That's your real-life, not just your online-life. Your GMail account isn't even related at all to your YouTube identity.
Remember: if you aren't _at least_ paying for your e-mail service you don't own your own mailbox. When was the last time you made a backup of your GMail account? What contingency plan do you have in-place if Google ever accidentally, unintentionally, or in this case, intentionally, shuts it down?
(Disclaimer: I pay $20/mo for an Office 365 E3 account for my personal mailbox)
They want to be the identity of the online world, they need the responsibilities that comes with it.
I had a time a while back when my youtube account got blocked - and then I found that googleplus had put a block on the account and it auto-blocked the youtube videos - and they said all the videos were find for youtube and no problem there - but they would not go over the heads of the googleplus team, so we were screwed.
we should have posted on many more sites your advice about "you don't own your own mailbox. When was the last time you made a backup of your GMail account? What contingency plan do you have in-place if Google ever accidentally, unintentionally, or in this case, intentionally, shuts it down?"
like how this site has recently added info about big G's censorship: https://news.ycombinator.com/item?id=21490272
most people don't know about these issues - they just assume gmail will be there, and google's search shows truth.
That guide assumes you're using postfix as your MTA. For exim, their documentation can be found here: https://www.exim.org/exim-html-current/doc/html/spec_html/ch...
Distributions often have their own documentation, for Debian: https://debian-administration.org/article/718/DKIM-signing_o... and https://debian-administration.org/article/719/Avoiding_mail-...
Keep in mind this is all to increase deliverability of your outgoing mail. You may also optionally want to check SPF and DKIM on incoming mail to cut down on spam: https://debian-administration.org/article/721/Validating_SPF...
I see this story as Google's equivalent of when Valve would ban people from Steam for crude comments they made on the Steam forums, which I understand meant they forfeited their entire game library - or Amazon banning people for reviews.
If there is going to be any law or legislation - it should be to require service companies like Google, Valve and Amazon to treat the customer's "online personality account" (i.e. forum account, "community" account, etc) separately from their "value" account (i.e. whatever that which has _value_, be it their Steam library, their GMail mailbox, etc) - or at the very least, companies must be required to export 100% of the data in an account and providing that to the customer/user in the event they shut down an account (with reasonable constraints, such as the account having existed for at least 3 months and having been in good-standing until this specific incident, etc).
And under no circumstances should anyone lose their software copyright licenses for violating a community ToS - feel free to ban them from the forums, et cetera, but being banned from the Steam forums must not mean they lose the right to play the copy of Half-Life 2 that they paid for.
I found a persistent XSS vulnerability on steamcommunity.com once upon a time. It used to be if you were playing a mod, the name of the mod could be shown in activity graphs and screenshot views. This was not sanitized whatsoever.
After 4 weeks of no response from their official email contact, I posted it on the (then entirely detached vBulletin based) Steam forums, with a notice I had disclosed the issue to all known to me @valvesoftware.com email addresses (including security@, which didn't bounce)
I had my account disabled, and spent 3 weeks emailing them asking what the fuck that was all about. It got re-enabled silently.
And keep backups of your email.
Then, even if your account gets shut down, you can get up and running elsewhere quickly.
By hosting your main email on a custom domain(not a provider) you open a new attack vector for identity theft.
Someone can hijack your godaddy/namecheap/gandi account and point the MX DNS records of the domain to their own server and receive all your "Forgot your password? here is the link to reset!" emails
This a very bad advice unless you actually know what are the risks.
I use namecheap if that is relevant--maybe there's a better/more secure registrar to move to.
But I guess, equivalently, someone can just equivalently hijack your email account directly if you use a service like Gmail or Yahoo.
The thing is, of course people can hack your gmail or yahoo mail somehow, but when you host your own domain, you have the same attack vectors + dns hijacking and this last addition is easier to exploit with social engineering. Google atleast is virtually immune to DNS hijacking.
Basically it goes through Expired, Disabled, Deprovisioned. During Expired users have access, Disabled only Admins have access, Deprovisioned is gone. Those are usually 30/90 days but it varies by how you purchased.
Not sure about Personal/Home, but I suspect it's similar.
I am with you but I think protocols and apps that are designed to allow users to own and host content on primarily their own device would be great.
For mail, what if email was always delivered to device for free and you pay a service provider to mirror it so that while your account is active,they provide backup,spam filtering and content search on their servers?
It's time people separated the hosting of email from the interface (the address).
Most domain registrars have free email forwarding so you can forward *@domain.com to your gmail. This by itself is already good enough for signing up for things or resetting passwords.
If you also need to send from that domain in gmail there's just a few more steps: https://support.google.com/domains/answer/9437157?hl=en
Behavior like this is completely unacceptable, it is equivalent to store owner throwing you out because he thought your hair are red.
People whose accounts are being suspended without warning, without explanation, and without a way to appeal, like in this case, should be able to sue the company for a large sum of money, so that company knows that breaching contracts is not a good thing.
The job of government is to help people establish contracts between themselves, and to help keeping the explicit and implicit terms of the contract. The random suspension of account is likely a more serious breach of contract than selling private data to third parties.
This comment gives a lot more context:
IMHO, it seems a lot more reasonable.
>The emote spam in question was not "minor", the accounts affected averaged well over 100 messages each, within a short timeframe.
This is a crazy bad take. 100 messages in a few minutes is totally normal for live-streams. Just hold the ctrl-V button and... oops, your G-Mail is locked.
That. Is. Crazy. I worked at Twitch and the idea of disabling someones Amazon account for spamming emotes (even temporarily) is completely insane.
A small site like HN can block someone by mistake then apologize and say "Yeah, we definitely fucked up there", but google pushes gmail to make it essential for everything: login to phone, login to chrome, built in password manager in chrome, oauth login to third party sites. So it must handle things much more carefully.
Google, you're being paid by advertisers for that content. You hold people's entire livelyhoods in the palms of your hands. No individual's ability to access their email should depend on the number of emoticons they're putting into a chat channel.
Step up and put a bit more of your billions of profit every year into making sure you're not destroying lives by empowering poor automation.
This is just a common sense, because with their current approach of nuking everything and then sending explanations to the blocked email account they are eventually going to upset either enough people or someone wrong, and that will cost them way more.
A billion dollars has a lot of employment power. And Google makes around $8-9 billion in profits.
Also, if you're running a service that's grown too large for you to properly manage (which clearly is happening, even to Google), then if you fuck it up, that's still on you! There's no fundamental right to build a really large thing, if you can't manage it properly. So they thought they could get around this limitation with AI and robots, but that doesn't work well at all. That doesn't mean you can go "oh well we're trying, but there's just too many videos being posted!" yeah well DUH that's because you keep on growing while not having the resources to keep up with the videos being posted.
It's like I built a skyscraper but people keep getting hurt in it cause bits are falling off and the floors aren't strong enough. I can't just go: yeah I built this huge skyscraper and I really TRIED reinforcing the floors with duct tape but it just doesn't work well enough. There's really nothing I can do, there's just too many floors, we're doing the best we can and it's unavoidable that some people will (literally) fall through he cracks.
That's not reasonable, I probably just should give up on the skyscraper or sell it to someone who can take responsibility for it.
Common misconception. Let’s assume something as bad as a criminal in prison. Well, they still need their emails. Perhaps not in prison but at least for their recovery. Or to access their bank account. Their retirement funds. Their social security. It’s a misconception that there could be a good reason to entirely revoke any account.
Youtube is different. It’s a broadcasting tool.
But i was not saying that explanation alone would make suspension ok, i was saying that the lack of explanation is an aggravating circumstance in this case.
It baffles me, they hire some of the worlds more intelligent people but the products/systems they produce are constantly idiotic and daft.
By hosting your main email on a custom domain(not a provider) you open a new attack vector for identity theft. There was an article on HN just a couple weeks ago about someone getting hacked by exactly this attack form. IIRC it was godaddy having stupid verification process.
Maybe suggesting a paid email provider would be better, does anyone know of any reliable email providers that you pay for what you are getting and they are not selling your account data or block you for some reason?
So you'll never know if any mail you send to a gmail user (which is pretty much everybody) will ever actually reach an inbox
These cases were to the same person, from the same computer and account - some would go through and some would not, some could be found in spam box, others just vanished -
then I started calculating the time I spent writing some emails that I never got a reply to - like hours of writing - and I though I was just ghosted for a competitor - turns out it's likely they never saw the work I sent.
I have witnessed this with 3 different receivers the past year.
The last back and forth I just resorted to using my personal gmail account to communicate with new business associate as the receiving was so erratic. At first they wondered why google was putting stuff in spam folder that did not belong there - then it just turned to non-stop frustration and delayed thumbs up on work orders.
the algo should know if you sent one email and they opened and read and replied - and you sent another, it should not matter if you put in the second email, 'your desire to do Z with your web site is understood, and can be done, but you may run into a bad SEO issue that could affect where your site displays in search results, so instead we reccomend not doing X and instead doing Y.."
something like that - so many times is seems that the anti-spam seo hating google teams trump and destroy all the things, regardless of false positives - and no transparency which hurts people - but saves the secret sauce of the anti-spam team I guess.
This is a tough place to be in when so many use gmail.
The privately owned tyranny has much less power, and when it becomes bad, government can intervene.
So while no tyranny is ok, government deserves much more attention, because it is the more powerful tool, that needs to be protected much more vigilantly.
Let's just agree that both can grow bad. It's just that clearly, governments+people can grow a LOT bigger (in absolute number of people) than a corporation, before it generally goes bad.
None of the largest corporations are really trustworthy, and neither are the largest countries stellar examples of good governing. The difference, however, is an order of magnitude more people being "managed". Apparently Google (Alphabet) employs about 100,000 people, most of them subjects not rulers. That's just a very small city or large town.
If we compare this to a small-medium sized country with a reasonably well-working economy, the difference becomes laughable: The corporation is a much, much, smaller group of people, with a disproportionally unwieldy huge amount of power, completely unable to control themselves and behave in an ethical manner. It's pathetic. YES they absolutely need a government to regulate them just like a baby needs someone to change their diapers.
I don't think it's so easy to separate the two. A corporation is not a real thing, it's a legal fiction created by a government. If a corporation acts badly, it's really the government that allowed it to act badly.
The complications occur when a corporation obtains enough power to be able to influence the government, and thus the ability to influence the rules by which it abides, like a recursive program which is able to alter the mechanics which created it.
At this point, the difference between government and corporations start to blur. It's entirely possible for a corporation to be initially created by a democracy at the will of the people, but over time, as its size and power grows, is able hold the government captive, and control its own rules.
Sadly, this is not just a hypothetical thought experiment.
Google employees, you hold too much power to be so arbitrary with your bans. You hold people’s digital lives (and, with Android, a portion of their physical lives) in your hands. Please be a bit more responsible with that power.
While smaller creators in similar situations are completely out of luck. Throw a support ticket into the ether. And just have to hope more and pray a bigger Youtuber picks up their plea and their video gets popular so that it gets fixed.
There is simply far too much on the line here to not have protections. The use contract of email providers needs to regulated.
Note that trust != reliability. Trust is an extension of faith beyond available information. Reliability is a statistical measure. You can achieve higher reliability with low trust through surveillance, enforcement, punishment, and/or a limited-options environment. But that's not engendering trust (and may actually be a reasonably good summary of why tech tends to break down trust -- I'm still thinking this through).
Keep in mind that trust is a two- or multi-way street. In our mediated relationships, there's trust between user and provider, provider and user, and third parties. Any or all may be or contain untrustworthy elements. And the channels of information are limited making decisions on who or what to trust challenging.
It's complicated. Though I think Google can and should do better.
"Google may also stop providing Services to you, or add or create new limits to our Services at any time."
Why would anyone trust Google with any important part of their lives based on this kind of behaviour?
Repetitive comments: Leaving large amounts of identical, untargeted or repetitive comments.
Actually they call this stressful work and actively explicitly are working towards not getting workers to do this work for their own benefit if you believe HR and the mental health supporters of this policy.
I forget the actual term it's something like "Mental Health Ops'.
Why should Google make their contactors suffer digging through video chat when they can get an AI to do it for them? This is literally their policy, it's not satire.
Excuse me? Why can't they get better data?
It seems here they used email spam data to mark chat from stream. Or something similar along the line.
If you ever watch Twitch livestream people spam, it's encourage unless it's a oneman spam.
Twitch system is much better. Even if it's subjective I'd take that over what Youtube currently have right now.
Also they could validate their model better before rolling it out in production and ruining people lives.
Is g00gle harvesting mobile numbers?
2. They are lying through their teeth about the accounts being reinstated (many have not been), as well about the SMS thing, given that the video shows actual screenshots of people being denied having their accounts reinstated, so obviously that SMS thing doesn't work at all as they claim it should.
So no, I’m not going to start shopping with Google Wallet no matter how many coupon offers they send me.
Sure you could create a new Google account and use that with your phone, but Google's going to know it's the same person (same phone number, places where you have to enter your name, same credit card info if you're purchasing any apps on the Play store, same physical location and movement patterns, etc.) and can simply ban you again. You'd like to have Chrome syncing things between a desktop and laptop? Nope nope nope.
Which effectively means Google's own engineers don't understand what is happening or why.
Just from my own experience, I've been locked out of my Google account, my real Google account, and of course, when the company, as it on very rare an infrequent occasions does, cancels services, found myself (and a few million others) scrambling to salvage content and communities.
Others have had slightly worse authentication/access situations.
To be fair: the problem is a complicated one, and Google sees a lot of abuse. Or, as in Mariplier's community's experience: activity which looks a lot like spam, at a multi-billion-user scale, which can make assessment difficult.
(Though as has been pointed out: if scale of operations makes reasonable levels of service provisioning prohibitive, perhaps you shouldn't be operating at that scale?)
Google do manage to cull a lot of spam, abuse, and other crud. In my some-time career of trying to get hard numbers regarding aspects of Google+ membership and activity, I found:
- G+ communities were being created and deleted at a prodigious clip of thousands per day. Even in the final months of the site, several hundred thousand new communities were added.
- A strong predictor for whether or not a G+ profile would be deleted was if it had ever posted public content. By a factor of about 10 over profiles with no visible content. Presumably, many of these were spam or other abusive profiles.
- The very most active profiles across a small sampling of recent Communities posts were spammers, and by the time I'd gone back to verify the top few, most or all their content was removed.
When you're operating at large scale, it's difficult to make discerning, accurate, fair, or consistent decisions. That's understandable.
But you should be aware of this and design systems to recover gracefully from errors. Which includes not discomfitting, annoying, or distressing users excessively. Someting Google have repeatedly failed at.
1. The day that item ran, the top three items on HN were either directly or indirectly about my experience or frustrations with the then-new Google+ - YouTube accounts merger. https://i.imgur.com/YgEjUuI_d.jpg?maxwidth=640&shape=thumb&f...
at the very least, getting your entire Google account banned over it is completely insane.