't mean you're actually to blame. Sometimes rules are insane and created by people for really bad reasons (such as not wanting to spend a correct amount of money on customer support for your services, in order to be even more profitable).

having unrelated personal accounts locked because they're set as the recovery account for an account that was tangentially related to a ToS violation is absolutely unacceptable. there's no plausible reason for that other than to inconvenience as many people as possible.

I read that and got genuinely preoccupied.

I immediately started reviewing the recovery options of my corporate account and de-linked all my personal information (personal email address, personal phone number for two-factor authentication, etc). I prefer to have my corporate account hacked for not having 2FA enabled than to risk my personal Google account to be locked. I went ahead and created a non-personal account with another email provider for the recovery options and tomorrow morning I will request my employer for a corporate phone number to set-up 2FA.

Don't worry. even if you don't have any recovery emails set up, Google's anti-abuse systems still link accounts that it believes are related (same cookies, same Chrome SafeSearch / phone-home headers and IDs, etc).

This seems pretty outrageous. Do you have any source for this?

I had an interesting problem with my gmail account - I had a backup email address and my phone linked to it. Then I needed to reset my gmail password, but I no longer had access to my backup email (was at an organization I left).

So, even though I still had access to my phone and even though I was still logged in to the gmail account, and even though I had many archived emails, I could never log in to it again and had to abandon it. Automated recovery didn't work and of course they wouldn't say why.

Having a backup seems like a trap or catch-22 when it becomes the single point of failure.

Similar here, except the phone number ran out (prepaid numbers run out after 6 months unused here).

I tried everything, messaged friends at Google, nothing.

In the end the only solution that worked was waiting until a new person by random chance got allocated the same phone number, calling them, and getting them to send me my reset code they got via SMS.

What's funny about you mentioning this recovery strategy is that it is now a common scam/way to trick people into giving up their 2FA codes.

So on the last day at my shit job in the shit office, I should just go ahead and abuse the refund policy? Sounds crazy to me..

First, you need to make your company rely on 200 consumer Gmail accounts for their business. I mean, if you can get them to that level of idiocy, nothing really helps, right?

this is core to the story...

If the company was using consumer accounts, then this is exactly the behaviour that is expected (very easy to create a bunch of accounts that are all associated with each other). Both the company leadership and IT team/vendor should hang their heads in shame.

If the company was a paying gsuite customer then this type of action towards a corporate customer seems odd but not unusual. The OP committed TOS violations but may have no awareness of what TOS violations other customers were committing (if you allow that sort of culture, you reap the rewards... etc).

I find it hard to believe it is the latter scenario because the admins of the account would have been notified multiple times before any adverse action was taken (there have been many stories of individuals / companies getting banned after ignoring emails to change behavior / actions that violate TOS).

Fun fact: The entire UK government relies on Google Suite internally.

Fuck knows how that works with PATRIOT.

It’s probably not hosted in the US, likely the UK. It could also be on the UK’s own servers.

Do you know there is a thing called Gsuite for business? Let me change your sentence to "First you need to make your company rely on 200 nodes on AWS for their busineess". I am not sure who looks really stupid here?

AWS shit down a business account for consumer policy violation? Example?

It is not about whether they have done it before. It is about whether that could, and they could.

Except they didn't use Gsuite and this would never happen if they did.

Uh, didn't they say they were paying for the service? Sounds like they are using Gsuite...

I understood it as if they used GSuite as well. How would 200 independent Google accounts be shut down, if one of them violated the terms. That sounds like an even bigger problem then..

I don't see them saying that. If they were paying, they'd get support.

Said support is instantly worthless the moment you find yourself on the “you’re banned” wagon. That’s what this sounds like they’re stuck on.

I wonder how long a student who didn't finish his assignment does the same and locks an entire school out, including their Chromebooks. A lot of schools seem to be migrating to google services.

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact