Hacker News new | past | comments | ask | show | jobs | submit login
What would you do if you lost your Google account? (viktomas.com)
558 points by vicek22 on May 3, 2020 | hide | past | favorite | 489 comments



Let's go a bit more general.

I operate on the realization that google will one day arbitrarily destroy my gmail account for absolutely no reason. At any time. Because. Due to reasons. Those reasons which include the knowledge I will likely never have anything clearly explained. Reasons I cannot appeal. At all.

This is what free gmail means to me. Same goes for youtube. Especially youtube. Videos can be deleted for no reason. Better keep copies.

Famous people have lost content on google and youtube. Blocked emails. Lost videos. etc etc. I'm a nobody. If famous, "important" people have their accounts "accidentally" deleted, what hope do I have? None whatsoever.

I have no idea what google would be like for paid accounts of my own but I was working with a company that did and the support wasn't terribly helpful during a email migration so I'm unimpressed. At least they responded to my emails after a few days.


Google is running a free service and have limited resources for customer support. I think everyone understands that. But why can't they make better use of that support using algorithms and data analysis?

For example, they probably get thousands of requests for account assistance. But they have full access to the emails in the account. And related metadata like age of account, volume of emails, other services used (Android apps released, Youtube videos created), and others. It should be simple to create an algorithm to prioritize the requests. So if an account was created a week ago and doesn't have much history? Low priority. An account is 10+ years old and has regular bank statement emails incoming? Highest priority.

And if that's too much work, just provide a paid option. Tell users that if their issue is really important, then pay some amount (such as $50) to get immediate urgent support. The user with a one week old account won't care enough to pay. The spam scammers obviously won't pay. But the user with all bank accounts, brokerage accounts, other important services going through their gmail account? They will likely pay to get assistance.

Instead every account gets the same shitty treatment. They could easily identify the important accounts to look into first using data analysis and algorithms. They're supposed to be good at this stuff! Or provide a paid option. Or do both. Only explanation I can think of is that it doesn't look good enough for a promotion so nobody at Google cares.


They really don't seem to care. I run a site with AdSense. Google makes about 20k a year in commission from my site. I get zero support.

1. My ad clicks went from a steady 500 a day to 1-5 a day and my revenues plummeted. I contacted Google. After one month of of being passed around they tell me they're not allowed to disclose what's wrong, but I can try labeling my ads as "Advertisements" on my site. One month of waiting for that response.

2. Recently Google started clawing back 50% of my monthly earnings at the end of the month. It's typically 0-10%. However, it just jumped to 50% the last couple of months. So they give me daily reports that I'm earning $150 per day, and then at the end of the month they just say nope, we're actually going to only give you half of that revenue. Oh, and we can't tell you why, that's confidential. I searched online and found lots of people recently reporting 30-80% of their revenues are being taken away. No one can get a reply from Google. What's even worse, I use header bidding. So someone opens my site, Google says they'll pay X to show an advertisement to that user, they outbid my other networks, and then a month later they say they can't actually pay that price. Meanwhile, my other ad networks could have shown an ad, but Google outbid them with a price they're not willing to pay.

3. I tried to setup an in house advertisement the other day using Google DoubleClick. The idea is that I create an ad for my Patreon page, and if none of the ad networks I run can pay more than X for that impression, then it shows my Patreon advertisement. Well, Google says Patreon is malvertising, and they won't let me run a display advertisement on my own site, linking to my own Patreon page. What does that notification say in the ad manager? It says they can't disclose any additional information and not to contact them.

This company is a joke. They've collected at least 100k in commission from me, and I get zero support. I'd like to fix that issue resulting in half of my revenue being taken away each month. Nope, no one I can talk with, and if I do talk with anyone, they can't disclose that information or what ad unit is the source of the issue. I need to try making a change, and then cross my fingers that one month later I don't lose most of my revenue. It would probably take a year to understand the issue with monthly experiments. Anyway, I'm in the process of removing Google from my life now. I have zero respect for that company.


A lot of people have Google horror stories like this.

I’ve had a gmail account since early beta. I upgraded to their $10 per month for 1 tb storage (which they recently increased to 2 tb). I recently got a better deal from Microsoft so want to switch. So over a week ago I deleted my entire Google Drive. Except it put everything into the Google Drive “trash” that still counts against me. I immediately emptied the trash except that literally did nothing that I could tell.

Then, about 100 GB per day has been freeing up from the trash for the last week and a half. I can’t cancel the extra storage until this is complete or I’ll stop receiving email on my gmail account. At the snail’s pace that it’s freeing up storage on my Google Drive from the trash they’ll be charging me another month. It’s ridiculous. And as a paying customer there’s no practical way to contact them.


> And as a paying customer there’s no practical way to contact them.

Support is one of the things you get if you pay for storage, though?


Support is one of the things you get if you pay for storage, though?

Yes, and it's completely useless. Their user interface is such an anti-pattern that it has to be by design. All I want to do is delete everything in Google Drive and delete everything in Google Photos. For Google Photos, the fastest way to do this is to zoom out ridiculously, hold the shift key down, click the first photo to delete, then the last photo you can see on the screen and then release the shift key, click delete and repeat like 200 times for the number of photos I had on there. Oh and don't scroll out TOO much or your browser will just crash. Seriously, this is their answer to deleting photos.

And Google Drive is no better. 1.2 TB of files from my drive and cleared out the trash at least 75 times but a week and a half later I still have over 100 GB in phantom files. And suddenly all these additional images showed up when I click on Storage in drive.google.com and you guessed it - I have to delete them one page at a time. It's like they're doing anything to make sure you can't get your account under 15 GB so you can stop paying them money. And their support just gives generic advice like what I've typed here.

I've switched entirely to the new Microsoft Edge for browsing, OneDrive for storage and the only thing I have left is an ancient gmail account that I'll likely be switching over to Fastmail.


One time I had a friend send me a few thousand photos on Google Drive. I tried to download those. Oh boy. Do too many at a time and it'll crash, otherwise it's select a few dozen, wait 5min for Google to zip them, then download and repeat.

I finally solved my problem by interfacing directly with their API and writing a Python script to recursively download larger folders. It's sad that I was forced to do that, but it worked.


> It says they can't disclose any additional information and not to contact them.

I think this is the most troubling aspect of Google (free) services. This is why I bit the bullet a couple of years ago and started running my own mail server. The buck stops here :)


Google does actually have a paid option. Buying extra storage space for Gmail and Google Drive (Google One) is theoretically supposed to come with support, as one of their touted features.


Aside from Google One, there is also GSuite: https://gsuite.google.com/

I pay for a personal google account there. It gives me the peace of mind everyone's talking about. And I get customer support when I need it.


Have you ever used that support?


I have. Multiple times, both for my personal account as well as the accounts of clients that I manage. In fact I just used support yesterday (a Sunday in Fiji, the weekend everywhere) to help migrate a client from Google to a local Google Reseller (so they could get invoiced in the local currency).

My total monthly spend with Google (between myself and my clients) is relatively tiny (under $100 USD).

In my experience, the support has always been stellar. Starts with chat (which I prefer), but if that isn't enough to resolve the issue, it gets escalated to a higher level and an offer for them to call me.

I live in the middle of the Pacific Ocean.


> In fact I just used support yesterday (a Sunday in Fiji, the weekend everywhere) to help migrate a client from Google to a local Google Reseller (so they could get invoiced in the local currency).

Haha, I last used it for the same reason :) What a dumb system that is…

But overall I've had success with GSuite support yes. I mean, I've not often needed it, but part of it is knowing that it is there in case my account does get fucked with. Huge reassurance.


There are drawbacks to G Suite not being considered a personal account. For example, you can’t use a G Suite account with Google’s Nest.


I admittedly don't have a Nest, but I've encountered extremely few limitations in my day-to-day usage of GSuite as my sole google account. The only one I can think of from the top of my head is, asking "ok google, when is my next meeting" gives me an error about gsuite not being supported (yet).


- No Google Play reviews - No Google One (can't share storage with family) - No Google Drive->Photos sync (They have completely removed this feature now) - A few other limitations I can't remember. I switched to a regular Google account now.


lol google's "make new product to get promoted" thing seems hella toxic.


Imagine the hate Google will get if they charged $50 for support. People will say it's a 1 month earnings in some countries.


I think it's just cheaper for them to not care.


> I operate on the realization that google will one day arbitrarily destroy my gmail account for absolutely no reason.

No! We need to demand more from Google (or, at least our lawmakers). I have a business that relies on a Chrome extension to be on their web store.

Say I accidentally trip off something in their opaque machine learning algorithm that determines my extension (or even a YouTube comment!) breaks their terms of service. They would have the right to completely block my account and remove the extension. Effectively, wiping out how I make a living with a single automated bit flip.

It hasn't happened to me, but the people that share horror stories of how it happened to them scares the $#!7 out of me.

As the Internet gets more privatized and less "open", I just wish there was something that required a fair "trial" of my account being suspended. The balance of power online is slowly shifting and I feel there needs to be something protecting the rights of individuals (the public) online.


> No! We need to demand more from Google (or, at least our lawmakers) [...] a fair "trial" of my account being suspended.

I wouldn't hold my breath. I encourage people to put their money where their mouth is. E.g., I host my email with Fastmail.com. is that free? No, and thank goodness.

Google's core business is selling your eyeballs to people who want to influence you. Their relationship to eyeball owners is statistical; as long as they are providing adequate quantities of wallet-connected eyeballs to the highest bidder, they do fine. This drives a fundamentally different culture than businesses that live and die by customer relationships. And culture is extremely hard to change.

I don't know Google's numbers offhand, but Twitter's revenue is about $1 per eyeball-pair per month, with per-user profit much lower. Think about your salary, and then think about how much work you'd be willing to do for a given account. By my numbers, handling one medium-sized customer service issue could easily wipe out an entire lifetime of profit.

And that's before we even get into the literal millions of scammers, jerks, loons, and mafiosi that would a) happily misuse a Google account, and b) will eagerly waste hours of customer service time lying up a storm. Every extra inch Google gives an actual well-intentioned user means a few hundred miles taken up by that lot. Which is expensive indeed.

So I am entirely grateful that I'm paying Fastmail $50/account/year. That builds a culture of wanting each customer to succeed. Of wanting customers to say good things to potential customers. Which means if that there's some bump in the relationship, they're going to at least hear me out. If you too want that, please pay people money for services.


Google (or Twitter) could offer on demand customer service. To open a ticket you pay $50. If you don't need customer service, you pay nothing.


Provides a perverse incentive to offer bad products and not solve common problems. Unless they had a clear policy to refund the support cost if it was their fault.


Totally. It's the customer service version of this: https://dilbert.com/strip/1995-11-13


One of those fonts is not like the other. Is that something Yahoo did?


Good question! I doubt it. Yahoo launched only 6 months before that comic strip was penned, and the number of daily internet users at the time was small. And their 1995 logo was... different: https://logos.fandom.com/wiki/Yahoo!


You can't change company culture that easily. Either user is the king or they are not - you can't have it both ways.


My personal email has been the same earthlink.net address for about 25 years now, and it’s been pretty worry-free in that time. My email client keeps all my email locally. I pay for service, I get that service. I guess it’s possible they’ll go out of business someday, but I’ll deal with it then. I don’t lose data over it.


How good is spam catching on those email providers? Because I'm disappointed as heck in my old Hotmail/Outlook account's spam catching, and if MS can't do it right what hope to smaller players have?


So far Fastmail has been quite good. My email address is ancient, so I get a ton of spam. (Over 99%, last I checked.) I see less spam with Fastmail than I did with my layered, carefully-tuned anti-spam filters.


> Their relationship to eyeball owners is statistical; as long as they are providing adequate quantities of wallet-connected eyeballs to the highest bidder, they do fine.

And people will leave Google for another free email service if even a small percent of people begin to lose their accounts.

Google definitely has an incentive to keep email functional.


Again, it's statistical, not personal. I agree that if they get up to the level of, say, accidentally banning 1%, that might be a problem. Maybe not, though, as changing email providers is a giant pain. But if it's 0.1%? Or even 0.01% per year? People will write it off as anomalous and stay with Google. However, that's ~100k-1m people per year who get totally screwed.


Me: 1k, oh well. 10k, glad it wasn't me. 100k? uh... I better look into back up solutions. 1m, I'm migrating now.

Average person: 1k, "what glitch?" 10k, "So what." 100k, "It didn't happen to me." 1m, "I don't use it for anything important anyway."


But with services this big people don’t look at the percentages, they look at the hard numbers. It doesn’t matter if 1M people are <0.1% of Google’s user base - if they lose their data people will start migrating off, because that’s a scary number, and the media will report “1 MILLION people lost their accounts!”, not “0.1% of people lost their accounts.”


And how would people know?

Google has ~ 1.5 billion users. If something happens to 1 in 1000 people, then a) it won't happen to most people, b) most people won't know anybody it happened to, and c) maybe it happens to a friend of a friend. If they hear about it, they will likely say, "Oh, I'm sure there's a reason."

A reporter might hear stories about people who lose their accounts. They might even find those people. But so what? Right here in this discussion we're hearing those stories. Could this be happening to a million people across the globe per year? Sure. Does anybody know the true number? Nope.

So if you could discover the hard number (which you can't), maybe you could get a tech reporter to write about it. Then Google PR would go into action. They'd say correctly that it's a small fraction of their users, that keeping everyone safe is a difficult problem, and that they work hard to make sure everybody who should have access does, but sometimes people get swept up in Google's crime-fighting. All of which is true! Then they'll turn back on the accounts of the people the reporter actually talked to. PR will say that they've made process changes that have solved the problem, the reporter will include the happy endings, and that will be the end of it.

Just for comparison, tobacco kills about a half-million people a year in the US. It's totally unnecessary, but it's profitable for the tobacco companies. As long as it's killing somebody else, people are basically fine with it. If they can be chill about that, they will certainly be chill about you losing your Google account. They'll think you probably did something.


> No! We need to demand more from Google

Demand all you want. Remember that you're not a customer, you're a user. Google offers their free services to keep you in their ecosystem, which allows them to collect more of your data and serve you more ads.

Users are much more disposable than paying customers. So what if they piss off a few users? As long as most people keep using Android, Chrome, Google Maps, Google search, YouTube, etc, there is no risk towards their bottom line.

Sure, you could try to go after them with government regulation, but they have tons of lobbying power. On top of that, even laws with the best intentions can often backfire and sometimes do more harm than good.

The only thing you can reasonably do is recognize your position and make sure you are never dependent on Google. You can still use Google services; just make sure you have a plan for when that suddenly stops being an option.


Even being a paying customer has little value. Remember that Jordan Peterson was #15 of Patreon with more than $1m revenue if I’m correct, yet he was removed abruptly, I think in the wake of being referenced in the Christchurch terrorist (together with his book being forbidden in NZ).

Even paying customers can be removed without trial.


This isn't quite correct.

Peterson wasn't removed, he left in protest, along with Sam Harris and others, after Carl Benjamin ("Sargon of Akkad") was removed over what Patreon considered to be a policy breach. [1]

I'm not expressing any position on whether or not the Carl Benjamin ban was valid, I'm just wanting to correct the record.

[1] https://www.businessinsider.com.au/patreon-crowdfunding-plat...


> I have a business that relies on a Chrome extension to be on their web store.

Except some very few regulated things, no store has an obligation to carry this or that brand of product. Even in retail.


The distinction is that a mostly sane person decided to stock Hot Pockets at the grocery store and will likely continue doing so and if they stop it won't be for a random reason.

The way it works with Android apps is if some random code quality shell script of questionable quality flags your app, the app will be removed and you will get a lifetime developer ban from Google. There is no human in the loop and no appeals process.

Because there's a monopoly for Android apps, there is no reason for them to ever improve customer/developer service.

An excellent analogy would be getting banned for life by a programmers union if anything you write ever fails a valgrind test. Doesn't matter if its a bug in that revision of the valgrind test and there will never be any human contact in the process.

"I've been banned from google and I don't even know why" is a weekly discussion topic on android development forums.

Even funnier is Google implements guilt by association. So if you have a similar email address or ip address to someone who gets banned, the same shell scripts will lifetime ban your account under their ban evasion policy.


Google Play does not have a monopoly on Android apps. It's not even included on phones sold in some countries. Numerous apps, including high profiles one such as Fortnite, have not been distributed in the Play Store and there are several alternatives appstores around.


Fortnite just launched on the Play Store because of how impossible Google has made it to distribute Android apps outside of Play.


> because of how impossible Google has made it to distribute Android apps outside of Play.

Or because of how much of a larger audience the Play Store has.

Installing an APK from a website has never been an easier process. I do not see how Google can simplify it any more. You are asked 2 things:

- Can we allow your browser to download files?

- Can we install this app on your device?


Google set Project Zero on finding exploits for the Fortnite installer and then engaged in a media campaign to promote how scary installing it was.

I would say in addition to the "scary stuff" warnings Google employs on devices, they went out of their way to harm any serious contender for outside distribution.

Epic also went on a significant campaign to be allowed to distribute through Play, but utilize their own payment provider, but Google's monopoly wouldn't budge:

Google's Play Store demands aren't about security, they're about the 30% taxation.


> You are asked 2 things [...]

Can you provide references?

On at least four Android phones to allow installing unsigned APKs I've had warnings about "Scary Stuff"[tm]* if I proceed...

* I paraphrase...


The “Scary Stuff” warnings are important because anyone competent will ignore them and anyone not competent will be scared away. As they should be, because potential for abuse here is rife.

It works.


Every time a banned developer makes the front page of HN, it turned out that the company had hired a contractor or employee who had been previously banned for malware.


So the algorithm decides that an app you wrote was "malware" by some arbitrary bullshit screening process.

Now you've lost your job and you're banned for life from making android apps?

SOUNDS UTTERLY FANTASTIC! (actually sounds totally evil)


While true, no store has the ability to prevent other stores from opening in the same city either

Your comparison of Google Play being like a normal store, would then make Android the town the store is in.

Would your position be that Walmart should be allowed to pay off the town to prevent Kroger from opening?


Like any other app not from the play store Google Play allows you to install other app marketplaces. You just got a warning the first time you install the alternative store.

It's just incredibly hard and not worth it to start an alternative legit store unless you are huge with something that customers really want and that is not available somewhere else. (ie: Epic Games with the Epic Store for Fortnite)


>>It's just incredibly hard and not worth it to start an alternative legit store unless you are huge

Even amazon failed at this, so it is not just incredibly hard, the road blokes Google puts in place for people wanting to create another store is defacto impossible. Further they they are more extreme then what Microsoft did in the 1990's with IE that caused an AntiTrust violation and they were forced to easily allow other browsers and allow them to be changed as the default

I am not sure why Google can get way with what they do, even less sure how Apple gets away with it


Guessing tech companies learned their lesson in the 90s and started sending lobbyist to Washington.


In that case Apple fits in your example, not Google, as they don't prevent you to install any other store.


This also makes me think that it's just too dangerous to use your long-time personal account to host Chrome extensions or Android apps that you financially depend on. The account for that should do absolutely nothing else, to have the minimum risk of it being arbitrarily shut down for something unrelated.


This also means e.g. ensuring that their recovery email address and phone number are separate, as Google has in the past linked accounts via them and shut down all linked accounts.


If you set up shell corporations appropriately, there's no problem. Only individual people have trouble.


Agreed. The parent description makes me think of how people used to talk about "justice" before. It was at the whim of others, and only the powerful had certain access to it. But at some point, we nationalized the carriage of justice, and so we could all come to depend on it (on both the giving and receiving end)

I hope we get to the point where something in the commons (government or whatever), can offer comparable assurances about digital things that are becoming critical infrastructure in our lives


I fully support your sentiment, but you're not in opposition with the grandparent you're referring to. He didn't say that that's what he'd like Google to be (ultimately unreliable). He said that that's what it is, which is true. We should demand and expect more, but until the demands are met, well, they're not met. Nit pick.


ah good point, thx :)


As noted many, many times. Their walled garden, their rules. If we accept their edicts on speech, acceptable behavior, etc and accept that they can - and will - eject anyone without review, appeal, or even acknowledgement, we need to celebrate our internet overlords and definitely not say anything that might irritate them or get us reported by others we irritate.

Welcome to the new old world. :(


Ideally we'd ban a company from making both hardware, operating systems, and app stores. Walled garden ecosystems should be totally illegal.


>I have a business that relies on a Chrome extension to be on their web store

No, you should operate on the basis that google can stop doing business with you for anytime for any reason and make plan accordingly.


I'm not involved in anything like that but to me that just sounds like a business risk you have to take when making money off of the google store.


> No! We need to demand more from Google

If there is any need, it is from your government (wherever it is) to go break the Google self-supporting monopolies.

You can try to demand that a private company offers you high quality service for free, but I wouldn't recommend wasting your time. Alternatively, you can try to use other services, but again, those multiple self-reinforcing monopolies are an issue.


Hey, I too run a business that requires an extension. There are ways to distribute that don't include the chrome webstore, and ways to run them that don't include chrome(like chromium and kiwi on Android). It actually even increases conversion rates in some cases not using their walled garden.


If your extension even gets flagged, they will disable it or uninstall it from all browsers automatically. And it will not return to normal automatically.


Actually I'm wondering if you can use the GDPR for this. It gives you the right to ask for a copy of your data. This counts for places where you don't have an explicit account so presumably o could get a copy of all data from my account even if I lose access?


Probably, but depending on that rather than making regular backups is a bit mad. https://takeout.google.com/ even lets you schedule regular archiving.


If you have 100GB+ with Google, takeout doesn't work. Either you have to manually download files 2GB at a time reauthenticating each time, or try a 50GB download the times out on the server side as gets cancelled with auth error. There's no way to but a physical backup or run a long running process to fetch your data reliably over the course of the week.

It might work if you get an GCE VM and crossload your Google takeout to cloud storage and then download using cloud storage APIs.


Looking at the choices on that takeout page, I realized that there were a number of Google services I didn't event know about: "Google Arts & Culture", "Crisis User Reports", "Handsfree", "Textcube".


>I operate on the realization that google will one day arbitrarily destroy my gmail account for absolutely no reason. At any time. Because. Due to reasons. Those reasons which include the knowledge I will likely never have anything clearly explained. Reasons I cannot appeal. At all.

This sounds very much like the old-world Christian conception of "acts of God" re: natural disasters and the like.

The Catholic Church has the concept of saints, highly placed people that intercede with God on behalf of common people. For dealing with Google, modern people petition "influencers"


The idea is old but not exactly old-world: I wouldn't be surprised to find the phrase in some insurance policies even today for example. But the whole concept of chalking things up to a God is interesting -- basically whether you believe in a God or not, it's a stand-in for anything that exists apart from us, wasn't created by us, certainly doesn't exist FOR us or do our bidding, and might do things with indifference to us that either help or hurt us. Pretty good antidote to hubris if you asked me. But yeah that does happen to be a pretty good description of Google for most people, not to mention something like COVID-19.


I operate on the realization that google will one day arbitrarily destroy my gmail account for absolutely no reason. At any time. Because. Due to reasons. Those reasons which include the knowledge I will likely never have anything clearly explained. Reasons I cannot appeal. At all.

You're dead right. So now, in addition to trying to exercise every day, and unpack another box from moving every day, I'm committing to moving one account email to Fastmail every day.

Famous people have lost content on google and youtube. Blocked emails. Lost videos. etc etc. I'm a nobody. If famous, "important" people have their accounts "accidentally" deleted

There have been far too many incidents where people who become virally infamous immediately have their accounts blocked or deleted mysteriously, followed by having them restored with no explanation. This indicates that Google/YouTube employs people who will arbitrarily abuse their power in the control of these valuable and highly private information resources, over whom Google/YouTube has too little actual control of oversight.


When you have something from the government like an ID card. They can't just turn it off. You have due process rights and right to appeal them turning off your ID card, etc. With private companies you don't have that. That's the danger of privatization of everything, due process rights go out the window.

Downvotable Material: There's a certain billionaire who wants to privatize the right to travel through a certain "passport" he's advocating. Will they just be able to turn you off and there will only be non-existent or unresponsive customer service that will just tell you that there are "reasons" why you're not in the system any more and they are a private company and can do whatever they want and buying their product is optional, when it really isn't. Hopefully, if this ever comes to pass, there will be extensive regulatory legislation like the Fair Credit Reporting Act to keep this sort of thing subject to due process and transparency. The global nature of this "passport" means that when in foreign countries with weak judicial systems they might still be able to arbitrarily terminate your account.


> This is what free gmail means to me. Same goes for youtube

I would add (free) Github to that list.


If you've cloned your repos you've already got your most important data (except issues, wiki, and releases, which may be unused or non-critical).


GitHub wikis are repos, too, so they’re trivial to clone.


For those wondering how: just replace .git suffix with .wiki.git suffix to the repository URI and you can access the Wiki (assuming it is enabled for the given repo)


Releases use the git tag system so you might lose the release notes or build artifacts but you at least can rebuild


Only Github has a MUCH better track record than Google on these matters.


Unless you live in a place like Iran or Crimea.


That one isn't Github's "fault", though. That's going to happen if you use any service incorporated in the US.


Why is that? Is private business obligated to follow host country's foreign policy? My instinct is to hold the business responsible for these decisions.


Yes, a private business is obligated to follow the laws of any country where they hold assets that can be seized by the police of that country.


Censorship is a law in US now? Or, are you saying that it's law to follow its foreign policy? In that case you sure have a round-about way of saying that.


The Trading with the Enemy Act empowers the Office of Foreign Asset Control to come down very hard (million-dollar fines and years of jail time) on anyone dealing with a sanctioned nation (N.Korea, Iran, Cuba) or anyone on the list of Specially Designated Persons and Nationals. This is absolutely the law, yes.


The accounts were closed because they were business accounts from sanctioned countries? I didn't realise that. I had misunderstood that Github was enforcing the said countries' censorship.


Sometimes, yes. If the host's country's government applies sanctions to your country, they may have to stop allowing you to use their services.


Most of us don’t.


My point is that it sucks to discriminate against people just based on where they live. One day you're in Sevastopol working remotely for some company that uses GitHub. The next day some politicians decided your in a "bad" place and your permanently banned. It sucks, and hopefully it won't happen to you or me, but it totally could.


You act like this is arbitrary. "Politicians" with radically opposed worldviews, and from multiple countries, have endorsed this policy, including all recent presidents.

If you live in Iran, not having GitHub is a problem, but not your biggest one.


These are international government sanctions - the companies cannot choose to ignore them without severe consequences.


Sure, but that's a consequence of international war.

The war (and the warmongers) is your main problem. The rest are a large pile of details. When the tanks roll in I'm not worried about my GitHub issues.


This comment, perhaps unintentionally, does imply that the people in those countries deserve less, are less than, us. That's a morally reprehensible position to take, imo. Is that your position? Are you aware of that implication behind your comment?


No, the comment implies that risks that only apply to people in two countries don't apply to people not in those countries. This doesn't in any way suggest they deserve less or that their risk is morally irrelevant. Simply that the risk to them is not something I need to factor into the risk assessment of my own account.


Are they still? I’ve certainly noticed in other areas (like tech support) they’ve gone from “hungry startup” to “division of mega corporation”.


GitHub is also much newer. Microsoft, its parent company, isn’t all that better as well.

I think there were OneDrive-triggered killing spree at some point when they made backup to it more or less silent and offended by what people were “uploading to website”


It seems like a pretty safe default policy for any service you get for free, or where the company is under no contractual obligation to you to do, well, pretty much anything.


Has anyone done a social science research study to estimate the chances of losing a Google account?

This is an important number. 1% annual chance? bad deal. 0.01% annual chance? Maybe worth the risk. 0.0001%? Sure, I'm more likely to get hit by lightning.


I lost one of my (two) Google accounts. Still had username/password, but IIRC, they demanded text confirmation from a phone I no longer had. Tried absolutely everything, but they wouldn't budge.

Not sure how to judge the annual risk, but there seem to be a lot of other stories like this.

I prefer to think of it in terms of "nines" of reliability. My account was "up" pretty continuously for maybe eight years. It's been "down" continuously for four years plus the next thirty-plus that I might need it. So, a total downtime of 0.81. Being charitable, I'll call that one "nine".

Nowhere in tech would that be considered acceptable.


Let's go even more general: I would be unable to download PlayStore apps without violating the EULA. Did you know my apartment building's washing machines are literally inoperable without an app? For every app, you need access to the app-store platform. I wouldn't care so much if it's optional. However, we are at the point where we can't use basic household appliances without apps...


> I wouldn't care so much if it's optional.

This is exactly the argument that android/ios apps, google accounts etc, is it optional or not. I couldn't go to the gym where I paid in advance because I didn't have supported phone (latest android or ios). You'll always have a choice right, now it's the choice to wash your clothes by hand. Who knows next time you might not get an apartment without a gov approved android/ios app on your phone, it's a brave good old world again.


This actually happened to me recently with hotmail. The forced migration to outlook just deleted everything, with no explanation.


This is why I pay a small amount to Google every year for my email account. Why not? Might as well be the customer instead of the product.


> This is why I pay a small amount to Google every year for my email account

Q: Wouldn't it be better to pay a small amount to $anyoneOtherThanGoogle ?


you are definitely both


Depends on if he's talking about GSuite or Google One. The GSuite terms of service and privacy policy are quite different from the Google One ones.


I lost mine a few years ago, since then Google is an absolute no go for me.

Had it for a few years back then and never did anything bad or oblique with it, just used it as my secondary email account and also for deploying a small, harmless Chrome extension to the Chrome store.

So one day my wife bought a tablet and also registered a mandatory account. 1-2 days later my and her Google account was terminated. I mailed support and they told me they couldn't tell me the reason for terminating both accounts. No kidding. Tablet suddenly obsolete. All my emails gone.

Since then Google is a big red flag for me.

Addendum to clarify: They said they won't tell me the reason for terminating my account. I'm sure they could have told me if they wanted to.


Same here. I contacted customer support and the system said they would reach out to me. This was 2 years ago.


eBay did this to me.


Reddit did it to me - any new account I create from my IP gets auto-banned.


I wonder what would happen if Apple would ban my account. My iDevices will become useless bricks?


Yep. It's near impossible.

Somebody (presumed ex- or current-employee) took handful of iOS devices from our office a few months ago. Changed the password to the Apple ID, added 2FA phone number.

The account isn't even deleted, and we can't get back into it.

We have a dozen other devices logged into that Apple ID, all prompting for the password. You cannot install updates, you cannot roll back, you cannot log out, you cannot factory reset.

Apple have been no help at all.

The devices we have that are logged into this account are bricks. Apparently if we have original proof of purchase, we can take them into an Apple store and have it reset. But a lot of our devices are older or were acquired refurb/used - they're used as testing devices.

The accounts are locked, they just won't help us get back in, we've tried several times and channels. We've offered to do anything, sign anything, they won't do it. I once went through password/2FA recovery with an Amazon AWS account, and it really wasn't that painless (sign some legal paperwork, show a bunch of documents).

We are an unknown startup, but we have generated millions of dollars for Apple over the past decade in App Store cuts. If we can't get back in, I don't know how it'd go for grandma's iPhone.


> If we can't get back in, I don't know how it'd go for grandma's iPhone.

I can tell you about grandpa's iPad. We couldn't find the proof of purchase after he locked his iCloud account (memory isn't great at that age). It's now a paperweight.

The lesson is to keep the receipt.


I would say the lesson is call your congressman and pass some laws.

Landlords in the USA can't kick people out instantly AFAIK. Banks I'm guessing have regulations that prevent then closing your account and throwing your money in the trash. I'm pretty sure the electric company can't shut off your electricity on a whim.

People are dependent on Google and Apple and their devices and services to similar levels. email and messaging services are similar to phone service which is regulated. Apple and Google both provide payment services (Apple Pay, Google Pay) so are providing some of the services a bank offers.

Sure they should be able to close problem accounts at some point but IMO they can't just walk away from responsibility based on a one sided TOS.


Many of those laws you speak of were created in a different era. The last 2 decades have been the time of increased corporate power and reduced individual power. Citizens United, for one.


> I'm pretty sure the electric company can't shut off your electricity on a whim.

They can absolutely can, albeit by mistake.But it's not comparable to googles and apples, since you get your electricity back just by calling them.


Good idea, but the lesson there would likely be that the $ trillion corporation owns the politicians, or would have more representation than average person, so recourse through that path is out as well.


So are you going to be voting for Joe Biden or Donald Trump?


Neither... maybe Biden simply to shakeup and push further towards an "accelerationist" change of the system (because he won't improve things either).

I voted for Trump in '16 to increase manufacturing, close the trade deficit in the midwest, and end neocon wars in the middle east (I fought in Iraq and Afghanistan).

I also support restricting immigration, though I know that's controversial around here. In any case, Trump has failed miserably on all counts. He's more concerned with the stock market than almost anything else, and has stacked his administration with neocon retreads, not pulled troops out etc.

Unless and until some sort of massive restructuring of our political and monetary system, the whole thing will continue to be controlled by banking and finance. No party serves my interests (a more nationalistic economic and industrial policy, and a more socialistic yet conservative social/cultural policy). We have left wing social culture, and market/finance dominated economic policy. Worst combination in my opinion.


Actual lesson: don't buy Apple devices.

I'm sure a tablet running LineageOS or something similar would serve grandpa just fine, and you'd never have to worry about losing access.


Can you give an example of a currently produced tablet someone could buy new and install LineageOS on?


I checked the website, a Lenovo and two Samsungs are listed as supported and not discontinued.


Would be worth it to take them to small claims court.


Not sure if you have tried, but iTunes allows one to do a Device Firmware Update (DFU) of any Apple device with an IPSW file (basically ios firmware) practically making them a brand new device.

Although it is a bit of an overkill, because technically you would be overwriting the iOS firmware with a stock one. It does help. I had to use it on my aging iPad 2, a couple of times and haven't face any issues thus far.

Here's a couple of links that could help: https://osxdaily.com/2010/11/23/how-to-use-ipsw-files/ https://osxdaily.com/tag/ipsw/ https://support.apple.com/en-in/HT201263 https://help.ifixit.com/article/108-dfu-restore


This sounds like a feature to me.


At least you can chat with someone, call someone, email someone at Apple Support very easily.


Yes, as long as you have a copy of the receipts, they'll help you to recover your devices.


I lost an Apple device once (several years ago) in a public place. A couple of days later I got a customer service mail from Apple asking for feedback on a recovery service for the device. So clearly whoever found my device was able to get it unlocked by Apple, or at least get it reset by them to the point they could use it.

That was a disappointing experience. Mailed Apple, but no reply. Fortunately not much personal data on the device. Hopefully things are stricter now.


Although this points to how it's always something of a tradeoff. Absolutely require people to have certain specific information and those who don't have it are pretty much SOL. Perhaps you can make exceptions that require showing up somewhere and present physical ID. But the easier you make it to tell a sob story over the phone/email to get an exception to policy, the easier you make it for unauthorized people to take advantage.


What tablet mandates a Google account? I thought you could always go without, even on stock Android.


Those were cheap tablets from Aldi / Medion one could buy in Germany back then and they required a mandatory Google account to use them. Can't remember their name; they cost about 150 Euros back then.


Then it was covered by the warranty so you could get your money back, at least.


Yes, sure - but this wasn't my main issue.

I found it unapologetic to get my account, which I then have used for years, cancelled without any explanation or sign of wrongdoing.

But what should I say. I didn't pay for it so it was well within Googles rights and discretion. At least this made me aware that such behaviour exists.


that was forced on some cheap androids between version 3 and 4.

after 4.4 they dialled it back to instead of required now they only apply some seven dark patterns to try to trick users into thinking it is mandatory.

same effect to most users, zero regulatory consequences


> I'm sure they could have told me if they wanted to.

Low level random tech-support? Probably not.


I guess you're right, but I find it ridiculous anyways to get an account cancelled without further information or dispute.


the tablet part makes no sense, you can always create new Google account or just use tablet without google account, installing apps through aurora store or apkmirror would be minor annoyance though


After you sign into an Android device with a Google account then factory reset it, you have to sign in with the same account before you can use a new account. It's an anti theft precaution.


AIUI that's only if you "factory reset" from outside the installed OS. You can explicitly remove the existing account from your device, and I think the OS-level "factory reset" function actually does this for you.


you can almost always bypass FRP, need more information on tablet model and Android version


What we really need is the ability to "release" it from the old account. Imagine selling a device and the new owner demanding your password...


Sorry if you don't believe it, but I tell the truth here. No need to make things up. The tablet required one to have a Google account connected in order to use it, plain and simple.


you can always skip adding Google account


A funny one: I am locked out of a former Gmail that forwards every email to my currently active address. This "forward everything" is not throughout IMAP/Pop but some Gmail feature.

One day I couldn't login anymore to the old account (maybe I typed the wrong password 3 times or maybe it was deemed inactive because I would never login?)

I try the recovery process once in a while with everything (code by SMS, code by recovery email, etc). Never works.

But I still receive every email sent to that account through the "forward everything" setup from XX years ago.


NB forwarding does NOT include "spam" email... i have all my Gmail accounts funnel into one and i check the spam buckets of all, every 4 weeks (otherwise Google turfs em). i usually find a few (rather important) false positives in that monthly sweep.

Further note that gMail filters at every step, eg this includes a downstream "archive" account. So there are false positives coming from a "known" [single source] good account and of already vetted emails...

i do wish there was a way to forward everything ... where everything meant everything ... filtering optional.


You can do this by setting up a filter that matches all messages that don’t contain something like “thisrandomstringwillneveroccurinthewild”. You can have the filter forward the message AND day “never send to spam”.


He cannot change the filter on an account he has no access to.


You can fix this by adding a filter called "is:spam" that has the "never send to spam" option checked.

See https://cmetcalfe.ca/blog/forwarding-spam-with-gmail.html


He cannot fix anything because he can't login to the account.


Ha I'm in the same boat as well. Locked out of my first ever Gmail account and thank the stars that I had this forward everything set up.

Every few months, I try the recovery process again to no avail. "Sign-in with Google" is very convenient so it'll be a pain to move to proton + outlook but c'est la vie


Are you me? I also don't have access to my first Google account but it forwards all of its emails to my current one.

I can confirm it works as well since someone sometimes fat fingers whatever email address they use for car repair and I get the invoice for it due to Google not respecting the dots in the email address.

My master plan is to get hired at gmail just so I can click the admin reset password button and get access to that account directly so I can finally see the very first emails I ever received.


Similar thing happened to me. Lost access to a perfectly set-up forwarding account. The account recovery process is impossible because I nolonger have the same phone number from 10 years ago.


Hey me too! Changed my phone number like 12-14 years ago so can no longer access the account.

And same as everyone else, already had forwarding in place so it's just kind of... there in an uncomfortable limbo. I don't really use it for much so it's not a big loss but it would be nice to resolve one way or another.


I stopped using "Sign in with Google" about a year ago and moved to storing all my passwords in my Firefox account and in Bitwarden (and sometimes in iCloud for good measure).

I never use Google to login anywhere anymore. I create an email and an (autogenerated secure) password everywhere. If they don't see fit to support this, they don't get my business.

Then I just let Bitwarden/Firefox take care of everything. Logins, etc. I have 500? passwords stored. Don't know any of them. I prefer it this way.


The same thing happened to me, I happened to notice and set up the forwarding the day I lost access to the account. I feel pretty lucky for that, it made leaving much easier.


I wouldn't be surprised if forwarding is a "This account is compromised" indicator and is unintentionally short circuiting and causing accounts to be locked out.


That makes sense in my scenario... im in this scenario, but if true, that just means the owner loses the account and the alleged infiltrator(s) keep the forwarding.


Similar thing happened to me.

I've got an old gmail address with pop3 enabled that my main gmail account pulls emails out of. Hadn't logged into the old address in a couple years because everything was working. One day I decided to rotate all of my passwords, got to that old gmail account and it refused to let me log in and wouldn't say why.

"No big deal" I thought, I use a password manager, have all historical passwords, have the 2fa device, same phone number, same address, I have access to the recovery email address, and pop3 still works so I know I have the current credentials. I'll just reset the password.

Nope, wrong. Even though I have every possible form of identification the account will not let me log in via the web interface and will not let me reset the password. I get stuck in a loop that eventually ends with "Thanks for verifying your email. Google couldn't verify that example@gmail.com belongs to you."

The pop3 functionality still works, but the password can never be reset and the web interface can never be logged into. I suppose this will continue until the day google decides to ax pop3 and imap, no doubt accompanied by a blog post with comments disabled explaining it's for our own good, at which point that address will be lost to the sands of time.


Thanks for that anecdote. I was planning on using the lockdown home office situation to finally buy some domain and set up my own email server.

I wasn't sure whether I should set up forwarding on my Gmail account or have the server fetch mail from it regularly. Was leaning towards the second option but I think now it's settled which option to choose.

Edit: Ok there's one more stupid scenario. Let's assume I do lose access to the Gmail account but forwarding still works. Now I'm in an accident and stay at a hospital and totally forget to pay the renewal fee for my domain. Boom, some domain squatter gets all my mails. Actually, that would even apply without Gmail in the mix. Sure I'd set up automatic payment for renewal but still, can I be a little paranoid here? ;-)


Choose a domain that accepts 10 year renewals, and extend by one year every year.

If you're in a 9/10 year coma, you probably don't care about your email any more.


You can even automate that, for up to 100 total years of domain ownership, if you are willing to deal with Network Solutions.

They offer terms of 20 years and 100 years, which are longer than the standard maximum 10 years. The way it is implemented is that they register the domain for you for the maximum allowed time (10 years for most TLDs), and then each year the extend it by a year keeping the expiration as far out as allowed for that TLD.

I looked at this a while ago, when contemplating moving my domain in .net from there to Namecheap (where I already had a .us domain), because they gave a big enough discount on 100 years that it brought the price per year to $9.99, which is pretty good for a .net.

Then I realized that even if I lived long enough to become the oldest living human I'd still only get about halfway through the 100 years making the cost per year effectively $20, which is a crappy price for .net.

Now it is even worse. They have doubled the price for 100 years, making it a crappy deal. Even if annual .net renewal went up 10% a year, it would take 29 years before you would have been better off going with 100 year NS over year to year Namecheap. (They NS 20 year plan would be better off after 16 years).

At 5% annual increase, NS 20 is about the same cost as Namecheap, and NS 100 beats Namecheap after 44 years.

(This is all assuming that in the Namecheap case the money that would have been spent upgrade on NS 20 or NS 100 is just sitting around. If you assume it is invested in some safe long term investment, NS 100 and to a lesser extent NS 20 makes even less sense. Also there is the risk that at some point NS will no longer be around and their demise happens in a way that kills these long term registration programs).


If your payment method can be auto charged each year, and is paid for out of something like investment income, your domain is essentially perpetual (I do this).


The domain might be but the infrastructure likely won't be.


Infra can be replaced, online identity (email, etc) not so easily. I wish I could pay the Internet Archive to host my email!


"Thanks for that anecdote. I was planning on using the lockdown home office situation to finally buy some domain and set up my own email server."

Don't do this. Buy an email with a domain that offers email. e.g. gandi.net or infomaniak.com They do have phone numbers if things go wrong. Hosting your email is easy. Having you emails delivered and not blocked is an art.


This also happened to me. I have a second email address I set up and set all forwarding to another Gmail. I've lost the password to the second account, but still receive all of the messages. it's not that I need to get into the account or use that email address. mostly I just want to make sure it's secure and nobody else can get into it.

Who knows... maybe someone else recovered it that he's using it as their primary address and I'm just getting copies of all their messages?


What troubles me about this is how casually we've moved everything to e-mail, on the assumption that everybody can get a "free" e-mail account, even tho the account isn't actually "free" and can be taken away from you without you doing much of anything wrong.

Very similar to how a phone-sim has kinda become the de-facto digital ID of most people.

In the long term, where does that leave people who can't afford a mobile phone/a paid e-mail account?

This is already somewhat of an issue with certain digital services that won't accept e-mail accounts from free providers that are too abused for spam.

What happens to the people who can't afford a paid e-mail account when billing and so many other services are moving to digital heavily depending on the availability of e-mail?

In contrast to that, I don't have to pay a monthly fee to have a physical mailbox at my door, but that won't get me far with most digital services.


> In contrast to that, I don't have to pay a monthly fee to have a physical mailbox at my door

Sure you do: it's either rent or city taxes. The fact that the mailbox comes bundled shouldn't blind you to the reality that you (1) do pay for it, and (2) many people lose access to that address due to inability to keep paying, and it heavily harms them.

An email address is comparatively way more easy to maintain, even with the occasional Gmail account closure (which are rare).


This is the correct answer.

My patient base includes a fairly large homeless cohort. They maintain email addresses; some of them maintain phones. But a physical mailing address is basically unattainable.


> What troubles me about this is how casually we've moved everything to e-mail, on the assumption that everybody can get a "free" e-mail account, even tho the account isn't actually "free" and can be taken away from you without you doing much of anything wrong.

As far as standards go, E-Mail is pretty much one of the more, if not most, open ones out there. You can easily host your own server. The RFCs are free to read and there are many open source solutions doing the hard work for you. Sure, there are problems with spam defenses and acceptance from residential IPs, but overall it's one of the few meshed standards left. And it's nearly impossible to get it any more free; after all, there are many privacy-focused GMail alternatives (i.e. Protonmail) which work just as well.

And let's be honest - if we'd be replacing mails, we wouldn't get something better. It would be more like "login via Google/Facebook". I'm really happy E-Mail is still alive.


This is also very problematic for people who disagree with the terms of free email providers (like you already mentioned ""free" isn't really free"). Of course, if one is in financial trouble, then they probably have larger problems but it's still worrying to me how privacy is becoming a luxury good instead of the default.

It should be seen as a "hidden cost" to any digital service that requires an email address (either monetary for a trustworthy enough email account or in the form of privacy).

As an aside, this sort of forcing people into using digital services with terms they don't agree with has become widespread during the pandemic and it kinda makes me angry how no one is thinking about any of this.


I'd like to think the reason developers/companies require you have an email address is simply because the availability of free email has been a thing for 20 years. If that changes sometime in the future, I'm sure companies will rethink their sign-up flows to allow other forms of [free] communication to be used.

> What happens to the people who can't afford a paid e-mail account when billing and so many other services are moving to digital heavily depending on the availability of e-mail?

Unless things change a lot, any company that wants the general public's business will accept free email accounts.

The same goes for why every company already requires an email address at all - their target market is anyone with internet (excludes 10% +-1% [0] of the United States) that can create an account with Apple, Google, Yahoo, or Microsoft.

0: https://www.pewresearch.org/fact-tank/2019/04/22/some-americ...


This is very similar to bureaucracies assuming that everyone has a "permanent address". This is most definitely not true for folks who own property, and the overhead of updating changes on the bureaucratic database can be exhausting. Further, homeless people are largely illegible in this setup. As a society we don't seem to give enough of a damn about these issues.

Email addresses are just the internet avatar of the problem.


I'm merely curious, did you intend to use the word ineligible, or am I just not correctly parsing your use of the word illegible?


It might be a reference to "seeing like a state", in which the author broadens the word "legible" to mean "readable by the state".

For example, a nice organised tree farm, where you chop down trees on 1/30 of the land each year, and loop around every 30 years has nice clear inputs and outputs, and is easier to assess than a old growth forest in which the local village has rights to some wood, but no one really measures what they cut or anything.

Under this meaning of the word, homeless people are invisible, or illegible to the state, as they don't have a fixed address.


This happened to me. I managed to log in to my childhood Email account (or rather, have it recreated since my dad owned the domain) and open the link from a password recovery email and google still refused to let me in even though I had been logged in on the same computer just minutes ago.

So because their authentication used some stupid heuristic combined with the “no reusing old passwords” thing I was forcibly deplatformed. I’m not making another account, I already wasn’t happy with google and that was enough to make me give them up.


What do you use now?


You can self-host. Don't use cheap VPS providers, spammers like cheap VPS too. I can't give US specific advice, but in EU business Internet connection with static IP is good enough. If your finances allow, reputable colocation provider is good way to go. Now you can make your own little digital home; file storage, mail, homepage and so on. That is worked for me over 15 years, over 5 ISP-s. Additional bonus: instead well known "+" trick in gmail address you can make real throwaway addresses.


Unfortunately, this may not be enough. I used to self-host, and ended up moving to Fastmail because of deliverability problems to GMail. This was on a physical server hosted at a reputable colo in San Jose. Nobody could ever figure out why I'd often end up in the Spam folder. Not the HN commentariat, not even my SRE friends at Google.

Honestly, it's a huge relief. Self-hosting has gotten much more complicated over the years. It's very nice to know that there's a round-the-clock staff of professionals taking care of security, deliverability, and fighting spam. And software upgrades, of course!


> Nobody could ever figure out why I'd often end up in the Spam folder. Not the HN commentariat, not even my SRE friends at Google.

I had this exact same problem 3ish years ago and bailed out to Fastmail for the same reason. The thing that made me throw in the towel completely was what I found out from someone who looked into it for me after I shook the tree of my professional and social contacts. This person was involved in Gmail but not directly in anti-spam, but told me that my domain had "limited reputation."

That domain, which predates the existence of Google by at least a year, had been hosted on the same IP address (IPv4 and IPv6) for almost a decade, with the same MX, A, and PTR records for the entire time. Nothing at all changed about how that domain was configured. Yet it was intermittently being flagged as "limited reputation" and either dumped in the spam folder or simply accepted for delivery and silently dropped.

I took that domain and moved it to Fastmail 3 years and 3 months ago--I know the exact date because I paid for three years of e-mail service at the time and recently renewed it--and haven't had a problem since because, unlike my single-server operation that used to be considered an equal peer on the Internet but not any more, Fastmail has enough pull and reputation to not have messages from its subscribers blocked by other e-mail hosts.


That makes total sense to me, and my situation was similar. I have often suspected that the problem was just that my mail volume was too low. Which totally fits with my impression of Google as being entirely ok with bad outcome for individuals as long as the percentage is low enough: https://news.ycombinator.com/item?id=23059071


It is notoriously impossible to host your own email. Large email providers have created an oligopoly of email "quality" acceptance, and there's effectively no way to get your deliverability to a reasonable rate unless you use one of them.

I don't think it's necessarily malicious in nature - more the product of spam filtering.

I wonder if email authentication methods like DKIM/SPF/etc.. help this problem these days.


So, You point out that gmail was opaque and unpredictable in thread about google being dangerous? Seems fitting. Sadly, that is on google, you aren't really safe anywhere, if gmail is involved. You think that using big provider protects you, but in reality some people are complaining about spam marking issues even gmail to gmail communication.


+1 for self-hosting. Doing that for nearly 10 years now, by far the most difficult part is setting up a mail server, but after that you can put on your resume that you know how to configure Postfix (which I am quite certain is one of the most difficult Linux server applications to configure). Backups, webmail, file storage, calendar etc. are quite easy to set up.


Postfix has flexible configuration system with many knobs. I would say though, that official documentation is nice and detailed. Last time I checked Debian defaults looked pretty good, so you don't need fiddle too much to get reasonably useful and secure setup.


OpenSMTPd is much easier to configure, IMO.


It’s still a pin but yes, way easier than postfix. You can completely and fairly easily understand how to write the confine yourself.


Postfix is actually quite easy to configure. Exim is what you're thinking of.


Try configuring Asterisk.


I saw migadu in a recent thread on HN and am now a paying customer. But even the free tier is impressive (unlimited domains!) and support is human & very quick so it won't delete your account for non-payment (looking at you mailbox.org)


> (looking at you mailbox.org)

It's been few years. I am on Mailbox's 12 Euro/year plan which has "forum" only support (I am not sure it changed after I became a customer). My emails suddenly stopped working once and I received email response after a week (which just had an irrelevant link). I had reset the mail setup by then after backing up email from local client. I replied to the email asking what went wrong and never received a reply. They seem very aloof and high-handed about customer support if I may say so.

I am looking at moving my mail provider. I have stopped using @mailbox.org mail for online a/c signups etc (which I did a lot earlier) and have started removing it from wherever it is used already.

Is Migadu stable and been around? How's their service and privacy track record? Did you evaluate any other provider in Euro 12-20/year budget range? My email usage is extremely low volume.


Migadu fan here. They recently overhauled their admin interface and have updated the SPF/DKIM setup. Its $4/month and certainly good. They’re based in Swiss so GDPR compliant. Data stored in France though in a ISO/IEC 27001 compliant datacenter.

Their privacy policy is well written (I have read 100s if not thousands of them in grad school, I can tell you they’re not vague)

Support is human!!! It’s really good to know there’s a human on the other side.


The problem this article touches on is huge, because everybody who has a computer is affected and almost nobody takes the necessary precautions. Especially non-technical computer users can easily lose years worth of important data.

I've tried to set up contingency plans for the cases that I lose access to my:

- phone (which contains Google Authenticator with plenty of important logins; unfortunately some of my 2FA is still based on SMS)

- my laptop

- my Yubikey

- my wallet (with ids and a credit card)

due to theft, damage (house burns down) or simply loss.

Another under-appreciated risk: losing my memory (my master passwords are only in my mind - what happens if suffer a head injury and forget?)

Redundancy is one countermeasure: Have more than one bank account + stock portfolio, more than one credit card (servers might go down if a credit card is blocked) and physical devices (phone, laptop) in store to stay operational in case of an emergency.

Full machine backups + regular uploads "to the cloud" for raw data; occasional transfers to (multiple) external hard drives.

I don't think there is a way around a safe physical space with printed backup codes on it. Ideally not in the same house - maybe with a bank?

A list of instructions for numbers to call for account recovery or blocking. Which information will I have to provide?

In a similar vein: what happens to my data after I die? How would my (non-technical) family be able to access my pictures and writings? A digital inheritance would be prevented in my security set if I don't prepare.

This space is fascinating to explore, the zeros and ones people have stored on their devices are incredibly valuable to them and this treasure is poorly protected. Generally speaking: No backups, weak passwords, outdated software, old hard drives ... risks abound

Google surely has very capable security people, but right now my account there is the central vector of attack, most of my passwords can be reset through my email, a huge portion of my communication runs through Gmail, Whatsapp is backed up to my Drive, most of my pictures are on Google. It's probably a good idea to disentangle the situation a bit to be prepared for the case that Google's fortress gets breached one day.

Without compromising your security - I'd love to know how others approach their personal IT security challenges?


> Without compromising your security - I'd love to know how others approach their personal IT security challenges?

Most of my security is based on OpenPGP keys stored on a Yubikey. In case the first one is broken/lost I've got another one. If both are lost there is a master copy on an offline computer that can be used to provision more Yubikeys.

The key unlocks access to passwords stored in pass. Because pass is based on git and gpg can be used to access SSH then the same yubikey is used to pull/push changes to pass and read encrypted passwords. On both the laptop and the phone (Password Store).

Data on the computer is LUKS-encrypted, unlocked by the Yubikey. Full backup of my laptop's SSD is done via btrfs send/receive to a raid1 array of 3 disks (raid1c3) on a regular intervals. A small subset if very important data (documents) is also backed up via restic to S3 and Backblaze.

I try to "backup" as much of my work as possible by releasing it as open-source (where it's preserved by the Github etc.) or publishing it on a web-site (where it's preserved by archive.org).

> In a similar vein: what happens to my data after I die? How would my (non-technical) family be able to access my pictures and writings? A digital inheritance would be prevented in my security set if I don't prepare.

I've been thinking about this lately and maybe it's not a popular opinion but... would people really need your data when you die? I get access to photos (my SO has the PIN code) but everything else? Maybe this is just digital junk? Who would enjoy browsing terabytes of my data looking for... what exactly?


This sounds like my dream setup. Have you written about it somewhere in more detail or could you recommend some resources that you've used for implementing the solution?


Err, nope, this is a work-in-progress.

What are you especially interested in? Then I can provide you with details.

Some random links I used:

- https://btrfs.wiki.kernel.org/index.php/Incremental_Backup

- https://blog.eleven-labs.com/en/openpgp-secret-keys-yubikey-...

- enable touch-to-use so even malicious software cannot access your passwords: https://developers.yubico.com/PGP/Card_edit.html#_yubikey_4_...

- https://www.passwordstore.org/

- https://play.google.com/store/apps/details?id=dev.msfjarvis....

- https://aur.archlinux.org/packages/mkinitcpio-gnupg/ (I'm thinking on replacing this with PKCS#11, more keys to manage but PKCS#11 is supported natively with systemd so one less dependency).

Hmm... maybe I should really document that...


> Most of my security is based on OpenPGP keys stored on a Yubikey. In case the first one is broken/lost I've got another one. If both are lost there is a master copy on an offline computer that can be used to provision more Yubikeys.

- https://blog.eleven-labs.com/en/openpgp-secret-keys-yubikey-...

Sounds like a good start, I'm going to have to do much more reading on this, I use my YubiKey just as a browser 2nd factor for a few 2FA apps.

In general I'm not sure how the YubiKey stores keys and till now I had no idea you can backup YubiKey

> The key unlocks access to passwords stored in pass. Because pass is based on git and gpg can be used to access SSH then the same yubikey is used to pull/push changes to pass and read encrypted passwords. On both the laptop and the phone (Password Store).

I'm not sure about storing the master keychein file in Git, but the workflow sounds interesting (I didn't fully understand the paragraph though).

> Data on the computer is LUKS-encrypted, unlocked by the Yubikey. Full backup of my laptop's SSD is done via btrfs send/receive to a raid1 array of 3 disks (raid1c3) on a regular intervals. A small subset if very important data (documents) is also backed up via restic to S3 and Backblaze.

This is next level and not of immediate interest to me. I was looking at something simpler like: https://cryptomator.org/


> In general I'm not sure how the YubiKey stores keys and till now I had no idea you can backup YubiKey

Well, actually you can't. You can backup keys if you create them in software and then just copy then to YubiKeys instead of moving them there. If you do that in an offline computer there is no risk of any malware stealing your keys in mid-process: https://news.ycombinator.com/item?id=21701488

Setting up Yubikey and OpenPGP took me some time reading all resources on the net but once done this is just working without any hiccups.

> I'm not sure about storing the master keychein file in Git, but the workflow sounds interesting (I didn't fully understand the paragraph though).

If it's encrypted there is no much harm to be done here. The only leaking info is that by default pass uses filenames based on domain names so if you have credentials for news.ycombinator.com they'd be in "news.ycombinator.com.gpg" file. For me a private repo for this use case is OK.

Oh, there is a browser extension too: https://github.com/browserpass/browserpass-extension#browser...

> This is next level and not of immediate interest to me. I was looking at something simpler like: https://cryptomator.org/

Yep, I do store external disk passwords in pass too. Udiskie can use a decryption command so when I put something like this in the config: `password_prompt: ["pass", "devices/{id_uuid}"]` it will grab the password from password store. This has an added benefit that I won't forget the password (it's stored alongside all others) and it's always valid (it's checked on each boot by udiskie).


People would leave with a low opinion of me if they could see everything I have stored and read.

:( I have set my gmail to be destroyed if not used for 3 months.


I wonder if you push your Password Store to GitHub? Its encryption is based on RSA with around 128 bits of security with current keys. It's unclear if it's going to stand beyond 2 decades.

I might be paranoid but with clouds I would be more comfortable with AES-256. If RSA is a must, maybe RSA 7680.


For the record there are quite a few new algos in GPG, most notably ed25519. While RSA 7680 offers 192 bits of security [0] ed25519 on the other hand is offering 128 bits of security. GnuPG 2.3 will have ed448/goldilocks available [2] and that should offer 224 bits of security [3] so in theory it should be better than RSA 7680.

I don't mind putting my encrypted passwords in a private GitHub repo but I understand the concern.

[0]: https://crypto.stackexchange.com/q/8687

[1]: https://en.wikipedia.org/wiki/Curve25519

[2]: https://lists.gnupg.org/pipermail/gnupg-users/2020-March/063...

[3]: https://en.wikipedia.org/wiki/Curve448


> losing my memory (my master passwords are only in my mind - what happens if suffer a head injury and forget?)

Not just a head injury, this can easily happen if you find your keychain 10 or 20 years later. I don't think that there is a good solution to it. Maybe biometric data, but then again, I want to have a control over when my data is accessed and in many countries it's legal for law enforcement to make you use your finger or face..


> I don't think that there is a good solution to it.

There is. Put it on a piece of paper in a safe place.


How do you remember where you put the paper?


and fingers can easily be lost as well...

Maybe write down my master password and put it in a safe?


> Maybe write down my master password and put it in a safe?

Isn't this just moving the goalpost because what if you forget safe combination?


Physical safes don't lock things the way cryptography does. You can always get in, especially if you're the legitimate owner because that way you don't need to worry about doing it in secret and not making a lot of noise.


> what if you forget safe combination?

Safes with electronic locks typically have (backup) keys too, which you'd need to hide or put in another safe, in case the battery dies.


So, still moving goal posts?


Not sure how pointing out that a safe has multiple methods of entry is moving goalposts.

If you write down your master password and put it in a safe you own you can get in that safe wether by code, key, or destructive entry.


Yes, just like a master password.


For a bank safe, you might access the vault with your id and a key. But I see what you mean. It's not perfect.

If the Youtube videos I've seen are to be believed then many domestic safes can be broken rather quickly with the right tools,


Start by not using Google Authenticator. It's outdated and has security vulnerabilities allowing malicious apps to extract your code. And it's impossible to backup without a rooted device. Anything that supports "Google Authenticator" really means any TOTP app is supprted, so for example andOTP on Android may be a good choice. Or you can use Authy or 1Password if you trust them.


I had Google authenticator as 2FA.

Phone broke and I must have typo while doing a regular password change - now I have no way to again log into my account as i can't provide the 2FA and none of the other options work (providing old contact emails, phone code, backup email, ... All doesn't matter just because I don't have the authenticator).


thank you for the pointer to andOTP

- I need to migrate away from SMS based 2FA

- then away from Google Authenticator

- and probably also from LastPass to Bitwarden


https://getaegis.app/ This is great too on android https://twofactorauth.org/ Helps out finding how to set it up on certain sites


Digital inheritance would make for a fascinating SaaS company if anyone could figure out the solutions to this.


and closely related: the "digital graveyard", there's this Wired article of a guy who recorded his father and trained a voice model on his written communication [0]. A place to go if we want to be reminded of the voice, handwriting, face or attitude of a loved one. Faraway stone plates on crowded graveyards don't seem appealing to me in a world where families are often dispersed over the globe.

[0] https://www.wired.com/story/a-sons-race-to-give-his-dying-fa...


Tangentially, this reminds me a lot of an episode in Black Mirror:

https://en.m.wikipedia.org/wiki/Be_Right_Back


Well. Maybe we should first handle data ownership


something like aegis is much better than googles authenticator. you can backup your keys and store them somewhere secure (veracrypt or whatever) and it also lets you choose a custom icons which makes it a bit easier to see what is what at a glance


I would first write down the master passwords, and store them somewhere safe.

It does not have to be fort knox safe, enough if stored at a trusted place which has no direct relation with you (in my case it is my best friend I trust with my life)


The article seems only to focus on what happens if you lose your ways to authenticate, but another possibility is getting caught in some weird ban wave like spamming emotes on a youtube stream when the streamer asks you to (https://9to5google.com/2019/11/09/google-account-bans-youtub...) (most of these bans seem to have been reversed, but I don't know if that would have happened without the publicity that came from a popular youtuber calling out google for banning his fans ...)


It's still absurd to me that you can get a full account ban for anything, no matter how big or small. Why aren't these bans more fine-grained? Is it so difficult?


And why aren't they regulated by laws? This isn't a ban on some small forum. It's basically revoking your passport for the internet.


So what laws do you want the government to pass and do you trust government politicians to actual make intelligent laws regarding the internet?


What alternative do you propose?

Are you familiar with existing fair practices, consumer rights, and consumer protections acts?


Don’t use Google. Most third party sites that give you an option to use Google, Facebook, etc. also have the option of just creating an account on their site.

As far as email, create a domain name and use your own email address.

Free will is great isn’t it? Everything doesn’t require the nanny state to step in and solve all of your problems.


You're not thinking of the typical consumer, who won't have a clue about why using a proprietary service could be bad until the shit hits the fan.

It's all well and good for you - someone who's aware of the risks and issues - to say "just don't use Google/Facebook", but laws would protect the average person who just wants the quickest/easiest way to get an email account or to sign in to websites.

Also even if consumers were all highly educated in the pitfalls of Google etc., major websites still force you to use Google technologies whether you like it or not. Google Recaptcha is everywhere; eBay forces you to use it to sign in to your account. Are people now supposed "just don't use eBay" now as well?


So now we need laws instead of education? Are you also okay with Apple’s “walled garden” because it protects people?

Yes, if you don’t like the tradeoffs that eBay gives you - don’t use EBay. You can use Amazon, Facebook marketplace, Craigslist, etc. to sell and buy stuff.


I'd really like to see your data on the comparative efficacy of education vs. regulatory approaches.


I’m sure it would be much more efficient if we passed laws stripping everyone’s freedom of choice and entrust the government with enforcing “The One True Way”. What next? Have a centralized authority to guide the economy using “Five Year Plans”?


Interesting data.


How much data do you expect to have? If you want the government controlling every aspect of society that’s a tradeoff few people will make.



Solving a Recaptcha doesn't require a Google account.


Optional technologies or services are optional until they aren't.

Dependencies create defacto requirements with the alternative of severe disadvantageous if opting out.

Corporations answer to shareholders, creditors, business partners, and management long before they do individual users. Who, in the case of Google aren't even direct customers (advertisers are). Representative governments answer, however imperfectly, to the governed.

Email self-provisioning has significant hurdles for even technically-competent individuals let alone the general public.

Your suggested alternatives ignore the problem and create more.


Optional technologies or services are optional until they aren't.

So now we are going to go down the whole “Minority Report* rabbithole and make laws just in case? You don’t tie your login infrastructure with Google, you use Oauth 2 and plugin any third party you wish.

Representative governments answer, however imperfectly, to the governed.

How well is that working out in the US between gerrymandering, the electoral vote having an opposite outcome than the popular vote, and how it is almost impossible to get rid of an incumbent?

Email self-provisioning has significant hurdles for even technically-competent individuals let alone the general public.

I didn’t say set up your own email server. I said create your own domain. You can create your own domain with your own email address with a few clicks on Godaddy. If you don’t like GoDaddy, there a dozens on other places that will transfer your MX record to them and you keep your own email address.


Depending on your jurisdiction, there are numerous laws and regulations governing private busines-individual services and relationships, including those concening employment, housing, transport, communications, lending, banking, data services, healthcare, barber and cosmetologist services, food, drink, lodging, gambling, theatre, insurance, brokerage servises, funeral and burial services,and others.

Regulations serve to create a common and uniform floor of service levels.

The problem with a strictly voluntaryist, free-market, laissez-faire approach is that it tends strongly to a Gresham's law "bad terms drive out good" race-to-the-bottm dynamic, particularly unfortunate when there is but one monopoly provider on the market.

This occurs well before reaching the far end of the slippery slope on which you seem to be perched.

Several of my earlier comments have been badly misapprehended, I'll not belabour them though I'll note the fact.


Gresham's law doesn't work in strictly free market economy. By definition, debased coins will drive out regular coins only if you force the acceptance of both coins at face value. It only works under legal tender laws.

If people read the conditions of the free google account they realize that the service can be terminated at any time for any reason without warning, and there's absolutely nothing there about any corrective mechanisms.

Contrast this with terms of [especially national] domain name ownership.

Anyway, given the number of people who will give their data to such a service under such conditions, you may well be right that some regulation would be useful, especially around getting your data out in some short time period after account termination. (But only to holders of the valid authentication credentials.) Forced email address portability would be also nice (provider would have to forward incomming emails for a reasonable fee or for free), for some limited time, maybe a year.



More than I trust google.


You have to remember: politicians are the geezers that gave Zucc softball questions on FB violates their users (0), wanted to ask Bill Gates how to lock down our internet (1), nevermind the countless nanny state bills they have proposed over the years to censor the entire internet like they do for their grandkids. Please don't ever, ever forget that these people have not a clue how any of this works and will take an axe to the security and open-ness of our beloved series of tubes.

(0) https://www.cnet.com/news/some-senators-in-congress-capitol-... (1) https://www.theverge.com/2015/12/7/9869308/donald-trump-clos...


The difference between Google and the government is that I can more easily escape the rules that Google imposes than the government.


I moved to another country, but Google is still here...


It isn’t in China....


Ah yes, that Libertarian paradise we call China.

You've gone off the rails here, mate.


Yeah that was snarky. But are you actually saying there is no alternative in your country besides Google? Yes you can get to google.com from almost anywhere in the world. That’s kind of how the internet works.

You can also get to another website just as easily.


I trust elected politicians, controlled by checks and balances, more than unelected greedy billionaires only supervised by themselves.

How about you?


Well, seeing that:

1. The average tenure of Senator or Representative in the US is steadily increasing. (https://www.termlimits.com/new-research-congressional-tenure...) and because of how much money it takes to win an election, it’s really hard to get rid of a member of Congress.

2. Because of how both the Electoral College was designed and the design of the Senate with 2 senators per state regardless of population, if you live in a more populous state, you have less voting power.

3. The more tenured Senators have more power and they have the power to block legislation. The people of the state where the leaders live are the only ones that can oust the Senate leaders.

4. Most rules aren’t done by legislators they are done by committees led by Presidential appointees who are approved by the Senate - again appointments can be blocked by the leaders of the Senate. Many of their policies are approved and struck down by unelected judges.

5. Then there is always gerrymandering.

6. You really don’t believe politicians - many of whom basically did insider trading pre-Covid - are greedy rich people? The President himself is a billionaire.


> You really don’t believe politicians - ... - are greedy rich people?

Could you point out where I said that? Please don't put words into my mouth just to "win" a discussion. That's pretty cheap.


“I trust elected politicians, controlled by checks and balances, more than unelected greedy billionaires only supervised by themselves.

So the alternative between trusting greedy rich people who both don’t have the power of the state, and I can choose to use alternatives, is to trust greedy rich people with the power of the state - most of which I have no power to get rid of because a) they aren’t in my district, b) the alternatives don’t have the money to get elected, and c) get elected by the flyover states because they have two senators just like the more populous states


I and plenty of my friends do not have Google account and still using the Internet without issues.


Agreed.

I have a google account, but I only use it for signins to places I could easily create other means of signing in.

If its for a place I know I want to always have access to and never have to worry about re-creating then I use my personal email.

Google SSO is a convenience only. The world will go on without google and you can certainly use the internet without having a google accout


Only if you are all in on google. Don’t put all your eggs in one basket.


I agree, but come on. Let's be honest about the scope and magnitude of this bucket. I have a business that relies on a Chrome extension to be on their web store.

Say I accidentally trip off something in their opaque machine learning algorithm that determines my extension (or even a YouTube comment!) breaks their terms of service. They would have the right to completely block my account and remove the extension. Effectively, wiping out how I make a living with a single automated bit flip.

It hasn't happened to me, but the people that share horror stories of how it happened to them scares the $#!7 out of me.

As the Internet gets more privatized and less "open", I just wish there was something that required a fair "trial" of my account being suspended. The balance of power online is slowly shifting and I feel there needs to be something protecting the rights of individuals (the public) online.


Sounds like you need to diversify your business.


It’s only a passport to your internet because you haven’t bothered looking outside its borders.


This is probably the most HN comment ever.

Congratulations on being a better Internet user that the rest of the world! You are clearly very proud.

For the vast majority of people, their SaaS email (in most cases probably a Gmail account) is in fact their primary identity on the Internet, and that's not going to change because they wouldn't even know where to start looking for other options.

Before you say "that's their own fault for not knowing better", I would ask you: did you get your own medical degree so that you can handle all your own medical problems? What about a car? Did you build your own car? Do you have a law degree? Do you grow all your own food? Are you a licensed electrician? How about a food safety engineer? An architect? No? So you rely on established and proven products, systems and service providers for these things? Of course you do, because that's how society works.

Technology folks often forget that we happen to have specialized in a field that is now dominant and pervasive in everyday life, so we "get it" more than most, but that's not the case, sometimes not even an option, for most people..


You seem helpfuless in the era self help. Informationless in the information age.

Did you build your own car? Are you asking us to compare building a car to using a gmail account. The comparison is did you build your own google mail provider. Very few have.

But most of us went to different dealships test drove different cars, looked up tech details and reviews. Reviewed recalls and decided for ourselves.

What kind of special degree do you feel you need to pick a different email provider?

And most people don't uses a sass. I would expect a slightly more tech enabled person to be using a sass (not too many grandmothers or average internet need a sass). Can those people figure out how to signed up without google if they want to? I would hope so. If your sass doesn't offer any other way to sign up it won't be around for too long anyhow.

If you are going to put everything under your google services for your saas pay a few dollars and get a business account if it's important to your business.


What do you mean you don't hunt and kill your own food and grow your own grain?

Businesses should absolutely have the right to not let you use their services for any arbitrary reason! It's a free market! Sucks to be you!

</ sarcasm> [Offer valid until the same thing happens to me, then I can scream and cry about it]


> their SaaS email (in most cases probably a Gmail account) is in fact their primary identity on the Internet

In which case they are in luck. There are a multitude of email-providers worldwide, and email is 100% transferable.

Many people for instance use Office 365. A similar SaaS, not Google, allowing you to digitally separate who you are from what you do.

> did you get your own medical degree so that you can handle all your own medical problems?

No. Absolutely not.

Nor did I once sign up for a medical check, pledging that I would for the rest of my life use this one medical facility only.

Do you know anyone who has ever done so? Ofcourse not, because that makes no sense.

And it should similarly make no sense to make such a move in the digital world, maybe there even less.

If you separate email (identity) from what you do (like using Google services), the worst Google can do is ban your ability to do business with Google, not your ability to do business at all.

As a business, why would anyone be stupid enough to take the risk and let Google have that ability?

Edit: As for being the most HN comment ever, how goes conflating email for Gmail and seemingly being unaware of there being other email-providers than Google? I mean, really?


> In which case they are in luck. There are a multitude of email-providers worldwide, and email is 100% transferable.

Really? You think the average person can navigate changing all the services they signed up for with a Google account they've lost access to, and update it to a new account at a new provider?

Having helped a few non-technical but still very smart people do this over the years, I can tell you that for most people this would be way more daunting and painful than you believe.

> If you separate email (identity) from what you do (like using Google services), the worst Google can do is ban your ability to do business with Google, not your ability to do business at all.

You say this so casually, and that's my whole point. Most people wouldn't understand this distinction or even know where to start to actually do this.

You rely on your technical knowledge without even realizing it, to even understand the need or option to do this. Again, most people do not have this level of technical acumen. These are unknown unknowns for them.

I chose cars, health care, food and housing in my examples because they are day-to-day things for everyone that we all take for granted and don't deeply understand, and rely on experts to handle for us, but can't really live without. That's the Internet for most people.

You missed the point by splitting hairs and nit-picking the comparisons.

> As for being the most HN comment ever, how goes conflating email for Gmail and seemingly being unaware of there being other email-providers than Google? I mean, really?

This is now the second-most HN comment ever. ;-)


Why should they be, from Google’s perspective (which obviously skews towards “our algorithm is perfect”)? If you’ve done something banworthy on one of their properties you’re obviously not worth keeping around anyway as you’re likely to violate policies elsewhere.


That's the horrible part about it. You're spamming smileys on a Fortnite stream? No more access to your email, which you require to manage access to five dozen online services including PayPal, probably also stuff like insurance and whatnot.

Considering how vital ones email account is today, it's time for laws that prevent providers from pulling stunts like this on your mail account, no matter whether it's free tier or not.


Why do you need a law if you already have all tools available to prevent a provider lock-in?

Anybody can buy a domain for the price of two coffees and have full control over their email addresses. There is no excuse for being locked in by google. Even if somebody wants to use google's UI, the emails can be forwarded to google, and at the same time backed up somewhere else in case google shuts down the account.

If you consider how vital one's email account is today, it's time to put down some money.

*edit: Buying a domain often comes with an email service. There is no need to run a mailserver.


> Anybody can buy a domain for the price of two coffees and have full control over their email addresses

the only control you have if you go the "own mail server" route is the control on your tears when you see that your mails are rejected by every other mail server in existence because you made it in some random blacklist


Don't have to run your own mail server, nor would your mails be rejected necessarily... There are a lot of providers around which let you use your own domain.

And if you're using your own domain, you're always able to switch providers by updating your mx records.

But I wouldn't ask my family to do that either, that's just something for tech enthusiasts and people that make their actual living by being reachable through mail (contractors etc)


Why do you equate "own domain" with "run your own mail server"? There are reputable mail providers that allow you to use your own domain through their setup, many webhosting places do a decent job of it, ...


It's not "owning a domain" that I equate with "run your own mail server", but "have full control over their email addresses".


Fair enough, but I'd argue being able to move said addresses, without needing cooperation of the mail hoster, at any point is pretty good along the control axis. (Don't forget to have an independent backup of your inbox though if you want to be safe!)


You can start by using the mail service of the domain provider.

[edit:] On the other hand, if one wants to run his own mail server:

From the last hn discussions about blacklists, I got the impression that [running your own mail server] is not an issue as long as you correctly navigate the anti-spam mechanisms. It's not obvious, but also not a black art.

I would rather be bothered by server security. Since email is so vital, how do you secure your server against recent vulnerabilities if you are offline, e.g. if you are on a vacation.


You're basically admitting that getting this right is non-trivial. Do you expect everyone to do it? Your barista? Your doctor?

Similar argument: "Why do we even have doctors? Anyone can buy a medical textbook."


Sorry, I reshuffled my comment too much. This should have been:

>You can start by using the mail service of the domain provider.

>From the last hn discussions about blacklists, I got the impression that ~this~ [running your own mail server] is not an issue as long as

I absolutely expect my doctor to be able to register his own domain in the same vein that my doctor expects me to not lick Corona infested door handles right now.

Registering a domain is like taking medicine. We expect everybody to be able to do it.

It's the building of domain management infrastructure, the software that sells domains to the users, that is out of reach for the doctor.

Similarly, I expect a barista to register a domain. It's not magic. If he has made his own Amazon, Netflix and Spotify account then he can make one more.


Only with shitty IPs.


Non-technical people have no clue what many of the words in your comment mean, at least in this context.

"provider", "lock-in", "domain", "UI", "mail server", "email service"

They have no idea that what you mention is even possible, let alone how to do it.

And you know because you've probably invested tens to hundreds of hours into figuring out these things.


They don't have to understand those words. My comment was written for hn, not for them.

Non-technical people still understand accounts: bank accounts, email accounts, netflix accounts, etc.

Those among the technical illiterate, who absolutely have no idea, have gotten their mail account with the help of somebody. Chances are that they are not stupid and understand the concept of accounts by now. If not, they can get a domain account with equal help.

The key concept is ownership. Whoever rents a property understands that he can be evicted. And most people who have bought a house also know that at first the bank owns it and that they could be evicted if they don't come up with their down payments. In other words: almost everybody understands that he can lose something if he doesn't own it.

So it is not a great leap to understand ownership of email addresses. Calling it difficult just allows people to safe face when in fact they just couldn't be bothered.


Non-technical people have no clue what many of the words in your comment mean, at least in this context.

And non technical lawmakers are able to write effective laws?


I'm sure money is a real argument for some people, but it's probably also as much an argument to hide for the fact that many (non-Hacker News visitors) don't really have any idea... about how to properly make their online life "redundant", or even the need for it.


I wonder if domain email can look pretentious or confusing to non technical people. I own a few domains, including <firstname><lastname>.com and <initial><lastname>.com but I don't work in IT (I'm an accountant), and don't have a business, blog or website. I bought the domains to keep them from bulk squatters.

I set up email with fastmail but I don't use it much. I assume people will look on them as some sort of vanity address.

I probably should migrate my most important logins to my domain email, though.


I can relate. I don't work in IT, and I've been using <firstname><lastname>.com as my main email for years. But in practice I have another email address that I can give around when I feel that using my own domain would look pretentious.

I've pondered buying a domain that's not my name just to make it look like it's a normal email service, so it wouldn't look pretentious. But now it seems to me that a better solution would be to migrate all to Fastmail or Mailbox.org and have an alias ready for that use.


Don't sweat it. Some people will find anything pretentious. I was eating a Shawarma some time ago and a colleague asked me what I was eating. I answered "Shawarma" and this was enough for him to think I was some kind of elitist or whatnot. Bonkers, really.


I work in a non-technical field and ask around about this. It definitely looks gaudy and pretentious to some people. You’re not immune to the occasional eyeroll. It concerned me enough to remove it from my resume.


> pretentious

No.

> or confusing

Occasionally, with customer service phone reps. It's a good filter to identify people who are too low IQ to trust in general, so it's a great signal


Because the law should skew towards pragmatism.

Not everyone can run an their own email server.


With a domain, you don't have to run your own email server. Many providers offer the full package: domain, website, email.

Having a domain and email address is as easy as: Buy the domain, log into the domain account, create an email address, done.

At that moment, you have an email address with a web UI to which you can log in as easy as to any other email provider.


Right. And some regulation on email providers to provide fair recourse for banned accounts would go a long way.

But I do also understand the demographics of this site and why some people here would find that unpalatable.


Not sure if there might not be a legal recourse if they ban access to your email, at least if they don't give you the possibility of downloading an archive of its contents. Because, unless they have deleted it, they have your data in that email.

So, under a GDPR reasoning https://gdpr-info.eu/art-15-gdpr/ do you have a right to a copy of your emails even if they have blocked your account? Unless they have deleted all your data I think it would be a yes.


Have you tried downloading your data from Google? If you have a large data set (for being a loyal user for years) and a slow (non-business-class) internet connection, the server just expires your auth token before you can complete the download.


This has happened to me. I have been able to get it to work by retrying the download until it works, it took me three tries. If that still doesn't work, Google Takeout supports splitting the download into smaller 1 gigabyte chunks which should hopefully be downloadable fast enough. Still annoying though.


If it was decided you had a valid GDPR claim but Google doesn't give you a decent way to download it that's Google's problem.

The question is if they have to give you your emails if they still have them. I think it would be decided they would have to. It might be worth getting ready to be blocked, get blocked, and then demand the data to set the precedent actually. But I am lazy; the virtue of a programmer, the vice of a concerned citizenry.


Because eradicating every last possibility of TOS violations is not what Google's business is about.

These horror stories of banned Google accounts destroy trust. They have lost my company's cloud business for that reason and I'm sure we're not the only ones.

Also, Google's sprawling empire is already in the crosshairs of regulators. Destroying people's livelihoods by applying draconian bans across personal and professional domains doesn't help.


What's weird to me is that they do the exact opposite for SEO spam/scams. They will (maybe) put a penalty on one domain, but they will not touch your other domains. And as soon as you stop doing the spam/scam thing and pinky-promise to not do it again, even the original penalty will be lifted.


> If you’ve done something banworthy on one of their properties you’re obviously not worth keeping around anyway as you’re likely to violate policies elsewhere.

That's a violation of that "assume stupidity instead of malice for as long as possible" rule.


Well, if they want to be seen as grumpy asshats so be it.


There is talk of implementing per-service bans. They already exist for adsense and google pay. You can today be banned from adsense but allowed to use all other google services.

Customers seem, if anything, more angry about that though...


They're angry about that because the "per service" bans are even more capricious. You can get permabanned from something like YouTube for something as fickle as people being unhappy with your videos and mass-flagging them. And of course that's a "per service" ban, but it would turn into a site-wide permaban as soon as Google thought you were trying to evade it and join YT with another account. I won't even get into the whole copyright enforcement stuff which is just as badly implemented, but at least Google has plausible deniability there since the law requires them to ban "repeat" offenders. No, it's everything else that's real crazy and scares a lot of sensible people away.


They would probably be less angry if the adsense bans were not completely random & unjustified.


Most people I speak to about the adsense bans claim their ban was totally unjustified, but then later reveal that they might have clicked on ads on their own webpage "just once or twice to test it"...


There's maybe a small proportion of people falling into this category but since the bans are automated and triggered on obscure rules outside of the account's owner knowledge, I would argue a that a good proportion of bans are just random. The fact that support is close to non-existent just makes it worse for sure.

I had myself an account banned and I can assure you it's really totally random.


Google doesn't ban itself when they violate their own terms of service (Notification spam, mass WiFi network collection, Google Buzz) "just once or twice to test it"


Yes, because they still have a voice left.


If you spend some time on the other side of it, it'll make more sense. I've done anti-abuse work before and you would not believe the number of people who due to greed, malice, or some sort of perverse glee will spend massive amounts of time working to abuse your service.

Especially when that service is free and effectively anonymous, it's just not possible to give each case a full and fair hearing. You know that you'll get false negatives and false positives. You can try to minimize them, but actual justice is expensive. Too expensive to pay for with ad sales, that's for sure.


But hey, everybody loves the single account login! /s


This just reminded me how dangerous and foolish it is to use Google as an OAuth sign-in method.

I’ve idiotically done this for a bunch of major services, including freaking medium.com, among many others. Can’t believe I’ve been so careless. Now I worry and wonder how hard it will be get back to regular email & password.


Depends on the service. Sometimes you have to delete your account and start again unfortunately. But if you can, a password manager is a much better solution that generally doesn’t leak information about all systems an account uses to the account provider for the purposes of targeted advertising.


That screenshot of Google saying that in a short amount of time they’d be deleting all your data, plus the email where their “ban review” system just rejected them and said any further replies would be ignored, are really really worrisome and highlight to me the critical importance of minimizing my reliance on Google services (as much as possible).


That's why I would never use any of Google's "social" functions. Never comment on anything controlled by Google.

You never know when they change policies and some automated bot kills your account for it, years from now.


I would be interested how likely/severe such a ban is for a paying Google One costumer.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: