Hacker News new | past | comments | ask | show | jobs | submit login
Google disabled my husband's account (twitter.com/miguelytob)
763 points by Eyas on Oct 15, 2020 | hide | past | favorite | 483 comments

It's incredibly Kafka-eqsue that you get banned for a supposed violation that you're supposed to appeal, but you don't know what you're being accused of doing.

This is exacerbated by the fact that 9 out of 10 times a story like this appears it's an algorithm gone rogue which its billion-dollar shepherd assumes is infallible.

The remaining 1 time it's because someone knows how to abuse reporting systems to get someone locked out on purpose.

The only reason these tech companies managed to get so big is because they'll cheat at anything that requires human scale. Support, moderation, taking responsibility for the content they host. They somehow managed to skirt on that just as the web was transitioning from a wild west to a somewhat ingrained, regulated place and the world is worse off for it.

Because they skirted on all this, they are now somehow the world's gatekeepers on modern communications. If you don't play ball with them, you're cut off from almost everyone. Their recklessness and callousness ironically put them in the position to rule over the rest.

I don't think the internet was ever going to become regulated. What did occur post-2007 was that what made the internet work as a disparate ecosystem of loosely connected destinations (news groups, message boards, blogs, misc websites) that all played their own very important role, controlled and owned by their own communities became one platform under Facebook, Twitter, Reddit, etc... and was controlled and owned by people who had no identity-based connection to the people using those platforms.

This is largely based on my own observations and could be wrong, but it's my theory. Tech companies robbed an internet culture they didn't even realize or appreciate existed, and then shoved a bunch of people who had never used the internet before on it and convinced them that Facebook was the internet. Or rather, that the standards, norms, and culture on Facebook was somehow reflective of everything outside of Facebook. Just replace Facebook with the growing list of companies who engage in "platforms" in varying degrees.

tldr: this obsession with centralization made no sense to the way we do things as a human species, any of our values, any of our culture, and we let it happen anyway. The chickens have come home to roost.

I definitely think that what you're saying is true, and is part of the explanation. But another part is that the Wild West internet also had its own major issues -- roving bandits, to carry the analogy -- and these big companies did solve real problems that were only growing with time.

Gmail's spam filtering. Recaptcha's bot rejection. Facebook's identity verification. Paypal's secure credit card processing. Google de-ranking link farms. Youtube's hosting costs. All of these very effectively solved real problems with the old web, and those problems were growing as bad actors became more sophisticated.

I like the old web too, but I do appreciate that an attempt to return to it would still require very effective tools to solve at least some of these problems, and they'd require constant improvement to keep the roving bandits at bay.

I believe this is an overly rosy-glasses view of the current heavily centralized internet.

Gmail spam filtering? Isn't particularly good. I run my own email infrastructure and I get way less spam through it than on my gmail address. And I don't do anything particularly special other than configure postfix correctly.

Recaptcha? Was there ever a more hated piece of user abusive technology? Plenty of rage against it here in many discussions. I won't do business anymore with any site that won't let me buy without identifying 27 traffic lights in slow motion (looking at you adorama). We're all better off if this dies.

Facebook verification? Don't know what value this brings to anyone other than FB.

Youtube? Granted.. Hopefully with bandwidth costs reducing over time, decentralization becomes more viable.

Paypal? Always pay with credit card directly. The regulatory consumer protection for that was well in place before internet commerce even took off.

The original potential of the internet was in its fully decentralized functionality. Usenet being a great example (owned by nobody, hosted peer to peer) which should be studied a bit more now that we have generations of developers coming up never having known it. Of course, it was (mostly) overrun by spam. But unlike email where spam is pretty much defeated, there was never a meaningful effort in addressing spam on Usenet (forums and mailing lists took over instead). Applying the same techniques to NNTP could well be equally successful.

If there is any desire to avoid the internet becoming fully a new cable-tv controlled by just a few major player we need to pursue research into decentralized services as a priority.

(If nothing else, consider at least running your own email infrastructure if you're technically capable. Keep the foot in the door so it doesn't close permanently.)

It's more of an attempt at a steelman. Just for the record, I don't like the current centralized internet; I've all but deactivated my facebook account; when a site requires a Google or Facebook verified login ID without their own "create account" option I avoid them at all costs; I avoid Paypal now because there are better alternatives (but in the early '00s, I would not have trusted most sites enough to pay with a card). And so on. I'm not trying to advocate for their position, but just understand the problems that they solve and why we got here.

And while I hate using recaptcha, I also had the even more unpleasant experience of watching a forum that I moderated die under a crushing assault of spam bots that were smart enough to make it past the built-in CAPTCHA. Recaptcha isn't there to solve problems for the people who interact with it, it's solving problems for the people who chose to put it on their site.

I wrote in a sibling comment what value Facebook's login brings to the sites that opt into it. (Offload all the work of password handling, claims about stolen accounts, preventing sockpuppetry and catfishing, etc).

You can't look up voting locations without a reCAPTCHA challenge https://recorder.maricopa.gov/pollingplace/default.aspx

This is particularly pernicious. If a private business does it I'll hate on them but oh well, it's their business at the end of the day.

But there should be accessibility laws to prevent government agencies from blocking access to citizens/taxpayers using these proprietary technologies.

What's the alternative?

I don't know offhand of an open-source captcha library that's nearly as effective as reCAPTCHA. All the old "wavy lines through slanted text" ones are completely broken with current OCR techniques.

The alternative is nothing. There is no justifiable reason for a CAPTCHA for looking up voting locations. It can be a static HTML page served to anyone in the world.

I don't think you're right.

> Facebook's identity verification

in real life, do you need to know the real name of the cashier and see their contract so you can trust them with your payment? You don't, you use common sense.

> Google de-ranking link farms

hey, haha, and what do we get instead? Monopoly on ad-driven search engine, great, I'd rather have link farms since I can easily filter those out with little brain-power. I can't do that with paid-for-propaganda

Now imagine we'd leave the way it was, people would learn how to deal with it, the same way you learned you can't leave unlocked bicycle in a city. It's a price to pay for anonymity, and we should all have right to be anonymous on internet.

Yeah, Google kind of created the link-farm ecosystem because it rewarded links— again, without verification etc. but just algorithmically.

100%, I agree, going back to the Wild Wild West probably isn't the thing to do, but I think we can look at decentralization through the lens of modern tools for a brighter and more equitable future for the internets new and old denizens.

A couple of ideas I've had:

- Leverage PGP and trust rings for identity without a need for non-anonymity. This could be structured in a nuanced manner so that we respect pseudo-anonymity while also maintaining the integrity that real identity brings.

- A wholesale education of the populace, instead of an education by fear, of the power of anonymity and services which further anonymity.

- A move away from the advertising and services-exploitation business model. Not that we can't have service oriented businesses, but those businesses cannot be exploiting people to do labor and a bottom line price.

- A data ownership model which establishes a monetary value for different types of data. We already do data classification inside mega-corps, and we're able to establish and correlate it's sensitivity. Extrapolating this to value would not be stretch. Users consent which data they give up in exchange for services. The price for the service is adjusted based on what data they give up, and how they choose it will be used (Data for marketing may be more valuable than say data for behavior research, or even vice versa!)

> Gmail's spam filtering. Recaptcha's bot rejection.

> Facebook's identity verification.

The ability to choose an identity online not connected to your legal or in-person name, to make it more difficult to find and stalk you in person, is a feature, not a bug.

I don't disagree, but a lot of websites these days choose to offload their login systems to Google and Facebook to certify that a unique human is on the other end. It solves real problems for them like password management, bot detection, astroturfing, sockpuppetry, stolen accounts, and so on.

For these purposes, an actual Real Verified Name is overkill, and a unique identity number would be enough. But Facebook offers that service for Free(TM) so there's not much incentive to the site operator to aim for something more minimal. And with GPT-3 and other systems inching closer to passing the Turing test, this only makes alternatives more challenging for them.

Those are problems in the Wild West that would need solutions if we were to reclaim the net from Facebook and Google.

What links those accounts is not special, it's OAuth2. I don't think there's anything stopping different groups from running open OAuth2 endpoints that just provide a PGP based identity service. I actually wondered why Keybase didn't start an OAuth2 endpoint, because it'd put a big dent in some of the services you described.

I see GitHub OAuth logins in some programmer-centric websites. I prefer that over Google login (and god forbid Facebook). It's just as bad from a login-centralization perspective, but GitHub allows you to control your identity freely, instead of mandating (and more-or-less enforcing) your legal name like Facebook.

(Google no longer rejects or bans you for fake-sounding names, ever since the Google+ controversy, but it still enforces a Western-style first/last name instead of other cultures' name formats or single-part usernames.)

WebAuthn is right there and built into Windows 10 and macOS now. I don't understand why it isn't seeing more adoption.

imo the need for 'centralization' comes from the fact that in order for different people to understand each other, they must use the same dictionary (so to say). So the 'dictionary' is a centralized construction. It must be the same for everybody.

If our dictionaries vary to much in their definitions then our communication becomes more and more difficult.

Maybe dictionary is not the best analogy (this is just an analogy) but I hope I'm getting my point across with this example.

I used the internet without facebook before it existed. I had a Facebook account for over a decade. I haven't had a Facebook account in two years.

To the extent that what you are saying is true, it is only true because these companies have walled themselves off. You used to be able to chat with Facebook users over XMPP even.

Yeah, I agree. If I remember XMPP was dropped while using that old adage of "scale", which maybe was real, but in the end the net effect is the same. Advanced users know a broader breadth of the internet while most internet users only know the depth of Facebook and other various platforms.

I guess once they got big enough there was no longer a point in interoperability, it seems like a pretty big phase transition got hit about a decade ago where suddenly each walled garden got big and valuable enough that isolation was a better strategy for them.

It just sucks for the internet. I don't think, if those companies ceased to exist, that they would automatically get recreated because of some inevitable niche or market law. I think that they got where they are because of a fluke of the times they were created in -- people could not grasp how they make money.

I understand the motivation. I work on platforms teams internally for companies (and have for a number of years). In smaller scale, this concept largely makes sense because developers at a single company come from a single culture which those developers largely have already bought into or are actively being shoveled into by corporate work. This is the role a lot of developer advocates play at companies who don't have external developer customers.

In large scale, what you're asking is more dubious. If you concede that the United States alone has 11 major cultures, then you have to begin a process of "on-boarding" everyone onto your new, structured culture that your platform is designed around. That's why these debates about who is represented in the building of the platform come about, because under that model those concerns take center stage and they should.

I guess what I'm saying is the whole problem never needed to exist. There's better ways to share information than being on one platform.


> It's incredibly Kafka-eqsue that you get banned for a supposed violation that you're supposed to appeal

"You must understand, all problems are [user]'s own. If you only made certain to properly follow proper protocols, no such problems would exist!"

> but you don't know what you're being accused of doing.

"If there is a problem, fill out complaint form, and place it in an envelope addressed to the name of the hospital in which you were born."

# The Onion wasn't supposed be a prescient view of our future.

> This is exacerbated by the fact that 9 out of 10 times a story like this appears it's an algorithm gone rogue which its billion-dollar shepherd assumes is infallible.

This. And it happens in all businesses Google is part of. As a website owner who monetized with AdSense for a decade, this year their algorithms suddenly decided that 33% of the ad revenue was from "invalid clicks". The month before this happened, I was experimenting with a different ad provider. My suspicion is when I returned to AdSense the month-over-month increase in revenue tripped up the algo. Talking to Google reps was of no use because they have no control over the algo. I lost ~$12K in revenue over 2.5 months and eventually just stopped using Adsense.

It took 6 months for Facebook to get to an appeal of mine to unban a page. I was happy it was unbanned, but the ticket said "1-2 business weeks" in the turn around...I was never contacted for an entire 6 months. If that had been a crucial page for me that brought in revenue for me, I'd have been completely screwed. Google is also hard to get a hold of for anything unless you're a partner.

I worked at a startup where we used Google Cloud. Even as a paying customer, when I'd try to talk to their "support" all they would do is try to upsell their consulting partners to answer a question about their own services.

That's wild, we're a fairly small Azure customer (compared to others) and I get calls and emails every month from a rep asking us what they can do, if anything. I think Microsoft is maybe a bit smarter at this by connecting sales to CSMs, because they can up sell and get you to support if you need it. While with Google it's a big shell game.

From hearsay Azure has better customer support because they know that in cloud and server environments they are a relative newcomer, traditionally many data center people would run away when they hear Microsoft.

Google has the ego of a market leader. They don't care for their customers, that's nothing new.

Despite the (apparently) good support, the decision to "run away" when you hear Microsoft is still justified unfortunately. I've recently had the displeasure to work with Azure and not only the console UI is even worse than AWS but every single service, despite looking similar to the competition, is actually different in subtle ways (which you often don't realize until you get started implementing against it) and forces you to waste time working around some Microsoft dev's attempt at being smart[0].

[0]: as an example, obtaining root on a container in an Azure DevOps CI pipeline. You have to bind-mount the Docker management socket into the container, then use that to gain initial root access and install sudo, then use sudo to run all your commands. I don't recall ever having to do that on any other CI service.

Yeah, I was probably a bit spoiled at the time. I was at startups that leveraged AWS in the early days and their reps and support people were at least somewhat accessible but at the very least knowledgeable. That flew in complete contrast to my experience with GCP.

Microsoft is a company born in selling physical products. Their software used to come on floppies and CDs. Google hasn't really sold anything real their entire existence.

Azure was down in Australia one night and I randomly sent a tweet to microsoft. To my pleasant surprise they acted on it and resolved it in few minutes. this is the same microsoft that was the villain around 10 years ago

Microsoft's "villian" nature in my experience was never in their products but in their Legal and Licensing teams

While the rest of MS is improving those 2 teams are still a problem, the "cloud" is ripe with ways to obfuscate and needlessly complicate licensing to over charge companies and MS excels at that

Microsoft has decades and decades of B2B experience. Amazon has decades of Consumer Experiance

Google has none, this is why Microsoft and Amazon excel leaps and bounds above Google in customer experience

Same experience, we spend less than 10k on Azure. The customer service people have been phenomenal. Though they need to move to some modern ticketing system.

Good to know

"The remaining 1 time it's because someone knows how to abuse reporting systems to get someone locked out on purpose."

I'm going to suggest (without any backup) that it's much more common but you simply don't hear about it.

The whole thing is based on anecdotal numbers. We have no idea how often false positives happen or at what rate. And even in those that are apparently false positives and complain, it's not always 100% clear if they're saying the truth.

> The remaining 1 time it's because someone knows how to abuse reporting systems to get someone locked out on purpose.

My Twitter account got disabled many months ago due to "suspicious activity". I did not do anything. At the time I talked to someone with whom I disagreed respectfully on a CS-related subject and was not political. Next thing that happens is that it asks me to verify via phone and only then I am able to use my account. I am not going to do that, so yeah.

What I believe happened is that he attempted to login to my account a few times, which triggered their bullshit...

Twitter routinely disables accounts for "suspicious activity" as a scummy way to harvest phone numbers (despite the account supposedly being considered dangerous and in breach of the ToS, simply providing a phone number immediately restores it without any human review).

Perhaps your FBI agent requested Twitter for some help figuring out your true identity.

Wonder if they've blocked the providers of temporary virtual phone numbers?

Presumably the known providers such as Twilio, etc are blocked, but there are small companies that provide numbers from the same number ranges as the big cellular carriers so those are completely undetectable.

I suspect if there would be enough demand for this service, a "grey" industry of people buying prepaid SIMs and renting access to them would appear.

Phone number risk scoring models would heavily weigh against behavior like that. Prepaid numbers are typically scored worse than post paid numbers as well, but that sort of behavior would quickly be identified as fraudulent.

> Prepaid numbers are typically scored worse than post paid numbers as well, but that sort of behavior would quickly be identified as fraudulent.

This assumes there is a way to tell which numbers are prepaid or not. To the best of my knowledge they both originate from the same pool of numbers and it is impossible for an outsider to tell whether a given carrier's number is prepaid or postpaid.

I once got locked out of my Veeva Vault account because I couldn't remember who I put as "who was your best friend in kindergarten?" (I had like 8 best friends then!). After putting in a ticket and hearing nothing back I finally braved the phone system and called support line. The rep who unlocked my account and reset my password assigned me 4 different modules of 60-question EACH mandatory training in order to get back into my "dashboard."

>They somehow managed to skirt on that

Not "somehow". Our national leaders in the US since Google was created have been fabulously pro-business, to the extent that they have never updated our laws governing privacy for the computer age (IE, limiting what businesses can do with data) and they've gutted consumer protections along the way.

Since the US government is so thoroughly corrupted by money, once a corporation is large enough they can effectively write their own laws. Google and others have done this, so there's no law stating that they must give consumers rights in a dispute, must provide their data, or even must be fair.

Government + money = corruption.

You would think that with congress seriously talking about breaking up monopolistic tech companies, the big players would have tried to _tone down_ the monopolistic behavior, not amp it up...

> which its billion-dollar shepherd assumes is infallible.

I think the "cattle, not pets" implications haven't quite sunken in yet. Stragglers get turned into mutton.

Well, presumably not straggling cattle.

Is it that easy to have someone locked out of Google? Just by reporting them for fake abuse? I'm sort of shocked if that is indeed true. It ought to be hard to do that. Otherwise, people who disagree with others may use that to get even or settle an online quarrel, etc.

I had a small website few years ago and I placed Google Ads on it. After few weeks my Google Ads account got banned forever (no appeal available) for fraudulent clicks. There is no way to reverse this ban. I am 100% sure I didn't click on my own ads. I guess someone could easily do some suspicious activity on your ads (or just extract your Ads ID from Android APK) and then get your account banned. Fortunately, they only blocked me from Google Ads for life, but not from the rest of the account. Also - never ever open a Google Play developer account with your personal Google email. Create a new one for this.

> never ever open a Google Play developer account with your personal Google email. Create a new one for this.

That means having another phone number, right? I tried to make a Google account for this kind of purpose, but had no way to receive the text they insist on without linking the new account directly to the old one.

A friend in the freeer err I mean 3rd world might hook you up

Not only is this incredibly Kafka-esque, it's archetypally Kafka-esque! This is effectively exactly the plot of The Trial!

Though less serious, my wife has a similar problem with Amazon. She tried to review a product (first review for a very long time) and was greeted with this message:

"! We apologize but Amazon has noticed some unusual reviewing activity on this account. As a result, all reviews submitted by this account have been removed and this account will no longer be able to contribute reviews and other content on Amazon. If you would like to learn more, please see our community guidelines. To contact us about this decision, please email reviews - help@amazon.co.uk."

The 'community guidelines' link goes to a page with what the rules are, but doesn't say what rules have been broken.

We emailed Amazon, using the email address in the post and got this reply:

"I relayed your information to the team trained to handle this scenario regarding your inability to post reviews. They are not able to provide an exact date or time when they expect this issue to be resolved. For more information about our policies, please see our Community Guidelines (http://www.amazon.co.uk/review-guidelines) We appreciate your patience in this matter.

Warmest regards,"

'Warmest Regards'? Really - you just told me she's locked out and it's gonna stay like that for the foreseeable future. :(

Really? The world is worse off because of the Internet?

The Internet has been the single best thing that has happened to the world ever. Information is effectively free now. It's given limitless opportunity to billions of people everywhere in the world, regardless of class or wealth or social status. Largely, the Internet itself is not discriminatory.

Sure, it has its downsides, like misinformation, and 1 in 10m people getting locked out of their accounts.

I lost my Google account, which was tied to my phone number (Google Voice), a few years ago. It sucked. But, honestly, it wasn't even as bad as losing my license.

I'll take free information for that.

He is referring to the tech companies, you are referring to "the internet"

Are you certain you two are speaking about the same concept?

"This is exacerbated by the fact that 9 out of 10 times a story like this appears it's an algorithm gone rogue which its billion-dollar shepherd assumes is infallible."

The "facts" are a bit misleading though. You won't hear stories like this when it isn't framed as a case of an algorithm gone rogue, and of course whether the billion-dollar shepherd assumes it is infallible or not is something being projected onto the story.

One thing that is tough about these stories is that there a class of US enforcement responses for which it is illegal to disclose why you responded.

For instance, it is a prison-time offence for an individual employee of a financial institution to tell a customer they filed a SAR on them.

The way you get kafka is BSA compliance officers have personal liability for this reporting, so they prefer not to have customers that trigger reporting, but they cant tell a customer why they are dumping them, so the word comes from ‘on high’ or an algorithm and thats it. Nobody internally can help because for their own good they do not know the reasons for account termination.

This may be that or it may not, but probably its not that google is being dicks to its own employees. It is an outcome of a pernicious set of government and institutional dynamics.

Filing a required financial report is not similar to terminating someone's access to their account

Filing an SAR usually comes (99.99%) along with suspending the account. Suspension of account usually comes before filing the SAR as to stop any further illegal actions.

> Filing an SAR usually comes (99.99%) along with suspending the account.

You're missing half of the analysis. What percentage of account suspensions are preceded by an SAR filing?

(Probably not many.)

Google is not a government. It just acts like one.

Its only 9 times out of 10 when the story is escalated to the front page of Hacker News. For all we know, 99,999 times out of 100,000 its a case of fraud or law enforcement action that is completely correct and valid, and you do not give those actors information on how you detected them.

It absolutely is, which is why what they're doing looks fine on internal metrics.

Imagine I make a laser bug zapper and install them at every fast food joint in the US. 9999 out of 10000 times it zaps an insect. 1 out of 10000 times the laser fires it blinds a child.

I could wax all I want want about the 99.99% accuracy, the _relative_ accuracy won't mean a thing to the million people blinded by it.

When there is a mix of spambot garbage and human beings that being harmed the right metric isn't the ratio. Blinding a million children wouldn't go from unacceptable to acceptable just because the level of insects swarming around a restaurant increased by a factor of 10. The harm stands alone, and there is a level of harm which could not be justified by any amount of boring spambot influx.

Something about this argument doesn't smell right.

I care about the crime rate, or car accident rate, or botched surgery rate, because it tells me the odds that something bad will happen to me.

Given a stable rate of bad things, population growth alone causes more bad things to happen.

If we took your argument about absolute harm seriously, then we should, say, encourage population reduction until there are only 10k human beings on the planet. That would surely minimize the number of bad things that continue happening to people.

It is trivial to put every criminal to prison: put everyone in prison.

It is trivial to ban every spammer: ban everyone.

If you ban most spam while significantly harming some of your users, you've done your job poorly.

Can you give some examples of this type of job done flawlessly? i.e. where all bad actors are stopped and no good actors are hurt in the process

No, but I can think of a few examples where most of the fraud is stopped while not significantly harming users.

Make fraud impossible through technical means or make "abuse" impossible by just not providing any incentive to do so (for example, make the service paid so that there is no longer any incentive to "abuse" the free service)?

Humans are notorious for under estimating routine hazards, and overestimating things that are rarer. We worry about strangers in deep dark alleys trying to rob/rape/beat/kill us, when in fact, most crime is perpetrated by someone the victim is familiar with.

Your comment calls to mind the paperclip maximizer thought experiment: https://wiki.lesswrong.com/wiki/Paperclip_maximizer

Usually cost/benefit arguments do consider the benefits. If I kill millions of mosquitos and reduce malaria fatalties by 100 per million population while blinding 1 per million, then unless there is a better way to kill the bugs we should consider this approach.

I don't really see how this line of argument really translates to this issue with Google. First of all I should have acknowledged that imprisoning data is almost assuredly unacceptable and that unless Google is acting directly in response to a law enforcement action they should give you a way to download your data when they tell you that they have chosen not to continue the business relationship they have with you.

But there will be cases where they cannot do that, and in some cases it will be a mistake but the reason they cannot solve this problem cheaply is because usually it is not a mistake and so litigating 99,999 cases to find the one worthy of saving is a hard case to make, why should Google pay for that?

I should have mentioned up-front that this article scared the hell out of me and I'm probably moving to Fastmail. I've had my own domain for going on two decades and am still grandfathered into the free gsuite for it but I'd much rather pay someone who will support me than use a free service that could cost me access to data that I might want again in the future. I also realized I could be vulnerable to a trap where my DNS account is disabled at the same time my email is, meaning I couldn't even move the DNS without first recovering access to my mailbox.

I think you would agree that there is no plausible amount of spam traffic which would justify google murdering a user to cut the spam down. That it's just incomparable, right? Even though the cost of being dead would be borne by the user and their family and not part of google's bottom line-- murder for spam reduction would be right out.

I don't think it's that big a leap to say that it is unlikely that there is any plausible reduction in spam from an automated facility that justifies the kind of extreme harm and disruption created by locking an honest user out of their decades long email-- which might be more damaging to them then a home fire--, with zero effectual recourse. Yet it happens because the cost of the spam is on google's 'balance sheet' while the damage to the user is not.

So that is the sort of argument that I'm making. I think google is creating damages wildly out of proportion to any plausible benefit, but it works out for them currently because the damages are externalities.

Were Google a more conventional company the threat of litigation (even litigation they'd ultimately win) would help internalize some of these costs, but Google has grown to such a size and scope that even the federal government finds prosecuting them to be extremely daunting.

An externality is a cost borne by an unrelated third party. That is not the case here. These are two party arrangements. You and Google have engaged in a contract; Google is providing you email in exchange for your eyeballs, and there are terms and agreements.

There should still be a solution though. Maybe this is a terrible idea, but one idea: Google could sell a service where you pay them $200 and they thoroughly review your case, tell you what happened and work with you to restore access to data, maybe even setup email forwarding for 90 days or something that comes reasonably close to making you whole even if they can't restore service.

If in the course of doing this work they figure out they screwed up closing the account in the first place, the money is refunded. Of course fraudsters would not generally want to sign-up and pay this money as - even if the information of how they were caught was worth $200 - that would create a paper-trail. And it could still be the case that Google is under a FISA letter or something and can't fulfill this service, and in that case they'd refund your money as well.

Bullshit. Maybe 99.999 are successfully identified, but one is mistakenly banned/suspended for no reason and it often has significant impact on his/her business. Google automation is a broken system. A system made by people who never have to deal with the actual users.

> you do not give those actors information on how you detected them.

Not about how you detected them, but you should tell them what you detected. E.g. if you're using a spam filter, you don't want spammers to know which exact keywords triggered the classification, but it wouldn't hurt much to let people know that their account was locked for sending spam instead of some other reason.

If it were spam I think they'd tell them that. If they don't tell you the reason, almost certainly its fraud, and the only way to win against fraudsters is not to play with them. Anything you tell them is just an invitation for them to argue with you and waste your time, or infer detection methods. It is very hard to control fraud costs without alienating your users, especially for a free service with low barriers to entry. That isn't an excuse for Google to be so terrible, but I do think people lack appreciation for the actual problems here.

> The only reason these tech companies managed to get so big is because they'll cheat at anything that requires human scale. Support, moderation, taking responsibility for the content they host. They somehow managed to skirt on that just as the web was transitioning from a wild west to a somewhat ingrained, regulated place and the world is worse off for it.

People willingly chose the free option and chose to not pay companies that would have offered support.

The argument that customers chose to be ripped off by opting for 'free' is not supported by evidence that paid services are any more accountable.

Anyone who's had to deal with Google support for paid business accounts will tell you that the situation is barely any different for paying customers. Things might be different for very large businesses who are spending millions per month, but that's hardly relevant to how Google might handle email customers hypothetically paying $9.95 a month for a personal mailbox.




I do not understand why anyone defends consumer abuse by businesses. Unless they work for said businesses, or own their stock, there is absolutely nothing to gain by siding with an abusive business over an abused customer. The business isn't going to reward their supporters' loyalty by treating them better.

Collaborating with hostile entities is not a redeeming quality.

Lots of people with free gmail accounts have their app store purchases locked up behind that very email, don't they? Or their phones.

> Anyone who's had to deal with Google support for paid business accounts will tell you that the situation is barely any different for paying customers. Things might be different for very large businesses who are spending millions per month, but that's hardly relevant to how Google might handle email customers hypothetically paying $9.95 a month for a personal mailbox.

Then don’t pay google $10 a month. I don’t. I do the work of supporting businesses that I think deserve it. I know some businesses have monopolies that customers can’t fix by voting with their wallet, but email isn’t one of them.

> Collaborating with hostile entities is not a redeeming quality.

Using their free services and not voting for the right candidate in the market by paying for the service is collaborating with hostile entities (in the example of email where there is no monopoly and almost zero cost to switching).

Because support sucks universally and everywhere. There is no way to know if you will get support, even if you pay. Support is one giant lemon market.


I get support from apple when I walk into their store, or I open up a chat window on their website. I received it in April when my phone died and they helped me try to revive it.

I get support from Fastmail, and Migadu and Target and banks and plenty of other companies. I also provide support for my businesses.

Support usually sucks with monopolies, such as ISPs who know you have no alternative. But even then, I’ve always been able to get someone on the line to fix my issue.

Doesn't GDPR have some sort of clause against "algorithmic decision making"? So in situations like this you can deny Google automated decisions? Probably not - can anyone explain, who knows the topic?

I'll play the devils advocate: moderating any platform is a challenging endeavor, mostly because of malicious users. Having all the rules broken down in detail allows bad actors to either get close to the line but not cross it, or abuse the system while technically not breaking any rules. As such, having very broad rules (read TOS) helps. Additionally, not having to explain exactly what was violated means that people can't probe the system to figure out the rules in detail as well as the limits of acceptable behavior.

The problem with such opaque systems is that it can go terribly wrong, but the answer is to not centralize anything important; always keep a backup. After all, the cloud is someone else's computer.

If you want to become a platform that everyone in the world uses and reap those billions in profits that come with that, maybe... just maybe you should be responsible for sane, humane moderation as well. Don't build something that's manageable and then complain when people ask you to manage it.

I've said this before here, I'm pretty libertarian, and very much in favor of small gov, but at this point its become clear that anyone who strives to become an internet platform where market dominance equals monopoly or duopoly, should be held to strict regulatory standards, re: free speech, appeals, etc. similar to what a gov entity is held to.

> I've said this before here, I'm pretty libertarian, and very much in favor of small gov, but at this point its become clear that anyone who strives to become an internet platform where market dominance equals monopoly or duopoly, should be held to strict regulatory standards, re: free speech, appeals, etc. similar to what a gov entity is held to.

About that - the government can be pretty opaque. I too would like some strict regulatory standards to apply to the CBP.

Maybe it's better not have platforms that everyone on the planet have to use in order to access content/software.

Perhaps - but it has always been prudent to keep redundant copies of anything important since before computing platforms existed. Frequently backup your data and test the backups.

The bigger problem here is not really about the content, but the means. If all e-mail communication goes through Gmail (and maybe a bit via Outlook and some remnants of Yahoo), at some point you may lose your ability to communicate with the rest of the population unless you subscribe to one of these services. This is already happening to some degree but is definitely getting worse.

What seems novel here is that the author _actually works_ at Google and still can’t help despite being an insider. Although, not sure if that says more about Google or more about the banned account.

TBH, this is the way it should be.

Getting your account unbanned shouldn't require having an insider.


There should be a clear reason for why an account is banned. When you're accused of a crime in a society, we don't just tell you to read abstract law. We tell you exactly what you've been accused of, such that you can defend yourself appropriately. There is this basic principle in English law that states:

- It is better that ten guilty persons escape than that one innocent suffer.

What's been happening with many of these companies is that many guilty actually do escape, whilst many innocent actually still do suffer.

If Google insiders had special access, wouldn't that be similar to exactly how the recent Twitter vulnerability was exploited?

Although, in this case, I guess the guy was just looking for any qualitative explanation for how to fix the situation, not specifically asking for exceptions to policies to be made.

As a Google employee, I don't expect to have any special privileged access to Google customer support and I think if we did have it, wouldn't you think that would be unjust?

Disclaimer: not saying anything about the qualities of said services.

> ... wouldn't you think that would be unjust?

Not at all.

Being able to more efficiently access other systems and employees at your company than outsiders isn't "unjust" in any way.

Not being able to do so, seems very broken and weird. :(

Does Google have customer support at all?

> moderating any platform is a challenging endeavor, mostly because of malicious users. Having all the rules broken down in detail allows bad actors to either get close to the line but not cross it, or abuse the system while technically not breaking any rules.

Couldn't that same argument be used to support secret laws and secret courts enforcing those secret laws? After all, we're definitely seeing the problem of people going as close as possible to the line without overstepping.

I think those laws would help tremendously, but mostly by forcing everyone to be overly cautious not to break them, creating strong chilling effects. They'd stifle freedom, and so does Google's secret law system.

To minimize fallout, I think it's more useful to split up Google along services (Search, Youtube, Gmail, Office/Suite etc). You could search for double plus ungood things on Google Search then without running the risk to loose access to your emails.

> I think those laws would help tremendously, but mostly by forcing everyone to be overly cautious not to break them, creating strong chilling effects. They'd stifle freedom, and so does Google's secret law system.

No need to have new secret laws - there are already enough obscure laws that I guarantee you have broken many of them whose statute hasn't expired. That is why you shouldn't speak to cops without a lawyer.

That said - it's not a Google problem as it's the norm. Most services, banks or even potential employers will tell you the reason for declining service - not because they want a chilling effect, but because there are so many ways it can get wrong (for them).

I'll be honest here: move moderation to AI/robots and sent automatic messages "go out here! we're so sorry.." in loop is completely bullshit and main reason to avoid Google.

And I'm definitely not "so sorry" about.

That’s just unfair business practice that works against ill educated. Way to keep it to nice people, but nice in the context ultimately means established.

Running a government is also a challenging endeavor. Does that mean that the laws should be left obscure?

I'll play the devils advocate


Because it is necessary to develop a "theory of mind" to figure out why some entities behave the way they do. You'll encounter fewer surprises that way :)

edit: also, I have the battle scars from moderated a few niche online forums/properties that were mildly popular. People who abuse services are surprisingly tenacious and creative. If there is the potential to make money - even a little - you get abusers who are tenacious, creative and sophisticated

I don’t think anyone suggested moderating shouldn’t happen or that it isn’t hard. This situation isn’t the result of unpaid mods of a web forum - Google has incredibly vast resources at its disposal.

Unfortunately the devil’s advocate has brought us no closer to an understanding of the problems posed by OP: how to appeal an unknown violation, how to regain access to ones data, etc.

My point was not that I was overwhelmed or under-resourced: it's just that trolls/assholes/rule breakers force you to regress to "I know it when I see it" because they can break the spirit of the granular rules without breaking the letter. The solution is to make the "spirit" the rules (i.e. be super-broad about what constitutes abuse)

Because considering and understanding other perspectives is important for actually getting things done?

I had a Google Pixel phone. Less than a year old old. Treated with kid gloves. Always kept in a case. Pristine condition.

An approved Google software update bricked it. This was, by all accounts, a known issue.

The phone was under warranty. I sent it back.

They shipped me a scratched up refurbished phone. It ran fine for a week then bricked itself due to the same software update. I sent that back.

They sent me another, even worse scratched up refurbished phone. That too bricked after a week due to the software update.

I've got $3,000 worth of hold charges on my CC whilst Google are playing footsie with my phones. I sent that phone back.

They "lost" it and claimed I sent back a different phone. Then that became that I sent back a phone with a different serial number. Then a different model of phone. I pressed for details but they could never tell me any details about the phone I had allegedly sent back.

They wanted me to pay for all the phones, then eventually just the one phone that was missing. Finally Google admitted "we lost the phone but that's your problem."

After a month I said "fine, you fix this shit or I am doing a charge back." They didn't fix it. I did a credit card charge back for the thousands of dollars currently on hold on my card.

Google decided to disable my Google payments account so I couldn't use the Playstore. Or buy groceries using Google Pay. Or process any subscription items attached to the Google payments account. Or access my store rewards cards stored in my Google Pay wallet.

Google still owed me for the cost of the original phone that was a brick that I no longer possessed after it was sent to Google.

I took Google to small claims, and won.

Google decided that wasn't to their liking and disabled the Google account attached to the phone.

Fuck Google.

P.S. Please stop up-voting. This is not a vote-worthy post. It is simply a "this is what happened." Save your attention for something that is worthy. Save your anger for things that matter.

Take Google back to court.

The judiciary will not be happy with Google seemingly taking a reprisal against you for wining against them in small claims court.

It might be worth speaking to a lawyer to see if you can seek punitive damages.

That's honestly unacceptable. Google deserves whatever anti-trust action comes their way. It's absolutely insane that they can lock you out of your phone, email, youtube, password manager, business, and everything you've ever used sign in with google for on the whims of some buggy algorithm.

Stuff like this isn't the result of some faceless software algorithm that's only harming people because of 'bugs.'

Consumer abuse isn't an emergent property of algorithms. They're designed, by people, to abuse consumers.

I agree with everything except for the fact you are treating gmail, YT and other google services users as "consumers"

remember if you do not pay for a service you are the product, and 90% of google services and algorithm's are deigned to control their product (aka the users)

This is the root of the problem; to google and their devs you the user are not a person, are not a human, you are just raw ore for them to mine, refine, pack and resell to their consumer the advertisers

I think you're confusing customers and consumers, which are related but different. Google users may not be their customers, but they are absolutely consumers.

This is standard consumer abuse all companies practice, big and small.

> Google decided that wasn't to their liking and disabled the Google account attached to the phone.

Did you decide to go for Round 2 in small claims court and get the account un-disabled?

> Did you decide to go for Round 2 in small claims court and get the account un-disabled?

Sadly, you cannot do it in Small Claims Court. SCC cannot provide injunctive relief -- you can only sue for monetary relief.

To get an injunction to have the account unblocked, you'd have to sue Google in the big-boys Superior Court, and/or federal court, which may cost more and require having a proper lawyer.

Or go through arbitration.

Isn't that last bit retaliation, and explicitly illegal on its own?

> They shipped me a scratched up refurbished phone.

This was me and my Nexus 5, like you I baby my phones and exercise care. An update bricked it, they sent me a scratched refurb with shaky buttons and a creaking case as a replacement. :-/

Litigation and actually hitting the scum in the wallet (the only thing they care about) is the proper and only way to discourage such behavior in the future.

If every consumer wronged by a supplier did this we wouldn't be having this discussion at all because suppliers would never let such problems happen or escalate that far.

This is event for event what happened to me with a Pixel 3 XL, except I chickened out and ate the charge. I filed an FTC complaint and emailed my AG, though.

Could you share your process and arguments? I'd really like to pursue it while I still can.

I don't really know if you have a legal remedy under your state's "Unfair Trade Practices" law, but this might be one worth a complaint to your state attorney general's office or maybe a consultation with a consumer affairs attorney, if you have the money. I am pessimistic that this would go anywhere, though.

Sue in small claims court. Costs about $50 to file, plus $100 or so for a process server.

Check Google's terms of service.[1] They're not too bad. There's no forced arbitration. You can go to Small Claims Court in Santa Clara County, CA.

Google lists the reasons they can terminate an account. It's not a "sole discretion" thing; they have specific reasons listed. So Google will have to show in court that you violated those terms.

Definitely go. Google will have to send someone, or they lose.

In practice, you'll probably have your problem fixed shortly after your process server delivers the subpoena to 1600 Amphitheater Parkway.

California small claims court instructions: [2]

[1] https://policies.google.com/terms

[2] https://www.courts.ca.gov/1007.htm

Someone who sued Google in small claims court over an account cancellation and won.[1]

[1] https://www.huffpost.com/entry/why-i-sued-google-and-won_b_1...

The followup is equally interesting. Google filed an appeal and won. [1]

[1] https://www.huffpost.com/entry/why-google-bothered-to-ap_b_2...

That actually serves as a good example for the difference between Small Claims Court and Superior Court.

It might also have been a good idea to wait out until it was no longer possible to appeal the decision, before going public with the outcome.

IANAL, but I think there was still a good chance that the guy could have won an appeal if he had appropriate counsel represent his case, using appropriate discovery and other instruments to properly mount a defence.

According to the author of the article (i.e. the person who sued Google), they correctly won. He did in fact violate the Ad Sense rules.

AdSense issues are harder to win. Google has more discretion there. But their terms for ordinary accounts don't seem to allow arbitrary cancellation. That would attract unwanted attention from consumer protection agencies.

Small claims only provides monetary relief, you can't get equitable relief. How exactly are you going to calculate your monetary damages? And quite frankly, why would Google reinstate your account over losing a maximum of potentially $7,500?

Correct. In order to get injunctive relief of having account access restored, you'd have to sue Google in a Superior Court.

The difference between Small Claims and Superior is that in the former you're generally not allowed to bring an attorney, whereas in the latter you may actually be required to bring one.

Does anyone know whether account suspension without a reason is actually something that a pro-se litigant has any chance of suing these big companies for, and winning at all?

> in the former you're generally not allowed to bring an attorney

That only applies to individuals.

Corporations are not only allowed, but in fact required to be represented by an attorney in court. Even small claims. Corporations do not have pro se representation rights, and only an attorney can represent another person.

It is not true in all states that corporations must be represented by an attorney in small claims court. In California, corporations must be represented by a non-attorney employee for small claims actions.

Doesn't that just mean they will get some self-taught lawyer-in-all-but-name?

The idea is that a Small Claims judge in Cali does not expect a lawyer, so, there is no need or expectation to any legal lingo, which by itself can be confusing to normal people, plus the rules of evidence are not nearly as strict as in Superior Court, plus, not that much money is at stake.

The thing that may be daunting about Superior Court is that the judge is supposed to take it easy on pro-se litigants, but at the same time, they are still supposed to be impartial, and can't really act as your own lawyer.

Being in the same small claims venue as the company is actually a nice side benefit to living in the Bay Area, otherwise you potentially be looking at thousands to hire a lawyer in normal court.

Not necessarily.


> Most large national businesses can be sued in any state, but smaller businesses that are headquartered in another state, do no business in your state, and have no physical presence in your state can be sued only in the states where they operate.

Assuming you actually have been wronged Google will wind up paying all of your costs right?

IIRC, attorney fees are not typically allowable in small claims in California - wouldn't be surprised if there are exceptions.

In California, you're not allowed to bring an attorney to a SCC -- only to Superior Court -- so, obviously, there's no attorney fees when attorneys are not allowed.

Some other states do allow attorneys in SCC, however.

Stupid question: how does that work for the company?

They send a representative, probably someone from their legal department if they have one. The important thing is that both you and the company are arguing on much more level footing. You don't need to be thoroughly versed in court procedure, and the whole process is generally a little more lax than in superior court.

With that said, the company can still pump tons of money into things behind the scenes, but because the stakes are so low, and not necessarily precedent-forming, they're not likely to actually invest that much money into fighting you. And even if they do and you lose, since you brought the lawsuit and there are no attorney fees, the most you'd end up spending is the court fees (potentially the company's court fees, but those are minimal too.)

Why would attorneys be disallowed?

To level the playing field. The idea of Small Claims Court is to have a cheap way to resolve monetary disputes, without having to rely on complex procedures and expensive lawyers. So, since you as an individual wouldn't have a lawyer when you sue someone for $300, it wouldn't quite be fair if the company was afforded one.

Keep in mind that anything you take to a Small Claims Court you can also take to to a Superior Court, where only lawyers are allowed, unless you're an individual, and are representing yourself.

Not every state bans lawyers from SCC. But in California, you'd only face a lawyer in SCC if you sue them for not returning your money, or they sue you for not paying them their fees.

Not necessarily. The court would have to specifically include that in their ruling.

Maybe a good idea for most of us, probably a bad idea if you work there.


Because they could fire you?

Sounds like they might not be employed there much longer


IANAL but that sounds like something that'd end up in big boy court for wrongful termination with a lawyer on deferment.

Not if they talk about it in terms like "team energy" or "culture fit," right?

In most places in America you can be fired for no reason at all.

This story is just absolutely ridiculous: The poster _works at Google_ and even tried to escalate internally for days, to no avail.

I would have thought ensuring that workers at google, getting absolutely no special access to specific other accounts, is pretty much the most sacrosanct rule.

i.e. Google's unlikely to hand over the dossier they've assembled on 'what your husband has been up to that we considered bad enough to shut down their account'

Most definitely not saying this isn't a false positive - but the handling process for it it must assume it's a positive.

Now why the poster's husband can't get the info - that is somewhat worrysome.

Sure, to me the ridiculous part is:

- it's weird to be mistreated by your employer's own product (just the irony bend to it)

- if you want to appeal after a dead end, your choice is to make a huge public PR nightmare, or try to make an internal post/plea that gains traction. you'd be doing your own employer a service if you could have this issue resolved without a PR nightmare

I guess Google's ToS is between the employee's husband and Google and not the employee, the employee's husband, and Google. So there is no authorization for some random employee to "check up" on their partner, even though it sounds like escalating internally should help. (It should at least trigger, "we'd better look into this very carefully", though. If it didn't, that sounds like a problem. If it did, and the result is "yeah, this is legit", that's a very awkward position for everyone.)

I was in a similar situation when I worked at Google. My brother kind of disappeared, and my family asked if we could at least check if he logged into Gmail. I asked and was told no, and I understood why -- it's up to my brother to share what he's up to, not Google. (My brother was fine; just didn't like replying to email or answering his phone.)

Oh certainly not "check up", but try to get a human to look at it and respond to the appeal with more than boilerplate.

This is different though, his husband can't get the records himself.

I don't think it was a rule before, and I don't think it should be a rule now. This is missing an important opportunity to debug the process, since you have a separate way of finding out what's going on.

If you're not going to use that data when you get an opportunity like this to fix something, what's dogfooding and "trusted testers" all about?

It's sticking in your head in the sand out of a misguided attempt at being unbiased, instead of fixing things.

When i worked there i got my blocked payment acc unblocked with an apology pretty easily. I cant recommend using google payments (or anything other than gmail) anymore though

Someone posted a video on YouTube showing them bullying and humiliating one of my friends. I helped her report it. YouTube ignored it. I worked at Google at the time. I filed an internal ticket and YouTube ignored that, too. Years later, the video is still online.

Companies serve the shareholders. Shareholders want to spend as little money as possible on user support. I think new regulations are a good way to solve this problem for everyone. US consumer protection laws need updating for the Internet age.

I would lose my mind if this happened to me. Can't imagine how frustrating this would end up being.

That's why you should have email on your own domain. If they lock you out you can quickly-ish migrate to a different provider without losing your email address. Not a solution but definitely softens the blow.

Google allows this for GSuite at $5/mo I think.

That is my arrangement and I've had it in place so long I don't even have to pay the $5, I have a free private GSuite on my own domain (yes they offered this to everyone 10+ years ago). What I realized today though while reading this story, is that my DNS account is backed by this same GMail account. What if I'm attacked and someone locks out my DNS account at the same time they take the sort of criminal actions in my account that that would get Google to shut it down? I could lose my domain and all my email forever. I think I'm moving to Fastmail.

i actually think it's useful to create a flow graph of all your most critical accounts, and how you might recover them if lost. If you find many of them flow back to an account you cant control and may be shut down for arbitrary reasons, may want to reconsider your recovery/hierarchy.

Thank you for bringing this onto my radar. I will do that this weekend, get a good email address for the most important services.

Yes. But make sure you don't use Google Domains to host your domain. Otherwise your domain will be locked too.

yeah I have ProtonMail with 2 custom domains. It's decent I have gotten blocked from sending emails to Google custom domains. Total bullshit IMO, I think they do it on purpose.

Me too. This anecdote is the latest grim reminder to me that I really should be keeping my offline backups up to date, just in case.

Well IMO it kinda makes sense that internally of all places you might actually make it hard to address it along that specific path to avoid any kinda of local shenanigans.

There's ... some daylight between "internal escalation through channels" and "shenanigans".


I guess they get the same treatment

IIRC there is a special user support forum for Googlers, so it's not the same treatment.

Every time a "Google banned my account" thread comes up, I like to point out that my Google Adwords account was banned once. I filed an appeal.

It's been 20 years this month, I'm still waiting for a response.

We were spending around $800k/yr just for a single group of car dealerships through AdWords. We registered Google accounts for each dealership, we added them to each dealerships' AdWords account so they could see where and how their money was being spent.

One account from the middle of the batch, while I was the _only_ one with access and definitely had not done anything unusual with it (and certainly nothing we hadn't done with the other half dozen accounts) was banned before we could provide it to the client.

I opened a ticket with the accounts team and didn't get a reply. I escalated through our AdWords contact since account support was, as expected, useless. Figured given overall our company spent millions a year maybe they could at least get this looked at. They were apologetic, but realistic in telling us that there was basically nothing that could be done and it was unlikely anyone would ever respond to the ticket so we should probably just register another Google account and cross our fingers that one didn't get banned.

Found the old email the other day. Just passed 6 years with no response from the accounts team.

I've read so many AdSense horror stories that, whenever I thought to use AdSense, I just gave up out of fear of "tainting" my account. Between the fraud false-positives and accounts getting locked (or even lost), it never looked like it was worth the trouble.

Same here, and they owe me quite some money. They absolutely know it because they then had the audacity to send to my physical address a voucher for adsense after banning me for allegedly clicking on ads, which I never did.

Now every time I have the opportunity to make a case against using any Google service in a business I'm working in... and I worked in a few big Telecom and IT businesses for the past 15 years, like the first internet provider in my country.

That's what they denied me for too. Claimed I was clicking on my own ads.

It's so incredibly frustrating that no one at Google seems to care about this. They don't even acknowledge this as an issue to be addressed. It amazes me that their callousness still hasn't backfired further.

I was on the receiving end of a similar issue with Google Pay Support for Android and it took weeks for Google to unblock in-app-purchase transactions, even via internal escalations from friends who work there. I guess I should count my blessings that it got cleared up at all.

The casual cruelty and opacity is just ridiculous. Surreal and bizarre that this extends even to their own employees. I really do hope this finally serves as a wakeup call for Google, but I'm not holding my breath.

I have a good friend at Google. The motto they go by is that unless 10000 people are impacted by an issue, it's really not worth their time to investigate.

Just create a new account - no one is ever going to care.

OP works at google, so at least one person at Google cares about it.

I remember, long, long ago (2011) there was a similar story about a Google account that was banned, and Matt Cutts himself looked into it and came back with a boring, corporate, legalease answer that was most unlike him.


The underlying reason in that instance, was the mistaken identification of childporn.


> Matt Cutts

That’s some nostalgia for me, used to read almost every post of his blog. I see his last post was about an year back.

I have been thinking about this for a while. Considering I prefer to keep the important data/emails on Gmail or Google drive for security and I really consider it important. Would it help if Google had a paid tier?

Say, if you can get into an annual plan, similar to what's there for hardware devices like Apple Care+. Just that, in this there is someone to help you through issues.

We used to pay 10% of our AWS bill for the AWS support plan because when you needed the help, it really made sense to have someone looking at it with some SLAs.

A second option is, Google can just make consumer Gmail as an ad free paid service and then provide support for it as well. Plenty of people are paying $10/month for email services, so we have a price point that works for people. Email is very crucial to online identity, and I would trust Google the most with security among the other providers so I would happily pay for it.

Edit: As someone pointed out, they have Google One at least for storage. It has proper support. Maybe it makes sense to extend it for other services as well. https://one.google.com/about

> I have been thinking about this for a while. Considering I prefer to keep the important data/emails on Gmail or Google drive for security and I really consider it important. Would it help if Google had a paid tier?

It wouldn't, because Google is averse to any kind of customer support even for paying services. Even the "support" people that get attached to highly paid YouTube, GSuite, and other accounts get regularly stonewalled like this person and cannot help.

The only solution? Make sure all of your data is always backed up somewhere else.

That's a partial solution. The author noted that account logins tied to the google account would no longer be usable either. The sites can do nothing to help that situation, since most sites do not have a way to "transfer account". I could not imagine losing access on a potential grand scale like that.

True, the full solution is to NEVER rely on Google as a single point of failure for anything. Which means backing up all photos/documents elsewhere and never using your Google account to auth with another service. I've always avoided tying my Google account to non-google services for just this reason and haven't ever had it be a problem.

At this point we've all got these 10 year old gmail accounts that we've used as the recovery email on 1,000 websites, and while... I guess it isn't really a big deal to lose a reddit or ycombinator account, it'd be nice if there was some other option to use as the recovery email for online banking that had the stability of google.

I'd happily pay for some sort of assurance -- "if you violate our TOS, we'll just put your email in receive-only mode" or something like that.

Buy a cheap domain from Gandi for 10 years. They provide free email and DNS. Use that email for anything you care about. Stop using your gmail account and forward your gmail to your domain's email account. Gradually, you'll switch your recovery emails to the domain that you own and control.

The other nice thing about this is you can be bob@domain.com rather than bob2746293@gmail.com and you can provide email accounts to your family and friends.

That's still a SPOF though. Over the years I've had various letters from registrars and registries threatening my account due to missing information or new requirements.

GANDI themselves once accused me of ToS violation because one account uses my initials ( as on my bank account ) instead of my forenames that they demanded. I migrated everything out of that account ASAP.

Ideally you need two completely different domains ( to avoid potential trademark issues ) in two different TLDs at two registrars.

The service is a tool. I would not "never" use a battery powered drill upon it's first power loss. It has it's use case. It is important to understand the limitations of any tool. This author helps us all understand the limitations of google.

>the full solution is to NEVER rely on Google

You should have just put a full stop after that.

To be fair I had a lot of trust in Google. Now, seeing these cases I'm thinking about starting moving my important stuff to other services...

Have you not seen all the similar things that happened over the years? This is not a new thing, it’s SOP. And though I think Google is especially bad, don’t ever have important data with a single company.

Start sooner rather than later. It's extremely hard to get off of them once you're tied to their services.

I'm basically down to email and some old Google Drives I need to clean out. Found a project in this thread that should help me with the Drives, just working on email now..

s/other/your own directly managed/

Fully agree. I have a small business that spends 2k/y on Adwords, and support is an absolute joke. I have a significant stake in another that spends 50k/y, and support is the same - terrible. And it's even a challenge to get the bad support - you've got to hunt and jump through hoops to get to communicate with an actual human.

I've heard support is much better for GCP - but for me, the whole Google brand is tarnished, and because of my experiences with Adwords, I always choose Azure and/or AWS over GCP.

We were spending a couple million a year (admittedly, this was probably 5 years ago now I was dealing with this -- so could have been the dollar amount, could have been the timeframe) and never really had a hard time getting a hold of a human. And the ones we got a hold of were generally pretty attentive and actually understood what we were talking about, and could even help most of the time.

However the reps were pretty up front that as soon as a support issue crossed the line onto any other team at Google... you best just figure out a workaround, because even once we'd already crossed the threshold and had someone inside Google working on our behalf, there was just nothing that could be done.

And yeah, this has led me to be extremely resistant to moving _any_ infrastructure we care about to GCP. I have zero faith my account won't just be suddenly banned one day with no effective recourse. And I'd also never recommend any "paid support" option they offered like some people are suggesting they provide, because I'd have no faith in their support team being able to actually solve the sorts of issues that are hard for people to solve on their own.

> The only solution? Make sure all of your data is always backed up somewhere else.

Whenever there is a systemic problem, fixing the system is always a better solution than trying to fix individual behaviors. Backing things up is a good idea but that doesn’t fix the problem, it just helps mitigate some of the effects of the problem.

You can pay them millions of dollars a year and they don't give a shit.

As a GSUITE admin, they absolutely do. ...usually.

No. You should be backing up your Google digital artifacts to local storage or an object store you have access to and can control access to (for example, my partner knows how to get to our Backblaze B2 storage buckets and request a USB drive of all the data if needed, which contains a lifetime of documents, emails, voicemails, iCloud photo backups, etc).

If you insist on using Google, keep backups elsewhere. You cannot rely on them for support (although you might be able to get it, don’t count on it).

What is weird to me, is that you can't really back up Google Docs, Sheets, etc. because as far as I know, the document format is closed. I understand you can use Google Takeout, but documents export to Word, drawings to JPG, etc. You cannot continue with the original elsewhere.

That's right. What you can do is use Microsoft Office formats, but Google makes that rather difficult. You have to download as Excel/Word then upload the file and delete the original Google Docs document. You can then edit the Office document in Google Docs/Sheets (with some limitations on collaboration I think).

I found it easier to move everything to Office 365. Google Takeout can export all data directly to OneDrive without having to download anything.

> What you can do is use Microsoft Office formats, but Google makes that rather difficult.

This right here is amazing and describes very well the moment in time we are living in. When using a Microsoft file format is [righly] considered the "open", "friendlier" option it really means the alternative [Google] is terrible. Microsoft used to be the Evil Borg that had everything proprietary.

Several years ago Microsoft (rightly) saw the writing on the wall that the way they were going to compete was to be the open solution to everyone else's walled garden. It has been a strategy that has worked out fantastically well for them and honestly MS is one of the very few tech companies I still have any respect for.

I've been a Google customer paying thousands per month and support was nothing more than lipservice. None of the support agents could do anything and I had to wait for an "account specialist" to reply every 24-48 hours with non-answers and requests for documents that I'd already sent 3-4 times again and again.

Support and customer experience is an afterthought for Google. They probably don't set out to be cruel, but they're very cavalier about incidental casual cruelty.

If Google won't do it, why hasn't a 3rd party stepped up to provide the service? I'd gladly pay a trustworthy company a few dollars a month to automatically backup my gmail, google photos, and google docs. I don't want to do it locally, since that puts me on the hook for assuring physical safety and backups of my backups.

I suppose I could roll my own solution, but frankly I get tired of maintaining my one-off projects like that after a year or two.

> I don't want to do it locally, since that puts me on the hook for assuring physical safety and backups of my backups.

Regardless of where you store your personal data, the proverbial buck always stops at your desk when it comes to assuming responsibility.

Paying someone else to store your data gives you someone to hold accountable to what happens to your data. But that accountability is always limited and doesn't dismiss you from managing that relationship. For instance, the other party is still entirely free to bring terms and conditions to the table, which are meant to mitigate liablity as far as the party which will host your content is concerned.

Put more succinctly, even when you rely on a cloud service, you're still on the hook to assure safety and backups of your own data.

> I suppose I could roll my own solution, but frankly I get tired of maintaining my one-off projects like that after a year or two.

Yeah, I'm gonna prod you on that one. :-)

For e-mail, you could run an script once a month that harvest all your e-mails over IMAP and roll them into TXT, HTML, EML,... whatever. You could go for one big file, or discrete files. You could even pain yourself and fit everything in an mbox file. Roll everything in a ZIP or TAR ball. Then you'd store output file in whatever service you want.

You could spin up a VPS, provision the entire thing and set up a script that does all that as some service or cron job or whathaveyou. Now you've got an entire stack to take care off. Not what you want.

Maybe this is a good use case to go serverless. You could string something together using AWS serverless. Write an AWS Lambda in Python or Java. Should be one single script. Store your e-mail backups in S3 or somewhere else.

The idea of such a solution is that it just runs in the background and it runs in a robust fashion with not too many moving parts. So, here you have something running indefinitely as long as the bill gets paid. Or amazon doesn't cut you off. But at least you've now got your e-mail mirrored on two independent services, which is marginally better then where you are right now. The only other major constraint here is being able to restore your e-mail from that backup in case of disaster.

This is a project I started working on but never finished. The problem is that people didn't care enough to pay for backups because they (are conditioned to) believe that Google is already safe and won't go away. The cloud is this magical thing that saves everything and unfortunately they don't realize otherwise until it stops working.

Because it costs more than a few dollars a month. The net cost to users for Google is zero (or a token amount) because Google makes their money from data mining and selling your meta data.

Email addresses and inboxes are important to people. They are critical to our online identity.

Wiki mentions Gmail having 1.5 billion users. Imagine even 100M of them paying $100 per year. Makes Gmail a $10B product just on paid subscriptions, that is not a small amount.

Amazon cloud storage is $1.99/mo for 100GB. That's exactly what I get from Google(I pay $1.99 for extra storage).

Are you saying the software to perform the syncing costs more than a few dollars per month?

> Are you saying the software to perform the syncing costs more than a few dollars per month?

The operational costs could be more than that per user if you want regular updates. That's disregarding engineering time.

You need stable business with at least few people employed, to make sure the lights don't go out, and that people fix issues when they come up. Storage cost is probably only small part of the price.

You also don't want it to be VC backed because such businesses will not be worth billions. (and if it will try to become such you will have similar problems as google)

For a competing service maybe, but they're talking about backups. I find the bigger issue is that not enough people believe they need a backup for the "cloud".

> since that puts me on the hook for assuring physical safety and backups of my backups

Only in the event that Google locks you out, at which point you can create a new backup elsewhere. If Google has a copy and you have a physical copy, then Google would have to lock you out at the very same moment your house burns down for you to lose any data.

Google does have a paid tier and they have terrible support unless you're at the enterprise level.

Google One was absolutely a nightmare experience for me. I signed up at launch, the service had severe issues syncing things. Took almost a week to sync backups that took Dropbox maybe a day. Then it kept flagging a ton of errors that basically said a bunch of my files couldn't be backed up. I talked to support and you do connect to a real person, but there was nothing they could do. then requested a refund, they didn't have the power to do that either. So it got escalated. I was told someone would reach out to me. That never happened. I contacted support again. Rinse, wash, and repeat I don't know how many times over a few weeks before the refund finally processed. During this time I talked to a manager who similarly had no authority to do anything. I was convinced support, though is a live person, has very limited authority and is really other there to relay basics on the product.

Google One is $20/year for the base 100GB plan. I pay primarily so that there's a direct line to support in case something happens.

Otherwise I recommend using your own cloud storage buckets and/or a local NAS to store your data. It's easy enough to backup and sync across all of them now with various tools and services.

For the first time in my life, I was able to talk to an honest to god support person over Chat for Google One support (I was trying to link my wife's storage w/ mine and it wasn't obvious how I'd do it).

Storage is paid, so I assume support is available.

Thanks for reminding about that. Seems like a no brainer to me that they should extend it. Google has so many tools that I depend on that I will happily pay extra for them in such plans.

I keep my stuff on one drive, I find it better than gdrive. I think it's harder to google than MS to delete my stuff out nothing.

Why would Google treat a TOS violation differently for a paid account?

I think the hope is that you'll have better customer support options if you're actually paying them money, rather than the block hole that is the support for their free tier of products.

To be honest, I don't understand this. Why should someone paying for a product get better support than someone who doesn't? I understand companies which sell plans so that some users can have priority support, but quality should not change according to how much money you give. It's absurd. Everyone should be in the same boat.

> Why should someone paying for a product get better support than someone who doesn't?

In my experience, people transfer money to other people in exchange for items or services, and vice versa.

The quality isn't changing (and it's not that great to begin with). The free users don't get any support at all.

Yeah, but welcome the real world where this is pretty much rampant.

Want support for working with AWS? The more you pay the better it gets.

Maybe there was a TOS violation here but it would help if someone can explain what went wrong with some SLA unless there is a reason they can't reveal it.

Google provides a mechanism to appeal. It’s impossible to appeal if you don’t know what happened, or if you were hacked, or whatever.

I’m guessing here, but if one were to write that one is unaware of which transgression against the hallowed TOS one has committed it’s possible that a dialogue may ensue... though considering everything I’ve read so far in this thread and others like it, I seriously doubt that.

The only way this stuff ever works is that you have a signed SLA (Service Level Agreement) and the lawyers to back it up.

This is why I moved off of Gmail and Google Drive for important things.

There was a story a while back where someone had Google One, had their account disabled, and couldn't use Google One's support because they needed a Google Account (that was disabled).

If anyone has a Google account, you need to Takeout regularly.


If only it worked... https://i.imgur.com/FKFa2l7.png

I probably could try to bisect if there is a specific type of data that prevents Takeout on my account, but I haven't bothered as I think I have all the important data otherwise backed up.

I had the same issue and bisecting it helped to find the culprit (although I don't remember which one it was right now)

If you live in the EU just send them a GDPR request, they'll have to give you a dump within some timeframe. If their bots redirect you to their download UI, contact your regulator.

I do. Seems like that would not be too much work, so I think I'll do just that. I'll try Takeout one more time, and after it fails (it takes a few days) I'll submit a request via their data access request form.

Several Takeouts may work: a gmail-only archive, a photos-from-only-last-year archive, ...

You have a tiny window to download a huge archive and you can't restart the download.

In theory it's great in practice you don't have access to it.

You can now link the takeout to another cloud provider (e.g. Dropbox or Microsoft OneDrive). And configure the takeout to take place every two month (for up to 6 times).

So you just need to configure the takeout once a year and you'll automatically receive a backup once every two month.

This is nice, thanks for pointing it out. It's a shame though you can't export to something like S3.

I just turned it on and they can now transfer the files to Dropbox or another storage provider.

This helps mitigate some risk but if you're using OAuth or rely on receiving future emails via your @gmail.com account you're still out of luck regardless

This. We need to create an email portability system (like there currently is with mobile phone numbers)

Just use a custom domain.

Do Google employees realize how disgustingly evil their customer service is? Forget their free services for a second: you can even be spending big bucks with them every month and be randomly blocked by algorithm with no human recourse. I understand that Google can’t feasibly provide free tech support for the entire Internet as they’d probably have to have a million employees just answering phones and emails all day long. What they need to do is find some number (whether it’s $5, $25, $50, or more I have no idea) where they can charge for real customer service. Businesses get shut down and people lose their jobs because of some ad issue they can never find a way to get a solvable problem resolved. It’s sick that Google has gotten away with this for so long.

When I've talked to google employees what I get is they think customers that have issues are trying to scam something. And that allowing a human to try and sort the problem would just enable that.

The amount of money you need to pay google a year to change that attitude runs in the six digits.

I can understand being wary of social engineering and scams, and at Google’s scale it’s almost impossible to imagine how many problems they have to deal with every day, but I think that’s an excuse to duck out of solving the problem because it’s not sexy enough for a Google employee to get a promotion for solving. Google wants to provide

Here’s the reality. Cable companies have methods of verifying their customers identity when they deal with support requests for private services. Banks have a very good verification process. Phone providers use tools like pin codes and other methodology (see https://www.removemyphone.com/learn/prevent-your-phone-numbe... for instance) to solve this problem. Domain name services (even Godaddy and the like) have figured out how to largely solve this verification problem despite their numerous other shady business practices.

Are you telling me that Google with their many geniuses can’t find a technical approach to dealing with this? We have multi-factor authentication and other tools. People are willing to pay money for human support.

I can’t believe that Google can’t figure out some means of providing this. Their refusal to me is one of the most evil business practices on the Internet while they pretend that they’re the paragon of virtue. It’s really sick to me and hopefully this case is a wake up call to at least one Google employee how backward and customer unfriendly their overall practices are.

> What they need to do is find some number (whether it’s $5, $25, $50, or more I have no idea) where they can charge for real customer service.

They've done that, as they have both business and personal (the latter as a component of Google One) paid support plans.

Your problem isn't Google customer service. Your problem is that your business is, if the case is such, wholly dependent on Google and you can't switch to a different vendor.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact