"From what I’ve since learned, if a card in your Google Pay is stolen, or someone uses your Payments account fraudulently, or anything happens that leads to a security flag being raised, it can lead to your Google Payments account being frozen.
If you can’t use Google Payments, you can’t pay for Google Fi
This, fundamentally, is why I can’t suggest anyone use Project Fi anymore.
Getting this fixed is actually impossible, and I say that as someone who really, truly, loves solving problems and has made a living off getting phone agents to want to help me.
We have submitted copies of his ID four times, my ID twice, multiple photos of credit cards, and various credit card statements. We’ve talked to agents and supervisors at Google Payments and Google Fi. No one is empowered to do anything, and even a well-intentioned agent doesn’t get the same answer from the “security department” twice.
I’ve since found hundreds of comments and Reddit threads from people having similar experiences, with almost zero positive conclusions.
The only suggestion of a solution we’ve been given is that he abandon both his email address and phone number of the past twenty years and start fresh."
Basically, if there was customer support that could fix the problem, then skilled scammers can get money and control out of them. They can do it a lot better than you can get your stuff re-enabled, they know just when to say what to whom.
Verizon just accepts the inefficiency, and also over-charges random customers, sometimes hands over control of a phone number to a scammer so they can get auth codes over SMS, has clueless support, etc. Google hasn't accepted this way of the world yet (but in scaling up the support has necessarily become disempowered).
It is very frustrating. It's a nature of things going mass-market. Just a few people, everything can be nice. Too many people, scams and fraud become big problems.
credit card companies and traditional banks and credit unions handle it fine.
>Too many people, scams and fraud become big problems.
if the solution to fraud is un-fixable account freezes, you have not actually solved anything. It is fraud itself.
I've had my identity stolen, and both my wife and I have been mistaken for somebody else. There ARE way to move past this condition (inline with Google Pay, apparently), but it's just done via trust. Or apathy. Or acceptable risk. Or some combination thereof. It never truly goes away.
But then I've also heard pure horror stories about stolen identities, and I am genuinely sorry you faced any of that.
So what's going on here...
I think this is due to one aspect of their model that is ultimately an improvement, even though it still completely breaks at moments.
+ + Your card number is not your account. + +
Ie, if your CCN is compromised, it's disposable without starting your relationship with the company entirely from scratch.
Your "identity" though is not disposable. Your identity controls your relationship with the company and is not disposable. That causes major problems when hijacked, as it did for you. And that's not fixable (or at least not easy to fix at all).
So while we might not be able to solve the problem with identity, we can create firebreaks -- disposable parts of the infrastructure that attract some thefts because they allow quick wins. Ie, CCNs provide access to money. That funnels a lot of theft towards something that is easy to monitor and patch.
The identity theft remains an issue, but hopefully hits fewer people.
One thing that makes Google struggle is that they combine all of these interactions together. Nothing is revocable without resetting your entire relationship.
Given that they started as an email service, I have no idea if it's even fixable from where they are.
I've said this and will say it again, Google doesn't know how to deal with humans. They've failed in every endeavor where humans have to be in the loop.
Not sure if I agree, and it does seem to me that Google's way is worse because at least there are some legal protections for people (consumers) who are scammed in the credit card way but in Google's way there is no protection of any sort for people whom the system dislikes.
It does not look like a perfect balance, but they apparently err on the security side.
If google takes the path of rather locking everything down then risking to lose a cent, it’s safe for them and bad for customers... not fine.
Sure risk is never just dissolving into light, nuce smelling smoke. Someone has to take and handle it.
I propose it’s the company who makes billions to handle it gracefully for customers ...
>> credit card companies and traditional banks and credit unions handle it fine.
> They most certainly do not "handle it just fine". They are highly scammable, they know it, and it's "solved" my moving as much of the burden and repercussions onto the consumer as possible.
That's false. I'm credit card companies are required by law (at least in the US) to shield customers from the repercussions of credit card fraud.
I've had my card number stolen twice, once by someone who used it in the same metro area as I live in, and it both cases it went about as smoothly as you could imagine.
I've had fraudulent charges on my credit card several times, and I've had checks stolen, and in no case I had any repercussions and financial burden shifted on me. I didn't pay a cent, and both credit companies and banks never tried to claim I am responsible for it - they rolled back the charges and reissued account numbers and that was it for me. Maybe I'm just exceptionally lucky, but my impression from other people that this is what happens in most cases like mine. Of course, whole full-blown identity theft is a different matter, probably harder to handle.
Of course, a scammer could threaten to destroy your accounts, and can do so very easily and credibly... So that's not exactly a huge improvement.
It's compounded by the fact that Google has the primary element of your 21st century identity: your email address.
Even the cheap budget registrars offer email forwarding for free and I have never had any trouble.
This gives you the benefits of free Gmail without handing your entire life over to them. At least with a tld there is some due process and rules to protect you.
So I have tons of people who would essentially seem my contact as a black hole if I abandoned my gmail address at this point, because Google seems to have deliberately crafted their clients to prefer the gmail address rather than the “real” address. Essentially treating the gmail address as if it’s a reply-to.
I don't use gmail for anything else except throwaway accounts. Who wants to run an SMTP server.
You can however send email to google's SMTP server, using an ordinary gmail account . This is how email clients (Eudora, Apple Mail, sendmail) work. The only trick is that they force it to be authenticated and encrypted.
I believe (but have not verified recently) that if you send an email with an email address/domain other than of the authorising account, it will be delivered, even lacking all SPF etc. But, it will block for anything above small quantities of mail, and unless you set up DMARC for your domain, it will still get dropped or marked as spam. 
Running an SMTP server for yourself is actually fairly simple (okay, assuming a deep background in linux, but very educational). The real drama is DNS/DMARC/SPF/DKIM and users ruining your reputation.
Sending from Google's servers using my address would cause SPF and DMARC failures, so if you want to do that then they'd have to make sure it's clear that the mail is actually from gmail.
The problem is that from gmail's point of view your registrar is now sending it a lot of spam. So it'll block the registrar or filter it more aggressively.
Also if you get email from a 3rd party who uses domain-keys, spf, etc (eg just about everyone) then those emails will be failing all the checks when gmail receives them.
I have namecheap forward all of my email from *@my-domain-name.com to firstname.lastname@example.org. Works no problem, has for several years. Prepared for the eventual switch to FastMail when they support multi-label messages.
The only messages that end up in my spam folder are spam for knock off online pharmacies.
Okay, it appears this is so common that gmail has some guidelines that if people follow they are are usually okay:
It does look like namecheap filters spam aggressively so possibly that helps.
In general be careful for the reasons I mention. But it looks like if you follow the guidelines with gmail then you'll be good.
Sorry for the inaccurate information.
edit: I shouldn't be oblique in my comments. I'm of course referring to the whole Daily Stormer fiasco.
Most serve at the pleasure of a formal contract with their TLD control entity (e.g. ICANN).
Ultimately, if you were to sue them, there's a root document of legal responsibilities and behavior to point to.
In contrast to whatever emphemeral TOS bullshit Google feels like tossing out. And furthermore, unlike Google, they can't really just ignore you.
Or, to put it another way, VISA, American Airlines, Coke, etc also have an interest in maintaining legal ownership of domains. They could care less about Google accounts.
But actually if you were to sue them, wouldn't the case be dismissed for lack of standing? If you're not a party to the dispute you can't sue (or rather, you can't sue and actually have your case proceed). You'd probably need to convince ICANN that they need to sue, which is already a much trickier position.
But it takes a ton of back-and-forth with support reps who generally don't even know or believe you that blacklisting exists (sometimes just an email address, not a specific card, was blocked) – and in one case we didn't get a resolution until the customer got the CA Attorney General to write Stripe's general counsel.
...but the core problem is this argument is in reverse anyway: if I get banned from Bank of America somehow I don't lose access to the concept of a card that lets me pay for my Verizon account, and in the worst case scenario I can send them a check. I have had serious issues with Verizon paying for my account before (they both claimed I was behind on payments but would not accept money without a PIN number, which I could only get by verifying my address using a post card that would take forever), but it wasn't a catch-22 scenario where I lose my phone number as there is somehow literally no way to pay for their service again.
I've recently moved to the US, and I wanted to get myself a Spitify account (hah). I had to wait for SSN for a few weeks, so no bank account yet - my only option was a prepaid Visa card. Bought one at QFC, used it with PayPal (a fresh account, as my old one is tied to another country) - and found it blocked the next day. PayPal had asked for an ID and address confirmation.
I had my passport, but no utility bill (I was still using Airbnb, just looking for a long-term place to live). Asked support if there's anything I can do - and got nothing useful besides "we need a driver license or utility bill", even though I specifically asked what else could I provide if I don't have either of those (I had a mailing address from a forwarding company). Account was unusable, all I could do with it was logging in :)
Then I've rented apartments and tried to send them a lease contract (with my full name and address) and it was rejected. Not an utility bill, right. Asked support about it, got no reply at all.
Waited for a month, got electricity bill, and only then my account was unlocked.
So, anything unusual - and even if you don't receive any money, you account could be blocked.
An /actual/ (inter)national ID and Identity verification service. One where disputes about identity and authorization can be escalated somewhere that makes sense, to the jurisdictions issuing these IDs.
Ideally someone should be able to go to a police station (locally for local IDs, if on vacation/out of hometown in liaison between departments) and have their identity verified in a trusted way, and that verification reported as pass/fail to a third party whom is asking.
This would also be the way of officially disputing fraudulent uses of identity; they would be reported via the same actions, but as a customer initiation (and statement of legal testimony taken in a case that would then be opened and reported to the involved parties).
BTW, such a system SHOULD also include address resolution, for physical mail, voice, and electronic services (any sub-name actually).
I would LOVE to only update my address in ONE place when I move, instead of trying to remember everyone I've ever given it to.
The banks then created a digital ID system (BankID) on top of this which is now used by everyone for real ID verification. Your physical ID is checked by a bank teller, and after that you get either a digital certificate file or a 2FA token that you can then use online to prove your identity for signing contracts (insurance etc), filing your taxes, or just logging into bank accounts etc.
Practically it works pretty well, even though I know philosophically an ID number like that would never fly in the US, and security-wise I'm sure experts have lots of objections.
Form auto-population by ID is rare here, though.
There are only really two groups that have issues: the very young (who are not used to checking up) and the very old (who are not used to computers).
Nobody is unenumerated, everybody has our version of a social security number, you are mostly required by law to have a bank account (and banks are required to give you one, except in specific individual cases such as you acting in an inappropriate manor)
I have so many problems with online authentication it's not funny.
So yeah, I'd love a global system of identification, but please let's not tie it to an address or phone number
I accept that I'm an edge case, but a large minority of (for example) Australians have dual nationality, and will have lived in either of the countries that they're citizens of for long periods of time. Some haven't settled on one yet, and skip back and forth every few months/years. All of them (us) have stories of identity systems, bureaucracy and banks not understanding that they moved country.
You're asking for a replacement asymmetry when the thing you're replacing in the first place isn't actually useful.
But, to answer the question: email is the one thing I'm pretty sure that I and I alone can get to. I have two email addresses, from different providers, using 2FA (google Authenticator on my phone). The 2FA bit is probably enough asymmetry.
However, even that, I could lose: if I fall into a swimming pool while carrying my backpack and phone, I'd have a hard time proving who I am to anyone until I got everything back up and running. Even worse, if I fell into a swimming pool while moving accommodation I'd have my passports in my backpack... not a comforting thought at all.
And getting one for people can be difficult as many people especially older ones don't have supporting documentation e.g. birth certificates and so can't prove identity.
Society requires foundations.
Sure you can. Identity documents exist more to prevent (the “wrong") people from functioning as citizens than to enable people to do so.
Anyway never had an issue with getting a package with my drivers license, and I didn't recall having issues before I got that. My passport is expired, because travel is inconvinient and mostly made obsolete with the internet.
It is possible to go your entire life without ever doing any of those things, or having any desire to. And as a general rule, it's the people who are of legal age who least care to do them. Also, some countries don't have age restrictions on such things to begin with (or don't enforce them at all).
> post office when receiving package
Who goes to the post office to receive a package? They come to you, and are then satisfied by the fact that they delivered the package to the address on the label.
> getting drivers licence
This a major reason why this is pointless. If you're going to have an ID, how do you identify yourself to get the ID? It's fully circular. You can't prove who you are unless you can already prove who you are, in which case you already have an ID.
In the US a large percentage of the population don't have passports. When you get a driver's license, they nominally ask you for some other ID, most of which (e.g. birth certificates or company/school IDs they have no way to authenticate) are trivially forged and useless at proving the person is who they say. Because it has to be that way -- you can't make having an ID a condition of getting an ID.
The whole idea is silly. Identity is context. If you create an email address with Google, you set a password. Then Google knows you're the person that email address belongs to because you're the one with the password. Your government "identity" has nothing to do with it, nor should it.
> opening bank account
The only reason banks care about this is that the government requires them to. Otherwise they would be completely satisfied to give you a numbered account with no person's name attached and simply put a hold on your deposits until after they've cleared, as they do for most anyone regardless.
> getting loans etc.
To get a loan what they care about is whether you're creditworthy, not what your name is. Prove that you have a job and a history of paying back debts, or post some collateral, that's what they want.
One system by which they automate this is to have credit reporting agencies that aggregate this information and associate it with your name, but there is no inherent reason it has to be done that way -- and some good reasons not to. See Equifax data breach.
Yes it is possible but you are describing outliers. Which first world country doesn't have age restrictions on alcohol or tobacco?
> Who goes to the post office to receive a package? They come to you, and are then satisfied by the fact that they delivered the package to the address on the label.
Envelopes and small packages (which fit) are left in mail box. In order to get everything else you have to go to your post office. Courier services deliver package to you personally and they don't leave it at your doorstep so anyone can steal it.
> This a major reason why this is pointless. If you're going to have an ID, how do you identify yourself to get the ID? It's fully circular. You can't prove who you are unless you can already prove who you are, in which case you already have an ID.
I don't really know how it is done today but in theory you could prove it by taking DNA/fingerprints at birth and registering accordingly.
> The only reason banks care about this is that the government requires them to. Otherwise they would be completely satisfied to give you a numbered account with no person's name attached and simply put a hold on your deposits until after they've cleared, as they do for most anyone regardless.
We are talking about reality not a situation where government regulations doesn't exist so there is no way of having a bank account if you don't have some sort of ID.
> To get a loan what they care about is whether you're creditworthy, not what your name is. Prove that you have a job and a history of paying back debts, or post some collateral, that's what they want.
This is just plain wrong, they care about the identity in case you stop paying so they can go after you.
P.S. You also need ID to own property, companies etc. I can't deny that if you are living in the middle of woods off grid you might get by without an ID but if you are an average person you will need an ID eventually.
In many parts of the US the restrictions are not actually enforced, or you can prove your age using non-government-issued identification.
I also dispute your assertion that people who don't drink or smoke are outliers. The majority of people don't smoke and a large minority don't drink. In some major cultures and religions drinking is outright prohibited.
> Envelopes and small packages (which fit) are left in mail box. In order to get everything else you have to go to your post office. Courier services deliver package to you personally and they don't leave it at your doorstep so anyone can steal it.
In the US they leave it at your doorstep so anyone can steal it, because in practice hardly anybody actually steals it. Who is going to risk federal prison or getting shot by the homeowner over a mystery box which is probably just a $25 bulk pack of shampoo?
> I don't really know how it is done today but in theory you could prove it by taking DNA/fingerprints at birth and registering accordingly.
This doesn't work for anyone who is already an adult, and isn't already being done for newborns so won't work for them either, which means you've got more than a hundred years before something like that could be used without having living people it doesn't work for. It also fails permanently for anyone born and raised in another country.
On top of that, it still isn't solving the unsolved problem, which is identity theft. You can't use DNA or fingerprints over the internet (they're trivially forged if you control the reader), so they're just going to issue you a card or a PIN or some other thing you can use and then someone can steal/hack/forge it and impersonate you. Being able to prove your DNA doesn't disprove that you're the person who used your card+PIN to buy $50,000 in already-provided goods and services, or pay for an email account used to send spam etc.
> We are talking about reality not a situation where government regulations doesn't exist so there is no way of having a bank account if you don't have some sort of ID.
We don't have mandatory national ID cards either. If the proposal is to make a policy change to improve things, let it be the one that doesn't double down on a bad idea.
Also, around a quarter of Americans and half of people in India don't actually have a bank account, largely because they don't have any money to put in it and can't afford the fees that come with not having a minimum balance. So they get paid in cash, or something they immediately convert to cash, and pay for everything with that.
> This is just plain wrong, they care about the identity in case you stop paying so they can go after you.
That is why they require collateral. If you take out a mortgage they put a lien on the house. If you don't pay, they take the house. If you're on a beach in Argentina with a million dollars in cash in a briefcase, what does the bank care as long as the house sells for more than they're owed?
> P.S. You also need ID to own property, companies etc.
There are millions of people who don't own real property or companies, or even cars.
And even then, it doesn't require a national ID -- they all exist without it. They even predate modern identification. Because all of those things are local. If you want to transfer property, you go to a notary. The notary will want to know who you are, but that doesn't mean national ID. They could just take a picture of you and keep it for their records, or accept a non-government ID or an oath from a person known in the community that you are who you say you are.
Centralized identification is at the same time unnecessary and actively harmful.
Nearly 1/3 of of people in USA have experienced package theft and it is only a federal crime if you steal USPS packages not Fedex/DHL/UPS etc.
> That is why they require collateral. If you take out a mortgage they put a lien on the house. If you don't pay, they take the house. If you're on a beach in Argentina with a million dollars in cash in a briefcase, what does the bank care as long as the house sells for more than they're owed?
I can get a personal loan without any kind of collateral as long as i have X income. Credit cards doesn't have collateral as well.
Honestly, i feel that we live in different worlds - i cannot fathom not having an official ID as there are occasions where i must have it (voting, travel, banking as well as government e-services where you can use bank login or your ID card certificate to identify yourself). There isn't a lot of press or reports from Personal Data Watchdog about somebody doing monetary damage from using other people data, in fact our ID numbers (like SSN) in some cases are public knowledge. I am not saying that our system can't be abused but right now i feel like it works just fine and i wouldn't want it any other way.
That statistic is from a survey done by Comcast as a precursor to trying to sell you a home security system. That is not a reliable source.
And stealing a non-USPS package is still a state crime, so the main difference is whose jail you sit in. Unless you manage to steal something which is actually worth a lot of money, or is involved in interstate commerce etc., in which case welcome back to federal prison.
> I can get a personal loan without any kind of collateral as long as i have X income. Credit cards doesn't have collateral as well.
These are small loans, in which case the collateral is your job. They verify where you work, so if you don't pay they know where to find you. The only way to avoid them finding you is to quit your job, which they don't expect to be worth it for you to do over such a modest amount of money. Notice that the interest rates on those kinds of loans are dramatically higher -- because of the risk that they're wrong. If it was really your identity doing most of the work you would expect the interest rates to be much closer to those for loans with more substantial collateral.
> There isn't a lot of press or reports from Personal Data Watchdog about somebody doing monetary damage from using other people data
According to DOJ statistics, more than 17 million people in the US are victims of identity theft per year.
> Honestly, i feel that we live in different worlds - i cannot fathom not having an official ID as there are occasions where i must have it (voting, travel, banking as well as government e-services where you can use bank login or your ID card certificate to identify yourself).
You feel that way because you live in a place where having an official ID is required to do everything. That isn't a law of nature, it's just a law of the place you live. It's completely reasonable to do things a different way.
Creating one single place to change your address gives the attacker one single place to change your address. Compromise one system, bribe one police officer or DMV employee, get nation-wide root access to everything.
And how does it even solve the problem? The problem isn't that Google doesn't know whether you're John Smith. It's that Google thinks John Smith is a scammer they won't do business with, and they aren't willing to spend their resources helping you to clear your name.
Similarily, you can have corruption at phone carriers and credit-card companies too. What matters is the audit-chain. If a police officer keeps id-ing fraudsters they won't be in the job for long.
That public servants are more corrupt and less competent than the corporate employees one depends on is not a universal experience. Not for me anyway.
Not really, because that isn't how fraud happens now, and nothing about that would change it.
People don't commonly commit fraud by going to a government office to get an ID issued in your name, they do it by waiting for you to do that and then stealing it from you or otherwise convincing you to give them the information they need to authenticate using it.
> Similarily, you can have corruption at phone carriers and credit-card companies too. What matters is the audit-chain. If a police officer keeps id-ing fraudsters they won't be in the job for long.
That's assuming the audit chain is both secure and less susceptible to corruption than the original system. Audit logs don't help if they're compromised by the people with privileged access. Or you nominally have individual accounts but in practice they're shared or not secured against compromise by privileged users.
And assuming that the corruption problem is specific identifiable people rather than a systemic issue where >=5% of police are corruptible so one getting caught only requires the fraudsters to use any of the thousands of others.
> That public servants are more corrupt and less competent than the corporate employees one depends on is not a universal experience. Not for me anyway.
The difference in this case isn't that the quality of the people is different, it's that the nature of the system is different. Whereas an individual company might have five employees with sensitive access, across an entire national government there would be a hundred thousand or more, so the attacker has a hundred thousand chances to find the lowest common denominator instead of five. And then when they succeed the scope of the vulnerability is not limited to that one company, it's universal.
After a ban the allegedly fraudulent portion of the revenue is refunded to the advertisers, non-fraudulent revenue within the same time frame is ... they settled for $11m on the grounds that it would be too expensive to show how they didn't design a system intended to steal from their publishers.
Allowing people to submit documents online is not good enough. After the identity has been proven, then from that point on you can offer online services, but the initial account creation needs to be done offline.
Possibly. Then the question is - what is more important for the company, tolerating some amount of losses but keeping honest customers happy, or minimizing the losses at the cost of innocent people being screwed hard. As an innocent person, I'd prefer the system that leans towards my benefit. Even if it'd cost Google whopping 0.0001% of their revenues.
As a money transmitter they have extra obligations and a quick call to the regulator can resolve issues relatively quickly (if you're a US citizen and live in the US).
The point is, this issue isn’t limited to Google.
I think this highlights the dangers of bundling all of your services through a single point of failure. Something Google probably is the most known for.
They used to have decent support.
Nowadays even Premier is garbage. The guidance from a TAM is to log calls before 10AM local time, so that the support don’t queue you to a desk that will pretend to contact you after you’re gone home.
The funniest thing is that if you answer after hours, you get someone not prepared to do anything, as he’s there to attempt contact to push the call out so they hit the SLA.
In 2001 it was apparently on par with the "Psychic Friends Hotline" - https://slashdot.org/story/01/04/27/1715203/microsoft-tech-s...
With Google, there is at least a chance they could move to the Apple ecosystem.
Many of us breathe quite freely (at work we're free to us any OS as long we don't bother IT.) It has like this for a little more than half of of my 10 last years (notable exceptions: 3.5 years as sysadmin on old system running Windows, 4 months consulting and 3 months with a boss who demanded everything ran Linux.)
Oh: and almost everyone demands we host on Linux or on cloud.
Anyone who actually would abandon MSFT already did so, many years ago. People who haven't abandoned them by now, will never do so.
Of the few companies I know that have chat support, a very select few can do anything more than apologize and give you a phone number to call or place to open a ticket.
I was genuinely impressed. I think this was because my issue was not trivial and I got to talk with developers.
A company of humans have decided that's ok.
I honestly don't think they know how. What I mean is, this just hasn't ever been a concern for them because their services were free so they don't have a history of customer service.
You can sue Google in small claims court for the value of the undelivered Chromecast and for the court fees you spent on suing them.
And, quite honestly, why would they at this point? They have millions of other customers they can ignore, that are still paying. Where are they going to complain? And how would other users in the same boat find such complaints?
It's certainly not right, but there's no strong incentive for Google to change how they're doing business right now.
1. Stir up enough shit on social media that some higher up at Google basically does ''sudo fix-problem <customer>''.
Of course, then google apologizes and promises to fix things for everyone else but they don't.
Exactly right. The only way to get them to even look at it is to have a friend who works at Google or have tons of Twitter followers and pressure them by tweeting the story.
I made an in app purchase (with a YC company nonetheless) and the company gave a limited period to cancel the service for a full refund. I cancelled the service within the deadline, and didn’t get a refund. I requested the refund from the YC company who said “they can’t” refund and I have to ask Apple. So I asked Apple for the refund included the YC company policy/purchase date/cancellation email and Apple told me I had to be refunded by the YC company.
With no recourse I did a chargeback and Apple blacklisted my debit card which basically bricked my ability to use my phone.
All these tech companies have their heads so far up their asses when it comes to cost cutting/customer service, it’s no wonder services like Twitter/FB serve as public shaming, complaint tools to access the otherwise inaccessible tech elite.
I'm curious, how exactly? As far as I know, you can always use the phone without a linked payment method. You won't be able to download apps or use iCloud, but unlike the original example, your cellular service will still function. Apps will still run.
(though the last time I lost my card, Apple figured out how to bill my new one without me telling them. Wonder if that goes both ways?)
What happens: Your card gets used, or you bought something there that didn't work. Sony refuses to refund, if you escalate to a chargeback they'll ban your account and prevent you from accessing anything you bought on their network (even if it's not involved in the dispute).
You are hyperbolizing. You can just use a different card. It's not like they killed your AppleID which wouldn't kill your phone regardless.
You can also use a prepaid credit or cash gift card to create an account or pay for Apple content.
Perhaps this US centrism colors Apple's view as well?
You don’t need a card to maintain or get an Apple ID (unlike implied bythe default user flow, it’s possible to get w/o one).
You don’t need a card on an Apple ID to download free apps.
You even don’t need a card on an old account to use apps from that old account on the same device as apps from a new account, you just need to be able to provide valid credentials for both (seems like triggers when the device is trying to update the apps in question).
It's also worth noting that many companies with subscription services specifically block signing up with gift cards. I do not know if this would apply to Google Pay or not.
iTunes gift cards are readily available at common retail outlets, which take cash, and can be used for apps, iCloud, and the rest of it.
Sucks that GP got his debit card blacklisted, that would annoy me as well, but “bricked”? c’mon.
When I signed up for my first Android phone, I created a new Gmail address for it.
When I decided to give Fi a ago -- and get a discount on a Nexus 5x -- I looked at how Fi commandeered any already-connected Google Voice number -- in a one-way process, by the way -- and used a Gmail account that did not have Google Voice set up. And kept my other number active on another carrier, by the way -- I wasn't porting it.
Fi can be pretty good, when it works. Google account management, on the other hand, remains a minefield of irreversible pitfalls.
I might suggest to Google, that they try re-introducing some orthogonality into their accounting structures. But, I'm tired of suggesting things to Google; they've had more than enough time to get -- or buy -- a clue.
It's a no-brainer. It sucks that their personal account support is so bad, but there is a solution.
And lose access to the consumer offerings for which Google isn't prepared to offer enterprise management features and/or support, or which just don't fit into their enterprise vision. Every time a new consumer service or feature product is released, complaints start from G-Suite customers about not having it.
Which isn't a big deal, perhaps, if it's not a service with interacts with others on your account, so you can just use it on a different account, but for things that you want to integrate together splitting different services to different accounts because not all of them are supported on G-Suite makes the services on both accounts worse than they would otherwise be.
Google One is the offering directed at this, though I don't know how good the support component is.
Same for Google Play store as a developer; didn't matter that I had a $5 account, different department so back to robo-emails you go.
But Fi is a service that the customer is paying for, they should not be subject to automatic lockouts without any way to get it resolved other than to "start fresh."
I would not recommend G Suite to anyone who is a consumer or household any longer.
Yes, none of the "Family" products are available for G-Suite. That being said, all of the functionality beyond saving money is there with G-Suite. The saving money part is important, don't get me wrong. But sharing photos, seeing your "family's" (aka, your G-Suite organization's) stuff, etc, that's all there. Its just packaged differently, and in a way that's more expensive and substantially more powerful.
YouTube Music is definitely available on G-Suite. So is Google Fi; I'm on a Fi device on my G-Suite account right now (they enabled this early 2018 IIRC). Google Spaces is a discontinued product that isn't available for anyone.
The Google Home and Assistant is the only area today within G-Suite I've seen really weird behavior because I use a G-Suite account. Things like accessing your calendar just don't work right, and often result in errors. That's a very valid issue.
There are sacrifices to both approaches. I will gladly pay the extra money to, in turn, get access to a higher tier of account level support, unlimited storage, and the custom domain name. There are also a few products that are only available to G-Suite customers. CloudSearch is a single omnibar search service that does deep, filterable search on every resource in your G-Suite across all of their services (Gmail, Calendar, Drive, etc). Vault is also cool; I have rules set up which retain emails indefinitely, so even if I delete them from GMail they're still exportable from Vault. The Google Titan Key was also a hardware product that was only available for G-Suite customers for a while.
I believe that being able to port your number is a legal requirement. It's unlikely a poorly designed billing system is a permanent exception to this.
This is illegal:
“Once you request service from a new company, your old company cannot refuse to port your number, even if you owe money for an outstanding balance or termination fee” .
Author should report Google Fi to the FCC once the government is back online.
Google is too complex of an organization, and the left hand doesn't know what the right hand is doing. So issues become lost between CS, security, and accounting.
I've seen this from the other side. I've also seen it get mitigated by giving someone (customer service) ownership of the problem, and giving them enough organizational support to twist arms in other departments as needed.
About 71% of the 17 million right hands are not aware that any other hands exist, much less the 13 million gripping hands.
See the problem here?
It's not that hard, invest in customer service, understand that not everything can be handled by an algorithm and you won't have these classes of issues. Is it expensive? Sure. At some point though you're going to need some system that allows human intervention when things have gone off the rails.
rofl thanks google you at least showed us you would treat everyone equally, and no exceptions even for your employees
So you've gotten agents fired? Or does the security department flip flop with a different answer each time?
I've thankfully never had to deal with Google support, so I'm curious about your experiences.
I'm surprised this is legal. Number portability isn't something phone companies offer out of the kindness of their heart; it's required by law. Does the law really allow them to hold the number hostage as part of a payment dispute?
EDIT: Nope, this is illegal:
> Once you request service from a new company, your old company cannot refuse to port your number, even if you owe money for an outstanding balance or termination fee
I looks like the OP should file a complaint (and if necessary sue?) over this point.
Indeed, this is so clear cut it makes me doubt the OP's story. Does Google Fi say they do this anywhere?
I don't see how that matters legally. The FCC requirement doesn't make portability conditional on some account status defined by the carrier. But IANAL.
If your port is delayed or denied, file a complaint with the FCC, as this starts the regulatory review clock ticking.
Unfortunately, customer support is a hard problem. Despite all of the advances in NLP, I still abhor automated customer support systems when I have a complex issue. Just let me talk to a human.
Google long ago ran the numbers on providing human customer support and realized it's not the sort of ultra-scalable business function that they like to invest in. Rather, they'd like to believe that they can build software systems that don't require human customer support. As an end user, this feels like too much hubris and not enough empathy. It may work from the perspective of a product manager looking at percentages on a dashboard, but it sucks as someone in the real world trying to get something done with one of their products that's not functioning as it should.
I use the full suite of Google Products, including Project/Google Fi. This article describes one of my nightmares— getting locked out of my Google account. I'm fortunate that I have good friends that work at Google that could help out in such a worst-case scenario. This blogger is fortunate, too. Undoubtedly, some Googler will read this post and help them out.
But the average person isn't so lucky. If you're Jane or Joe Schmoe in Middle America, you're going to be screwed when your Google account goes haywire. I've had friends whose Google accounts have gotten into weird states that prevented them from using Google services for no obvious reason. I suspect this is due to an unfortunate consequence of Conway's Law  at work in Google's identity implementation.
I think the problem is that Google is mostly about selling users' eyeballs to their real customers, advertisers. That's not a business of making individual users happy; it's essentially statistical in nature. With a search engine, if something works for 80 or 90% of people, that's great. If it's bad for the rest, well, tough luck for them. It's very hard to go from that to seeing each individual as valuable and important.
I agree Fi is different, and I think it's reasonable for you to want better support. I'm saying that since Google is not used to lines of business where they actually have to care about every user, I'm saying it's unsurprising you won't get it.
With the paid offerings you are the customer and comparing Google's CS to Toyota's or anybody else's is entirely fair.
Good point. Could telecom service (Project Fi) for individuals be moved to a different division of Alphabet?
Cue Larry Page's view on customer support circa 2000, and it still makes sense. Leaders fundamentally don't change views like that, and it impacts the organization - look at Zuckerberg's formative views on privacy.
But while it's easy to scoff at Page's quirks—his odd obsessions, his unrealistic expectations, his impatience for a future dangling out of immediate reach—sometimes his seemingly crazy ideas wind up creating breakthrough innovations, and skeptical Googlers wind up admitting Page was right, after all. That was the reaction in 2003 when Denise Griffin, the person in charge of Google's small customer-support team, asked Page for a larger staff. Instead, he told her that the whole idea of customer support was ridiculous. Rather than assuming the unscalable task of answering users one by one, Page said, Google should enable users to answer one another's questions. The idea ran so counter to accepted practice that Griffin felt like she was about to lose her mind. But Google implemented Page's suggestion, creating a system called Google Forums, which let users share knowledge and answer one another's customer-support questions. It worked, and thereafter Griffin cited it as evidence of Page's instinctive brilliance.
It's one thing to be able to "answer questions". It's an entirely other thing to have access rights to actually solve a problem and the authority to do so.
I've posted in the past and had nothing but fake call centres and phishing links posted, which eventually get removed, but I did click on some of them (in sandboxed malware-analysis browsers) and it took a lot of searching and knowledge to realise that the numbers were fake - and I work in IT secops.
If you use drive, sync it fully to a laptop.
It's not just Google, any service - paid or free, can and will shutdown your account. It's something you have to assume will happen to you - not just some random stranger on the internet. I don't know about you but I definitely don't want to deal with losing all my digital documents, pictures and most important all my accounts by losing my email address.
No one should be complacent about this.
Maybe I am paranoid, but I worry about that when I die, my domain will expire, and then someone will register that domain and set up email accounts with it.
They would be able to access so many services that I would have left open after my death. I still don't know how to handle this apart from leaving a fund to someone I trust to have my domain renewed for a few more decades after my death.
One of the reasons I am in the process of moving all of my domains to Gandi is because they appear to be the only reputable domain registrar that supports U2F. I take security extremely seriously when it comes to my domains.
I use Gandi and am quite pleased with their security settings. Not only is my account secured with an absurdly long password, I have U2F enabled and I have enabled the IP restriction list so that authentication only succeeds when coming from one of them. They even fixed my only quibble. In the past, if I logged in with valid credentials but from an unlisted IP, the error message would say "you're coming from an IP that's not permitted." Now the message for all types of failures--bad password, wrong IP, incorrect TOTP code--is the same so an attacker can't confirm valid credentials.
The good news is that you will be dead, and so you won't be worrying about anything at all.
Though, my nameservers are on bluehost. My biggest issue is figuring out other aspects of google-tied-ness. For example, everyone has my @gmail email right now. Websites, newsletters, contacts, everybody. Untying that will take a while. Also, I use Inbox for organizing my mail, and I like that a lot. I need to figure out a way to get similar functionality while using a email@example.com domain... either forwarding or something... but then how do I send mail FROM firstname.lastname@example.org?
Mail stuff is so obscure to me, I'd love to sit down and learn it sometime but there's always something "more pressing" for a work project or whatever for me to learn.
EDIT: So, I decided to give it another go. Seems impossible through Inbox, but through gmail I found a thing under settings to "add another email address I own" that lets me input manually the SMTP information that bluehost shows for my email. Might be working, who knows. I'm stuck waiting for google's "verify" email to turn up in my bluehost web inbox.
I haven't set my gmail to forward to the new email yet. I've spent the last month or so unsubscribing from a lot of email newsletters. Once I get the mail volume down even further, I'll setup gmail to autoforward and then give out my new email to those who need it.
I haven't yet found a Google Calendar substitute but that's lower priority right now.
1) a technology arises
2) usage spreads across consumers
3) consumers become deeply reliant on it
4) megacorps coalesce dominating market power over it
5) consumers demand protections from the government
We have to get to step 5.
What are protonmail policies for unwanted user? Lockout? Backup?
$50 for you might be a whatever amount, but in few places it is a lot, and not desirable or able to spend this much on email.
By any chance do you work or connected with protonmail? I am connected with neither of all three, but have accounts at all three, just like anybody else.
Support was completely unhelpful, and after escalation reported back that the Fi team has zero visibility into chargebacks from their carrier partners and ergo could not diagnose the cause of the usage discrepancy. The lack of accountability on Fi's part, in addition to various annoyances (handset tendency to select Sprint coverage despite poor performance; handset tendency to override manual carrier selection to the detriment of service reliability; generally worse reliability and coverage than my previous carrier) led me to move back to Verizon. I pay an arm and a leg for my service, but at least it's highly reliable and available.
Cellular service is much cheaper in Europe than in the US, so you might as well take advantage of it. International calling plans for American phones are horrendously overpriced.
Of course, the downside is that I couldn't call or text anyone in the States, but who cares? That's what apps are for. I was able to talk to and message friends/family in the US using Facebook messenger and LINE. While on my hotel's free WiFi, my VoIP calls cost me nothing.
Personally, I would have gladly paid $12 to not have to go to a store in foreign country, switch SIM cards, have to worry about hitting the 3 GB limit, lose the ability to call or text anyone in the states, etc. But to each, their own.
First, EUR15 is about USD$17.25 for me, or it was when I was there. 1.2 is a lousy exchange rate.
Anyway, that quibble aside, saving $12 is more that worth it: having to use Fi at home would mean having to use the T-Mobile network, which in the US is absolutely horrible. I've used T-Mo in the past, as well as Sprint, and they're both lousy; they just don't have very good signal quality, especially if you get outside a major metro area.
>Personally, I would have gladly paid $12 to not have to go to a store in foreign country,
Personally, I would gladly pay $12/month to use a cellular network that doesn't suck in the US.
>have to worry about hitting the 3 GB limit
They have prepaid plans there with lots of different data allowances: 0.5, 1, 2, 3, 5, etc. Pick whatever works for you. I didn't come close to using my 3GB, and could have saved even more money by getting one of the smaller plans.
>lose the ability to call or text anyone in the states,
As I said before, I had no trouble using apps like LINE to do this, and was frequently sending texts and photos to people that way while I was walking around. If your friends are too stupid to use a messaging app instead of SMS, then I can't help you. SMS is the worst way of texting. But, to each their own.
Is there a better option than Fi for this type of trip?
edit I checked the Lebara data rates and it’s all included in the normal quota, except for Switzerland at £15/MB, so... maybe not
Some countries have extremely good value pre paid sim cards with 20 gigs of data often coming in under €20 a month.
I couldn't be convinced to switch to Fi, and frankly given the horror stories, not sure that I trust google should I ever fall afoul of their platform exclusion and zero support or transparency.
We switched to Fi because we travel to Europe frequently and Fi doesn't charge extra for it, the phones just work when you land.
I used to describe them as 'animals eating their own young'. VC money goes into a company, mobile carrier gets all the profits (and often, thousands of hours of free QA), company craters.
I got a dual SIM phone three years ago (One Plus in my case), best thing ever. It's also one reason why I won't consider using iPhone.