Hacker News new | past | comments | ask | show | jobs | submit login
Google users locked out after 15 years' use (businessinsider.com)
1087 points by eitland on Nov 2, 2020 | hide | past | favorite | 695 comments



Not completely related to personal accounts being banned, but something that happened to me recently:

I started a side business with some friends during lockdown. We created an online store selling some hard-to-get long tail items, and almost instantly got some traction and growth thanks to Google Shopping. A month ago we received one of these generic automated mails that our account is banned and we were misrepresenting ourselves or a product with no details on what we did wrong. We went through the T&C's in some detail and we think we did everything they asked, and we have no idea what we didn't do well enough. We also checked in with every single client and we had near perfect scores on trust pilot, I can't recall a single incident with a client.

We've been contacting Google almost daily but almost never been able to find a human to talk to. Through unofficial channels we've found a few people in Goolge but whenever they gave us any advice on what to do it's always "off the record" or "you didn't hear it from me". Something is very rotten.

There are always replies on here about not betting your entire business on Google. Google shopping gives 2 orders of mag better conversion than any other channel we tried. For search-to-buy there really just aren't any alternatives and if Google decides to lock you out your business is basically dead. Lucky for us it was a side hustle. Here in Africa e-bay and Amazon aren't options.

More scary, since then we've found TONS of businesses in our country who have suffered the same fate in the last month, and many are well-established, popular businesses now facing existential threat.

It's incredibly scary that Google's moderation bots can be a single point of failure for a business employing 20+ people.


I had a great blog that started getting me over $2000 per month from Google Ads (several million views), then suddenly after 3 months it dropped to $300 with the same amount of views and never gone up. No matter how much promo I did I would never get past $300. It seems like Google somehow put restriction on my account without any explanation. Eventually my blog died (also because Facebook capped organic reach of my posts after I stopped buying ads. I had tens of thousands of followers but content they shared would never reach their friends after I was no longer a paying customer. Pretty shady stuff). I decided to not contact neither Google nor Facebook about this, because I was worried they will ban me and I needed access to GMail and Facebook (to talk with family). I really hope these companies get properly investigated, because they have unregulated power of altering the markets to their favour. This power should only be reserved to governments and if Google or Facebook are so big, they need to be divided and their business space heavily regulated.


My parents have a business selling low-carb cookbooks online. They used to do very well because of the organic reach they had on Facebook (they have 1 million likes on their page). Posts would routinely have reach in the millions. One day Facebook changed their algorithm and their reach (and revenue) dropped over 10x. They've been limping along since then, and are planning to retire. It's tough having a single point of failure like that.


Facebook's moderation rules have determined that Keto and Low Carb aren't scientifically supported, so now tend to suppress resources that proliferate those views.

I emphatically don't agree with this, but this seems to be the line of reasoning with a lot of things. The reality that much of science is never truly "settled" doesn't really matter.

On the one hand, I feel there are a lot of leeches to society that hop on trends to pull money from unsuspecting victims and under-delivering. On the other, I am very much opposed to corporations that half the population uses daily acting as broad censors of information.


What also probably happened is that Facebook changed their algorithm to reduce organic growth to push businesses like this to spend more on ad money. They've been doing this for a few years now, and have been aggressively doing the same on Instagram.

Love or hate TikTok, the reason it's become so big is that their algorithm actually promotes organic growth instead of hindering it.


That is also entirely possible... I have seen some specific statements regarding my assertion. It's entirely possible to be either, both or a mix.

In any case, I'm using FB and Twitter far less these days than even a couple years ago. I happen to like debate, and discussion of competing ideas. Now it's all ad hominem attacks and vitriol. While I do sometimes engage, I simply don't enjoy it and don't fit well into the echo chambers.


Maybe because all the reasonable people like yourself have left, and took nuance with them. Now it's just the shouty people that remain.


AFAIK the FB algorithm also prefers posts from friends over posts from business pages, since that's the content that people prefer seeing.


That's my parent's theory.


Wow I never thought of that possibility.

I can't stand the censoring by tech giants. It's applied unequally, there is no recourse, and it merely serves to enforce the orthodoxy and drive dissent underground. Honestly it's like the church in the middle ages. What a dystopian moment we're living through when monopoly corporations wield that power in society.

Facebook specifically can go to hell. They're making money by selling people's precious time to advertisers at pennies on the dollar. Jewel thieves pawning stolen goods at 10% of their value is less wasteful to society as a whole. I know they don't force anyone to use their services, but neither do the tobacco companies. They just get people addicted to their product. Just because it's legal doesn't make it ethical.


I used to work on adsense. There is no facility for an "earnings cap". Your revenue is the literal sum of earnings from every click on your property. While ads are showing and being clicked on, you will always be earning more.

If I were to guess, you failed to implement ads.txt and/or your content didn't meet the standards required by some big advertisers, so auction pressure was very low for your site.


So you're saying he was smart enough to grow this revenue to 2000/month, but, in the meantime forgetting something that basic - and the system caught up with him? If so where was the system before?


There have been big swings in advertiser behaviour in the last few years. One big advertiser changes their policy to "no longer include sites about LGBT issues", and suddenly a blog about that could see revenue drop 90%.


In the past, the advertiser would likely to tell that to the people selling ad space.

Then, they’d suffer political blowback for being anti-LGBT.

It sounds like Google is laundering third party behavior that is further dividing our society.

Perhaps advertisers should be forced (by the government, on all algorithmic platforms) to publish their targeting criteria.


> In the past, the advertiser would likely to tell that to the people selling ad space.

Prior to ad networks that automatically match advertisers to display space, yes.

The thing is, though, prior to ad networks, there were a lot fewer advertisers who were interested in spending time and money on doing this song and dance with a slew of tiny web properties. Most of them wouldn't even bother.

You can have no ad networks, or you can have a long tail of low-prominence websites earn ad revenue. Pick one.


Before ad networks, we had a longer tail of low prominence newspapers and magazines than we do now.


1. Low prominence newspapers made most of their money from classifieds. Craigslist ate that business.

2. A low prominence local newspaper has local businesses advertising in it. Your local auto mechanic on Walker Street will buy an ad in a local paper, but they aren't going to spend a penny to advertise directly on your website, even if it has the same readership #s as the paper. Because 99.9% of your website's visitors aren't within driving distance of their location.

The ad network [1] solves problem #2, by making it possible for geographically-constrained businesses to buy ad inventory on websites that only get a handful of clicks from their geographical area.

Yes, ad networks introduce plenty of problems, as people in this thread point out. [2]

No, nobody will advertise on your 1,000-50,000 reader/day website without going through an ad network. Small advertisers aren't going to pay anything for an untargeted impression, and large brand advertisers aren't going to waste their time [3] on so few impressions.

[1] I am speaking about the industry as a whole.

[2] I could mention a few other problems that people in this thread haven't pointed out, too, but that's neither here nor there.

[3] Not to mention that without going through an ad network, and by directly dealing with the website operators, making reports of your ad spend + ROI becomes a colossal pain in the ass. People who work for large advertisers are just trying to do their job, and their job consists of making their boss happy. Something that does not make their boss happy is being unable to quickly say how much money they spent, and what they got for that spend.


Can we have no ad networks please?


Should it also be a requirement for the government to posts what preferences you look for in a partner on dating websites, what gender you prefer when searching for doctors, what race you prefer when looking for cleaning or child care assistance?


This is a ghastly and inhumane comparison.

Companies aren't people.


Oh no, you have hurt the companies' feelings!


Companies are groups of people, ranging in size from 1 to many.


A few million companies are 1 person:

http://www.smbceo.com/2011/03/14/25-million-small-businesses...

Not sure if they are people though


I think it is more ghastly and inhumane to think that companies that choose not to market to those they disagree with are somehow doing them a disservice by not marketing to them. They are doing them a favor. It would be completely different if they were saying they couldn't shop there, just like if you intentionally look for women doctor's to tell them that you think they are inferior or if you look for dark skinned people on dating websites to tell them you don't like their race. I personally see no positive effects from advertising whatsoever, and am better off if a company thinks I'm too old or whatever to sell their product to.


While I agree, it's also possible that certain ideologies don't actually lead to revenue from advertising in practice. If I'm selling a line of Jewish labelled clothing, then it doesn't do me much good to include pro-Islam sites in advertising. And although the above is a rather specific strawman, there are many other areas of advertising, companies and products that don't have broad appeal in a given category.

As a potentially better example, if a higher than typical number of LGBTQIIAA+ are likely to be vetegarian/vegan, then excluding them from meat based product advertising might be better use of dollars spent.

Just because an advertiser doesn't want to advertise among contentious groups doesn't mean they are being bigoted about their targeting, it likely comes down to not being worth it due to limited response from those markets.


No, he was smart enough to do whatever he did but lucky enough to get that payout. Over time, someone will always optimize for SEO, AdSense & shareability better.

Perhaps their entire strategy was accidentally optimizing for a keyword that was highly valuable for a short while, who knows?

For a short while YouTubers would mention getting a mortgage in the middle of their video just to improve the rate by tricking the algorithm into showing expensive mortgage related ads.


You're assuming that it was Google's system that changed, and not their primary ad buyers.


I've had similar issues with AdSense. Running a site for 10 years, and it was earning $250/day for years, then suddenly it dropped. For a while I had the same traffic and instead of 500 clicks a day Google would say I had 3 or 4 clicks. I contacted them, waited a month, and they said to label them "Advertisements" so users are not confused.

Well, my site is mostly text based and I have at least 50px of space around any advertisement, so they stick out like a sore thumb and are not confusing. Eventually the daily clicks returned, but then in the last year Google started taking back 80% of my revenue at the end of the month saying it's "Invalid Traffic". This is after years of it being around 5%. I've made no changes to the site, all the traffic is organic from Google search or direct visitors. I've never once in my life paid for traffic.

I contacted Google again, but they refused to give any information because they can't share specifics for security reasons. So, I'm left losing 80% of my revenue this year and instead of making about 50k after my bills, I'll break even or make a loss.

Since then I tried switching to another company that's an AdSense partner. Of course they take a commission, but apparently they can actually show me the daily earnings with "Invalid Traffic" removed, and not give me a monthly heart attack and remove all my revenue as a surprise at once.

So, I can see how little I'm making on a daily basis now, but I'm no closer to resolving the issue because Google refuses to give any answers, so I'm completely on my own and taking shots in the dark.

The other week I tried building a database of 800 million IP addresses using lists of all IP addresses from datacenters, VPNs, proxies, TOR exit nodes, and IPs flagged as abusive. This obviously took some time to setup and I stopped showing ads to these IPs because maybe they're bad sources of traffic? That didn't seem to help.

Then I tried setting up some Javascript to not load ads until the mouse moved or a user scrolled. Maybe that would help to prevent any traffic where a user is not at the computer? Nope, didn't work.

So, I'm out of ideas. Yes, I have ads.txt configured. Yes, I have a consent manager configured.

> Your revenue is the literal sum of earnings from every click on your property. While ads are showing and being clicked on, you will always be earning more.

What you said sounds simple. However, like I said, Google can randomly drop my clicks from a consistent 500 a day to 3 and give no answers. Or, they can tell me I'm earning $250/day and then when it comes time to pay a month later, they say they can only pay $50/day and the traffic didn't meet their standards. That's a big problem when they just spent the entire month outbidding all my other advertisers.

Lastly, the site I run is filled with great people. It's a community based website with tens of millions of comments. Users on average spend 10 minutes per session, the bounce rate is incredibly low, the average user loads 30 pages a day. People like it, it's full of quality content and posts, and users are writing new comments every few seconds.


> The other week I tried building a database of 800 million IP addresses using lists of all IP addresses from datacenters, VPNs, proxies, TOR exit nodes, and IPs flagged as abusive.

This isn't going to work well... Both Google and many advertisers will send bots to your site to scan the content. If they see javascript shenanigans going on affecting ad presentation, they'll do something between not advertising (reducing revenue) or permabanning you...

"Invalid Traffic" is nearly always some dirty business going on - either by you, or by one of your users, or a competitor, or even someone totally random hoping to blend their fraud in with some legit sites like yours.

If I were you, I'd hunt your logs for botlike behaviour and close any associated user accounts.


But maybe you don't have to be logged in to see ads? If so, then maybe changing that feature could help. Or at least show a majority to only logged-in folks.


but then in the last year Google started taking back 80% of my revenue at the end of the month saying it's "Invalid Traffic"

I wonder if they returned the money to the advertisers.


Did you have access to the entire source code and understanding of all services running the system? Capping could have been done by a service created by a team you wouldn't have access to and without knowledge something like that even exist (and rightfully so, as it would take one whistleblower to harm the business). So I am not surprised you would write that there was no such facility.


> Did you have access to the entire source code and understanding of all services running the system?

Near enough, yes. Sure, there are millions of lines of code, and I did not read every one, but I debugged enough issues that I'm sure I would have come across this capping effect if it existed and affected more than some dormant/test accounts.


It's possible to implement something like this and you wouldn't be able to find out, as a service sitting between the network and ad servers, it could even be embedded in an innocent looking load balancer. Why would you think something like that wouldn't exist?


Why would Google, internally, implement a feature as if they were maliciously attacking their own systems?


They could use that to suppress funding to websites that are not in line with Google world views and boost funding to websites aligning with their views. They could also use this to help website competitors who pay for ad words. My traffic also got down once I stopped paying for ad words, but the increase of traffic I was getting from ads, was nowhere near the size of the drop after I stopped using it. Then they capped the ad sense.


So they can not pay the content providers and pocket the advertising money?

Not saying that's what happened but there's definitely motive.


But people will always prefer to blame others and when you can blame a corporation for your problems its always an easier target.


While there is truth in your statement, can you be sure it applies to the GP's story?


I get the sense that this was related to the content of OP's blog. The fact that he was concerned that he would get blocked from gmail and facebook sounds like a level of paranoia, from my perspective, related to the content of the site that's why they didn't push farther. I do see how if you were naturally a paranoid individually you might be concerned about losing those connections, though seems high unlikely they would cut access unless you were putting up shady content.


That seems like a bad faith assumption without more evidence. If your gmail is your main way of interacting with the web then any user is going to be a bit paranoid about protecting it even when doing nothing bad or wrong.

Likewise just having content Google deems unacceptable doesn't mean you aren't owed an explanation of the policy. "Hey, sorry, we've decided that blogs on breast feeding violate our policies on content and we won't be allowing you to run ads" is certainly better than silence.


Maybe it is a bad faith assumption on my part and I don't disagree with you that silence on the end of Google isn't right and I am in no way a large tech company booster.

That said, my point is that there is likely something specific to the OP blog that is the reason for Google turning off the ad dollars rather than the counter argument: some arbitrary nefarious business decision by a large corporation to the shut down the owner's blog revenue source to the point that OP is concerned that they will be removed from the platform as a result.

I get the sense that the content is missing part to the story.


I once created a location-based file sharing web app [0] to simplify sharing non-sensitive content with people nearby, e.g. sharing slides for a public presentation with a room full of people. Anyone nearby just had to go to http://quack.space -- no funny long URLs.

I never monetized it, but it got quite a few users and I definitely could have started a path to monetization. I had ideas, such as incorporating location-based ads.

Unfortunately Chrome decided at one point it was malware for some reason. I have no idea why. On the backend I had a 1-hour time limit on files and didn't store either files or location data beyond that. Chrome would throw up a malware warning whenever someone visited the page, and that was pretty much the end of the project.

It's frustrating that they play gatekeepers to the internet, and they don't even have a fair arbitration process. They should have at least made efforts to contact the owner of the website. This should be downright illegal.

[0] https://www.producthunt.com/posts/quack-space


I suspect it was basically legit--somebody used it to try to spread malware, their spider found it.


How is blocking an application because of the actions of one user “legit”?

If their spider were treating sites fairly, it’d also block google search, and the chrome team wouldn’t budge on the decision even though the rest of the company collapsed.

I hope the anti trust investigators focus on these sorts of instead of some trivially-bypassed thing, like bundling.

After the botched MS antitrust suit, I’m not holding my breath.


Write your representatives ! Some of them actually want to help, they just legitimately don’t realize the reality of the situation on the ground.


Interesting. I blocked executable file types I knew of though. It's possible someone uploaded a MS Office file with a virus, a HTML file with a phishing scam or some such, though.

Still, I don't think it's right for Google to use their iron feet to stomp an entire website / product / small business / personal project just because of a small fraction of users abusing that service.

ALL services get abused at some point or another during their growth. Learning to deal with those abuses one at a time is a part of the growth of any product and nobody can be expected to have prevented all forms of abuse upfront. If the owners (e.g. me) were made aware of the specific piece of malware I would have definitely done something about it.


In my experience, a lot of malware scanners don't care about file types, they just look for patterns of bytes.


Exactly. The service was used to distribute malware and it got blocked by google and co.

There was a similar story last month about someone running a URL shortener. It started being used to obfuscate links to porn and scams. Then it got blocked by twitter/facebook and that's the end of the road for the service.


This, I think, is one of the most important things legislators need to look at going forward as they dig into the practices of companies like Google, Amazon, Facebook, etc.

The massive paradigm shift that occurred once these companies grabbed prominence in commerce is to go from a system where humans interacted with humans in business-to-business commerce to solve problems to a cold, hard, heartless and decidedly dangerous totalitarian algo-driven relationship.

In "the old days", if a publisher had a problem with an ad from advertiser they would contact them to discuss, let them know what the issue might have been and seek resolution for mutual benefit. I other words, adults doing business with adults.

Not so with these companies. They are brutal and cold and have no problem destroying any business at any time for any reason. I have seen this happen to acquaintances enough times on these platforms to be absolutely astounded that we haven't yet seen the mother of all class-action lawsuits. And it would be a big one.

I know people who have gone from having nice lifestyle businesses to loosing virtually all due to one of these platforms suspending their account with no explanation, no conversation and no recourse whatsoever. One day you are putting food on your table and taking care of your kids and the next Monday at 7:00 AM you are on your way to losing it all.

I've said this many times, I am definitely not for the government having their hands on everything. No way. However, this, to me, has become a situation where government needs to become involved ASAP. It isn't getting any better. We need legislators to exercise judicious control over some of these practices. These company have such command of the marketplace that if they suspend or ban someone they might as well not exist. That kind of power should not be allowed to be wielded as capriciously as these companies seem to have been doing for years.

I do understand that fraud and other issue are a reality of these businesses. Well, they need to figure out how to deal with that while, at the same time, being human and human in their treatment of those who depend on the access they provide for legitimate work.


Taking the meta-view: the cynical take is that you only care because you and people you know are in the crosshairs. If you feel that there's a role for government here, perhaps you should be more considerate of a role for government in areas you'd previously thought it unwarranted; clearly, it's impossible for any one person to have personal experience for all the ways people can be screwed over, and for which the only real recourse is intervention by the public-at-large (i.e., the government, at least in a representative democracy).

There's always a bigger fish, you just met yours. I'm all for serious reform (and even dissolution) at Google et al., but I also don't think everything will be hunky-dory just because America's entrepreurial upper middle class gets their satisfaction. While we're swinging the antitrust hammer, might want to take a look at retail and gig "employers" too.


I am not personally impacted, I just know of people who are.

Government isn’t the solution to every problem. Caring or not caring is irrelevant. Reaching for a government-level solution isn’t a good thing, just have a look at nations where government plays a much larger role.


Sweden?

The issue is that so many of the people who say "government isn't the solution to every problem," really mean, "government isn't the solution to any problems except the ones I personally can't buy myself out of." At some point we have to realize that issues that are substantially widespread or entrenched and mature/understood should probably be nationalized at their core, with the opportunity for innovation left to the margins. Trying to extract profit from healthcare or infrastructure in particular seems quite cynical and prone to unfortunate consequences in the name of chasing lower costs.


Sweden is far from a government-controlled society.

The problem with people in the US who have convinced themselves that more government is a good thing is simple: Ignorance.

I mean that as a statement of fact, not a pejorative.

Nobody who has ever lived under heavy government control supports these ideas. The only way they gain support is by pushing the fantasy of big government vs. the reality.

Context: I have lived under those conditions. The average American has no clue.


Another way of saying it is that such businesses have become governments unto themselves. Your account is your passport.


I wonder how vulnerable Google's practices are to corruption. Say you've got your new business on the up swing and one of your competitors has a friend at Google who they offer a bribe to shut down your entire business, at least for a few weeks under dubious or non existent reasons.

Seems like an extremely easy way to make copious amounts of shady cash if you've got that magic ban button at Google.


I'd imagine the average googler isn't going to be easily bribed compared to the alternative of finding some darknet service to figure out how to trigger an automatic ban by uploading malware to the site.


It would be lower wage support staff probably in in the USA not highly paid SV engineers.

Its the same in the UK where I used to work (British Telecom) criminals used to approach call centre workers to get info.


If this isn't evidence of a monopoly, I don't know what is.


The evidence of a monopoly is zero support for these services.


Well, maybe monopoly in east Africa, but that's hardly surprising given the difficulty of doing business there.


I don't think this is quite fair. I'm from South Africa, hardly a backwater. It's a problem anywhere where people mostly search to buy on Google. In the western world it is anywhere Amazon has local 3rd party sellers and relevant adopted user behaviour. Many places don't have that to the point where it's a real alternative to Google for search-to-buy(I don't know the real term to describe this behaviour) ads.


On youtube at least, competitors can flag videos as ‘ungood’ in a number of ways (copyright, hate speech, NSFW, etc.) to entangle their competitors in bureaucracy.


Not just YouTube. One of my competitors spent thousands of dollars on AdWords to send traffic to my site with an ad for something completely unrelated.

This of course led to bounce rates of 99%+ for all of this traffic, which dramatically increased my bounce rate overall.

As far as I can tell, Google used this as a signal that my site was a shady/scam site and removed me from the search pages I used to rank on entirely.

Took nearly 6 months to figure out the problem, and where all this phantom AdWords traffic was coming from.


Google shopping gives 2 orders of mag better conversion than any other channel we tried

Until it doesn't. All businesses should have a disaster plan.


You will be delighted to know that Google is one of the tech giants tasked with contact tracing for Covid.


> selling some hard-to-get long tail items

Was there anything potentially illegal or sketchy about this?


No nothing dodgy at all. Whatever we did wrong it isn't obvious.


https://console.developers.google.com/tos?id=androidpublishe...

Google Updated it's Terms of Service. On 3 Nov 2020

Please read terms of Api.


A good business will ALWAYS try to diversify their acquisition channels. I've analyzed/interviewed 400+ founders and what channels they use to get to (paying) customers [1] and this is a pattern I've noticed across successful founders.

Google Shopping is just 1 channel through which you could get customers. Since you're in Africa, my guess is that SEO is WAY easier than US/Canada, so that's a viable channel. Lack of ebay/amazons in Africa is an opportunity, because you don't have them dominating the top 10 SERPs. I could go on and on and on...

[1] https://firstpayingusers.com


Yes, we're doing all obvious advertising channels, and have some cash to put behind it. Dominating SERPS with very little effort since we're doing long tail. Our particular long tail means people are searching for very particular terms and buying the single item they are looking for, with this behaviour the business seems very viable(and exciting) by the growth google shopping gives. All other channels combined are very slow in comparison. We're continuing trying to optimise those in the meantime. But we've learnt the newish(around here, at least) advantage Google shopping (and amazon search, probably) gives in insane compared to the typical alternatives.


This is genuinely scary. Photos, Yale locks, Fi, WiFi and Nest thermostat can all be poof gone because I made a silly YouTube comment? How is this not regulated?

Google photos also 'helpfully' offers to delete your uploaded photos with 'some guarantee'!!!

If this isn't an indication of a giant shitty monopoly that doesn't care about its customers at all, I don't what is.

They have some AI ML fucking crap but can't figure basic user trust because that won't get anyone promoted nor grow some Director-level person's headcount.

Large promo-manufacturing teams that casually handle all your data. Pray to God that some L4 didn't get promoted doing some impactful work because they sure ain't gonna do maintenance work protecting your shit. Their motivations are not users, product nor team: manipulate some metrics to get promoted and move out. Horrible.


I got gmail accounts for my kids after they were born. My youngest, 12, attempted to sign in from a Windows PC in our house and was told that they could not verify that it was her.

Keep in mind, this is the same public IP address that we've had for ages. I am the recovery contact for the account since she is a minor, and have filled out the forms several times now, even giving the exact date and the "verification code" from when the account was created. We are now stuck in an endless loop.

She can still access her account from a macbook and from a linux desktop, but I fear once she is signed out that she will be locked out forever.

All of my important stuff (finance, etc) is in protonmail now, and I'm happy that I made that move.


The only thing worse than hanging your identity on @gmail.com is @comcast and the like.

If you can, your own domain backed by a fastmail or a proton is the sweet spot of easy and flexible, or at least an @fastmail, @proton or similar. With payment comes the possibility of human support, which I have received easily from fastmail.


I have my email going to my own domain, but can’t figure out how to ground it out in anything other than someone else’s tld.

So, now I’m in a situation where, if my gmail account gets banned, and the DNS provider decides to reset my password, then I’m permanently locked out of everything. I could point my DNS provider at my “real” email address, but that’s even worse, since needing to update the MX record could lock me out.

Does anyone have any creative solutions to this problem?


I would probably recommend two things: 1. Move away from Gmail as soon as possible, to a service like Fastmail or Proton Mail; 2. Have an email from that provider as the “last resort”, i.e. hedora@fastmail.com, while using your domain name based emails for most other things.

This doesn’t solve the “everything is in one basket” issue, but you don’t hear stories of these email providers just “closing” an account and causing immense trouble for the person, at least in part because they have actual support.


> I have my email going to my own domain, but can’t figure out how to ground it out in anything other than someone else’s tld.

What do you mean "ground it out"?

As a consumer, I suspect hosting a "holding" domain, and possibly email, with AWS Route53 DNS might be a sensible approach that wouldn't break the bank. AWS has policies on account and password recovery that even include a notarised affidavit.

It might help to further separate your AWS account from the Amazon account you use to shop with, since there's a chance Amazon might be trigger-happy with banning if you violate one of their shopping policies with too many returns.


> As a consumer, I suspect hosting a "holding" domain, and possibly email, with AWS Route53 DNS might be a sensible approach that wouldn't break the bank.

This is what I do.

Totally isolated AWS account that owns `my-account-recovery.com` in my country-code TLD (because I have legal rights and strong and easy access to appeals processes with that, so unlikely the domain could be wrestled from me and likely I could eventually regain ownership if lost).

I use Amazon SES for incoming email to simply drop all incoming messages as objects in a S3 bucket.

I have SNS notifications going out to my regular operational email whenever a new message comes in with the metadata (sender, subject, etc but not the body as that could contain actual reset/account recovery links) so I can keep an eye on what's coming in.

Haven't looked at my bills lately, but including domain renewal and stuff this is maybe $100/yr to establish this as a root of trust/access. Even if other accounts are breached/suspended/etc, I will still have access to this account and can recover my way down from there.

I'm putting all my eggs into the AWS basket here, but I've had a good experience with them in the past and I really can't find any examples of people being locked out of their accounts in the same way I can with Google. And I know from experience that it's not impossible to get in contact with a real live person when it's required to resolve an issue.


Shouldn't you still be able to prove your identity to your DNS provider through your name, address, birth date, security questions, past correspondence, bank statements etc.?


Use someone with backup codes.


Without going to the step of moving photos, mail, contacts, etc. off of Google services. Are there automated tools available to periodically export that data?


You can use the "download your data" feature of Google to download a copy. However you have to manually trigger the export. Also no incremental download so it can be a lot of data being transferred.

https://support.google.com/accounts/answer/3024190?hl=en

Edit: Looks like Google Takeout lets you schedule the download (ie once every month)


Unfortunately, you still need to manually download the data each time. There's no way to automate this. There's also no way I know of to directly upload a takeout zip to another service and continue. There's also a (generally long enough, except when you forget) time limit on downloads, as well as a download limit (have a crappy internet connection, and lost access to a file? Start a new takeout, wait for it to be available, and try again)

If takeouts could be configured to download automatically through Google drive, that would be amazing.


> If takeouts could be configured to download automatically through Google drive, that would be amazing.

They can. And Dropbox, and various other cloud providers.


Google does support delivery via email, Drive, Dropbox, OneDrive, or Box.

https://support.google.com/accounts/answer/3024190?hl=en


I love protonmail! I made the switch a couple years back and haven't looked back, with one exception- my city's utilities company blacklists protonmail, so in the handful of times I've emailed them (specifically there were three times they've shut off my water because someone with a very similar looking address didn't pay their bill) with proof of something-or-other, it supposedly doesn't make it to their communal or "personal" inboxes. This is the only time I've had this kind of problem though- protonmail has served me well.


If they’re incorrectly shutting off your water, read up on your legal rights, and then send a polite letter to their legal department and the local utility regulatory board.

Public utilities are highly regulated, and do not have the right to interrupt your service.


I agree! However I move at the end of the week, so I won't worry this time around.


> with one exception- my city's utilities company blacklists protonmail

Why do they do this? Did you contact them about it? I would say it seems, at face value, that your city's utilities company did not serve you while Protonmail did.


> that your city's utilities company did not serve you while Protonmail did.

That's fair- that's a better way of saying it. Every time I've had to email them (which admittedly has only been a handful of times) with proof of something, I always end up calling them up and they'll say "but protonmail isn't on the blacklist that IT posted, so you're lying or you sent it to the wrong place," then I'll send screenshots from a different email provider proving that I sent the protonmail email(s) to the right place, then they'll say "oh, I promise to talk to IT to get this straightened out."

It's pretty obnoxious.


There are a few things that protonmail is not good at, but I guess I've learned to live with them.

1. You can't search message content. gmail is very good at this, so I've had to become more organized to make sure that I can find a particular message in protonmail.

2. Notifications on mobile do not clear if I've read the message on another device. I have to open up the app and sync to stop them from popping up with outdated information.

3. I wish that there was a way to mark a message as archived and read from the mobile notification.

Other than that, I can't complain.


all these issues sound more like client issues than protonmail service issues. why not just use a different email client to connect to protonmail, such as Spark?


Because they don't support standard protocols like pop3, smtp and imap. It's why I switched.

(They do have Protonmail Bridge now, but it doesn't work great for alternate mobile clients unless they've changed it)


Protonmail integrates with its client (web app, iOs/Android app), unless you use the additional Protonmail Bridge service.


The only issue I've ever encountered with Protonmail was Digital Ocean. For some reason receiving a password reset email through Protonmail took forever. I thought I'd entered my email incorrectly, but nope. Eventually came through, but from what I could find, it was a known problem.


Have you switched on your someuser@pm.me account? That at least doesn't have protonmail in the name.


Did you sign up and enter a fake birthday? Google doesn't allow creation of real accounts for minors under 13 years old unless you use family link[0].

0: https://families.google.com/familylink/


Of course not -- Family Link was introduced in 2017 and this account was created in 2008. I don't remember the specifics, but I do recall having to provide my information since she was under 13.

edit: Family Link is also for android devices and chromebooks. She doesn't have a phone / android device or a chomebook.


I did sign mine up using fake birthdates well over ten years ago, my children are 13 and 16 now.

Long story but fairly serious legal issues issues with their mother making false claims of care/activities etc and needed things like calander and location tracking services and this was just by far the easies way at the time. For safety reasons I put a forward to my gmail of all their incoming emails, once again best known option at the time.

I sense a problem possibly looming, but not seeing that coming clean and engaging with Google likely to be a happy experience.

Anyone got any advice, other than abandon current accounts?


God, the dreaded endless loops. I've had it in Music, Play and several others. More fun is when a human enters the "loop." Yes, I've cleared cache and cookies, yes I've rebooted. In fact, with Music I'd even bought a new computer in the meanwhile, since the loop happened for literally years.


> How is this not regulated?

Cue the "businesses can choose who they do business with!" and "if you don't like it, build your own!" people.

We signed up for many of those things individually and they've connected them more and more. Now we have a single point of failure that can take down everything across all your sytems.

And it's not just those. Don't forget about Google Voice, Android, and every service where you used "sign in with Google"


How novel, for the "product" to demand rights and regulation. :-(


Business should be allowed to choose who they do business with, they already choose to do business with these people. The problem here is they want to unilaterally have the power to termination the business relationship

This is a problem with one sided none negotiable terms of service being considered valid contracts under the law

They should not be.

We need to change data ownership laws, and force companies to do vetting on Account Creation, and put in provisions on how accounts can be terminated once a company accepts a user owned data. i.e Accounts must have a human reviewed appeal process, with full and articulated reporting as to exactly which rules were violated, and exactly what activity was the violation. And have a View Only data Take-Out period

At a minimum


Exactly. This isn't so much an issue of "Companies have the right to do what they want (within reason)". It's a typical issue of monopolies and dealing with a large, faceless corporation. Anyone who's ever dealt with any corporation of any significant size can tell you similar stories to this.


> This is a problem with one sided none negotiable terms of service being considered valid contracts under the law

Are they even valid contracts now? Many gmail accounts are missing consideration or capacity -- which are required elements of a valid contract.


In fairness, at least for consumers, the only hard to replace Google product is Android.

eCommerce and ad supported businesses that want to avoid Google are screwed though.


One of the big problems is that if you have all of your eggs in one basket, there are much more chances to fuck up and get banned. If I post some shit on YouTube, that is unconnected to my Fastmail account. However, it is connected to my Gmail account. If I get Zucked from Facebook for posting dumb shit, and dependent on Messenger to communicate with people, I'm fucked. By diversifying your compartmentalise your risk.


I agree; from my non-lawyer perspective, it is this sort of thing (rather than search results or Android App Store policies) which harms consumers.


This raises a question. If you're well marinated in Google services, like me, what do you do? Is there a comprehensive, simple, and easy way to port everything?

Perhaps there's some authoritative site about what exactly you need to do?


My two cents would be don't worry about a comprehensive degoogling plan. Just chip away at stuff until you feel like the risk level is acceptable to you.

For me, that started with email. Email is a root for a lot of your digital identity.

I can't guarantee access to @gmail addresses going forward, but I can at least _start_ fixing that problem. I picked up a new domain, hosted the email with someone else, and set all my other accounts to forward to it. I updated a few really critical things right away, but for the most part it's just as I go log into various accounts with the old email address, I update it.

I didn't really bother trying to migrate the email out of my gmail account. Instead I did a bulk download from Google Takeout so I know I _can_ access that old email if I really need to find something.

Six months or so in, the bulk of my identity is now tied to a domain that _I_ own, and email hosted with someone I can trust more than Google.

It's not perfect, but already the impact if Google were to suspend my account has dropped immensely.

Cutting Google completely is something you do on principle. Instead, just look at what the impact of losing access to various services would be and address those specifically. (E.g., losing drive? Switch to NextCloud if availability is a concern; or set up a regular Takeout download if data loss only is a concern but an interruption in availability is okay, etc)


I really wanted NextCloud to work but the Android docs app is absolutely hopeless.

It's like pulling teeth to work with that interface to edit documents. It's hard for me to believe that anyone actually uses it.


I've never actually used it for editing documents, I just use it more as a Dropbox replacement for backing up / syncing files.

In that case, depending what your actual acceptable risk/goal is... continue using Google Docs and set up a regular backup? Your worst case is that Google Docs goes away tomorrow, and you still have all your data you just need to spend a bit of time restoring to a different account / setting up alternative software / etc and move forward from there. For most people I expect that's more than enough.


You can export a lot of your content at takeout.google.com. Debundling these into other services is the main challenge, you have to shop around.

If nothing else you should set up your own email address, even if it is just a simple forward to your gmail. Google blocking access to your mailbox would be pretty bad, having control of your MX record gives you an out.


It might be useful to note that in the event that google does ban your account, you can still use the takeout service to retrieve your data.


You can lose access to takeout as well. Some users retain access, but for some of them, takeout will mysteriously never complete.


I'm not sure there's an easy way to port everything (few services integrate across so many fields as seamlessly as Google does), but this Reddit post has a huge thread of alternatives to common Google services: https://www.reddit.com/r/degoogle/comments/g1yu01/google_alt...

For me, I've switched to DDG full-time for search and I'm veeery gradually swapping over to Protonmail for email (using Thunderbird as the client to ease the transition). Once email's over, I'll be able to rest a lot easier.

However, if you're a heavy Docs user, NextCloud is a Google-like suite with a few hosting options (self-hosted, third-party host, or enterprise).


One key point is that you do not want a single all-encompassing alternative, at least one that is a remote corporate-run service, as this simply replicates the risk elsewhere.

The principle options are:

- Integrated replacement services. Don't do this.

- Multiple independent free services. At least you've diversified risk. Mind that these may (and likely will) consolidate with time. Skype, WebMeeting, Instagram, YouTube, GitHub, and Blogger were once freestanding companies. They no longer are.

- Self-hosted solutions. NextCloud, FreedomBox, etc., or DIY service bundles on your home, office, and/or a hosted service can avoid the problem entirely at least for highly stateful services (email, contacts, files, documents)

https://duckduckgo.com/?q=google+alternatives

https://en.wikipedia.org/wiki/Nextcloud

https://nomoregoogle.com

https://alternativeto.net


> How is this not regulated?

It doesn't need to be (and shouldn't be). Just use an email provider that respects you as a customer and don't put all your eggs into one corporate basket (especially not one that treats you as nothing more than data cattle). Horror stories like this one will, over time, educate people that this behavior pattern is dangerous.

IMO self-hosting is the ideal because that aligns responsibility with incentive (and it can be done extremely cheaply), but if not, there are paid email services that actually treat the user as a customer.


This victim-blaming needs to stop before the tech industry backlash hits. This is exactly why we need regulation. I swear, if "just go somewhere else" were good advice (and it's not), we wouldn't be having this conversation. How many years has it been, though, that Google and other consumer-ignorant companies have been able to get away with this, helped along by people who tell victims to just "go somewhere else"?

Normal people will only put up with this for so long. Either regulate it intelligently now, or expect actually scary regulation a decade or two from now.

There's nothing wrong with a law that says: "You cannot close a customer's account with no remediation, no recourse, and no explanation." What is Silicon Valley so afraid of there? How is that unreasonable?


How do you change people's mindsets from 'free is good' to 'free is bad' though? They're not planning on being customers of Google.

>This victim-blaming needs to stop before the tech industry backlash hits. This is exactly why we need regulation.

Google will simply dilute the language of the regulation, to the point where they will simply add a "your account can be deleted at any time for any reason, proceed at your own risk" popup during sign-up, and people will happily hit continue/next.

Systemic reform can't exclusively happen top-down or bottom-up. There needs to be some of both. We need to stop giving Google free good-will on HN. Stop up-voting Google product launches, stop promoting Chrome, etc, etc.


I think it is reasonable to have the position that Google is big and powerful enough that it cannot and will not be regulated by, say, the US government. Or rather, that it has enough permanent influence such that any regulations will be watered down to be de-facto meaningless, or in most cases, strategically beneficial to Google themselves (substitute chosen megacorp here).


For real. If we don't do this ourselves, then the hammer is gonna come down much harsher and with much more reckless abandon in the future. It'll look closer to SOPA than anything reasonable. I don't want 80 year-old dinosaurs in Congress making these decisions 10-15 years from now because we couldn't get our shit together.


What do we expect to change between now and 10-15 years from now that will make regulation harsher? Assuming bad behavior from tech giants continues (and, crucially, continues to be publicized), I would assume by then a competitor will have come along to take the bad-behaver's business.

After all, 15 years ago we still thought Google was "not evil". A lot can change in that time.


> Normal people will only put up with this for so long.

Agreed. Then they will learn that Google is not to be trusted with email and move to a provider that is (sort of like how kids migrated away from Facebook when their parents showed up, even though Facebook remains a dominant brand). Disruption occurs when an incumbent is bad at something which the disruptor beats them at. In this case, there is an opportunity for an email provider to disrupt Google by providing actual customer service. Protonmail is already making waves in this space (in addition to the encryption).

The reason I'm anti-regulation is that every law is a headache waiting to happen (and one more barrier to entry) where to me -the- beauty of the internet is that there's almost no barrier to entry once you have an internet-capable device. The more we regulate the internet, the more difficult doing something as simple as running a personal discussion forum becomes. Regulation is, at its best, a necessary evil, to be avoided until no other solution has proven viable. And there are plenty of other solutions for this particular problem.

And to clarify, I'm anti-Silicon Valley (IMO venture capital's expectation of high returns is the direct cause of many of the "evils of tech"). But I do tend to agree with the anti-regulation stance. IMO the problems people want to solve with regulation (even including GDPR) are better solved by better tech and organizations that align their incentives with those of their users.


If you are a “customer”. How many people pay for google services? I know it’s kind of jerky but I still agree that if you aren’t paying for the service, you have no leg to complain about it.


Google isn't doing this out of the goodness of their heart. They're expecting to make money off of every signup in some way. Directly or indirectly. If they want to continue their dominant status, then they should be responsive in some way to their users.

Sure, they have the right to cut off users any time they like. But it's ultimately self-destructive. Once trust is lost, it's difficult to regain it. I've moved away from my Google dependencies as much as I can, and have urged friends and family to do so as well. I'm only influential with around two dozen people, but once you start multiplying people like me by the millions, then Google has a problem.

And I'd argue it's at least a little immoral. Their services, especially Gmail, were set up in a way to make users highly dependent upon them. Google wanted that dependency for their path to near-monopoly status. To suddenly cut them off without the option of support or a clean exit creates real world chaos as the users try to pick up the pieces. Your email address might not be used much socially these days, but it's crucial for business contacts. For logins and customer interactions. The loss of it can cause serious damage. Google may not be legally responsible for the damage caused by a user's loss of their free services, but they're arguably morally responsible. Maybe they should pop up a warning to everyone using Gmail: "Don't rely on us. We're not going to do anything to help you if you can't use it one day."


Why do you assume Google is rational?

Or more precisely: Why do you think any outsider could understand Google's rational?

History is littered with the corpses of successful companies that lost their way.

Today's Google reminds me of General Motors. Utterly dominant, untouchable. But needed to keep making more money. So they bring auto loan financing in house, GMAC. Woot, more money. But they forgot how to make money making cars. So upstarts ate their lunch.

It's a rough analog. Maybe IBM is closer.

The point is Google's rolling in cash despite their antipathy towards their end users (note that I did not say "customers"). Which will continue to be fine, until it isn't. And then it'll be too late.


We do not pay for a home address, and yet people can still reach us there. Email is just as important as physical mail -- the problem is that the economic model changed. This means there is no incentive to maintain service, even though (in my mind) in the modern era an email address is possibly more important to a person for day-to-day communication.


> We do not pay for a home address

What? You don't pay paxes in your country? No rent to the owner of your house or paid for owning the house yourself? What country is that?


I mean we do not pay the USPS or FedEx or UPS, etc. to agree to send mail to our address. I was making a comparison between mail and email services. Hopefully this clarifies what I meant.


Still makes no sense. We do not pay mail-providers for the address alone, but mainly for running the servers which deliver and store the mails. Which is the same for which USPS/Fedex/UPS/etc. are paid for.

You want a mail-address? Grab your own domain (thus pay "tax"), put a server there (build a "house") and you are there. Getting an address, be it physical or digital never comes for free, and there is not human right for having one.


Alright, then I take back what I said in my parent comment about how "we don't pay for a home address". I'll concede that we do pay for a home address.

However, that doesn't change the fact that the economic model has changed when it comes to email. We no longer pay with money, but we pay in other ways when we use Google. So it's actually worse than with mail, because there used to be a clear exchange of goods but it is now obfuscated. And thus, there is nothing mandating good service, which is why people can be randomly banned from using it.


This makes the case for USPS to provide email services.


Email should be something provided by the government, like the postal service. So should your Internet.


Why should people have to pay money for a product to expect fair treatment? Is an exchange of services without money not subject to rules and regulations? Google chooses not to charge people because they've found it more beneficial to offer many of them for free. It's a model many tech companies have followed to great success. That doesn't mean they should have free reign to do whatever they please.


> Is an exchange of services without money not subject to rules and regulations?

A contract without consideration is not a valid contract. There are a few laws in some places that require companies to provide service outside of a contractual service agreement, but those are typically limited to public utilities, emergency services, etc.


GP said without money, not without consideration. Google derives a great deal of value by having your attention and data in its various products. The fact that users exchange attention and data rather than dollars doesn't give Google the right to stomp all over them.


> Google derives a great deal of value by having your attention and data

They do. But does their ToS say that your data and attention is consideration for use of their services? I do not believe it does. In fact, it says:

> You have no obligation to provide any content to our services

Throughout their terms, I don't see anything that implies an obligation of exchange.

There are certainly other rights that exist... But contractual rights to a service is not a right you'd have without a valid contract.

You can sue your caterer if they run out of food, but not the soup kitchen.


People pay with their data. It suits Google very well. If they were able to make billions, lest they could do is to have a proper customer service. I see them now as a company exploiting their customers in every way possible and then giving them a middle finger if there is any problem they experience. It should not be legal to respond to customer issues with bots or people not trained to deal with specific requests. If this means customers would have to pay extra, I am fine with that.


People pay when google steals their data.

I say “steal”, because they are not opt-in.

Also, there is no comprehensive opt-out. I cannot tell their ad networks to stop tracking all the devices I own.

(They have a page for stopping tracking of things I use my Google account for. That doesn’t count: They track me even when I am not logged into Google, and even on devices that cannot log into Google.)

Also, I can’t delete my gmail accounts. They were issued by third parties that decided to outsource email to Google.

There is nothing consensual about my use of Google services. I shouldn’t be bound by their EULA. I’m sure the courts would disagree.


I've heard bad stories from people that did pay for Google services. It seems they only get slightly less contempt (and maybe a phone number).


If you signup for an account you are not a customer in your view?

In google's view if I accept the terms google will treat me as a customer internally and using that relationship will sell my data.

Is google not in a legal position to do this?

The acceptance of the terms creates a customer relationship


The thing is - google makes more per user than users are willing to pay for google services. Also, their totaling vertical integration makes things hard to disentangle. If Google were to introduce paying subscription tomorrow (just shooting, 60 USD per month), what what I would be paying? Youtube? Search? Everything? What if I were willing to drop youtube and just pay for search?


> How many people pay for google services?

Everyone pays with their data and the ads they and others are seeing. Just because you pay no cash, does not mean ther is no payment at all.

Addtionally, it's used to be quite hard to even pay in cash for googles services. Though, this changde in the last years, as there is now youtube premium and google one. But still not possible for all their services.


More than enough ,Please check average revenue per user figurs of Google at such a large scale. They are one of the most profitable companies. We are paying by our data, actual money using value added services (google one etc.) It is very bad to say that we have no leg to complain.


I'm trying to not make this sound harsh; but you really don't need a government regulator to tell you that centralising all your data with Google, who are providing largely free services, is risky.

It is like building a house on the edge of a cliff then falling off the cliff one day. It was always a real possibility. Being locked out of your stuff is quite a likely end of the story with Google.


You need a government regulator to stop large companies from buying up lots of small companies and adding them to this risk pool.

I bought 3 Nest thermostats long before Google bought them. I wouldn’t have done so after the buyout.

If google bricks my thermostats because my kid does something dumb on YouTube (through the linked tv accounts) that will suck.

I suppose regulators could also prevent companies from bundling lockouts in that shutting down gmail for YouTube problems. Or shutting down Nest for gmail problems, etc.

The phone company can’t just randomly cut off service and ghost me. Regulators are the reason for that, as I’m sure they’d love to if they could.


Nest sold you a poorly designed product. If they had sold you something that could be plugged into any network then you could reuse it. From the start the product had a big fault google buying it just highlights that design flaw.


For the record, there have been cases of companies (IIRC Cisco wifi routers) that attempted to do this retroactively - pushing a firmware update that "helpfully" made the hardware cloud managed only.

So indeed, buying open API stuff only is a good start, unfortunately one still needs to be vigilant.


> but you really don't need a government regulator to tell you that centralising all your data with Google, who are providing largely free services, is risky.

>You need a government regulator to stop large companies from buying up lots of small companies and adding them to this risk pool.

These two statements are not even close to arguing the same thing.

The previous commenter is saying that it's common sense that "centralizing all your data with Google" may not be a great idea, especially if you don't have any backup of that data and keep all of it in Google.

They are being downvoted, wrongly, by people who knee-jerk about the "don't need a government regulator" bit. But they only used that phrase as a kind illustration of the common sense that people should have about not having a backup of their data.

Yes, Google does need some government regulation. And yes, people shouldn't need a government regulator to tell them not to keep all their data in the cloud without any local backup at all.


The people on HN with ability to downvote are some the biggest assholes on the internet. Seriously worse than reddit. I guess I shouldn't be surprised.


>The phone company can’t just randomly cut off service and ghost me. Regulators are the reason for that, as I’m sure they’d love to if they could.

If you're paying your bill, why would they care?

Regulation is part of the answer, but it's also part of the problem. If a YouTube comment wasn't at risk of "being mean" or breaking arbitrary rules (pushed by regulators, Google isn't doing it on their own), you couldn't be locked out. Corporations don't gain by cancelling their customers.


> Corporations don't gain by cancelling their customers.

Sure they do. If a certain customer's behaviour is alienating or obstructing other customers, then that customer gets cancelled, because they are having a negative impact (on the business - not the users!) that is larger than the benefit they provide.

That's a net positive result.

Ignoring your whole concept of "mean", it is 100% up to the company to decide what the negative behaviour is, which is part of the problem.

Sure some of it might be "mean behaviour" and so we look at it as Google doing a good thing perhaps.

But what if you went around Google's services and informed people of better alternatives to their services, and you started to actual gain traction and cause people to stop using Google?

There's nothing mean about that, in fact you're providing a good service to those people. But in Google's eyes your actions are negative, and they could just cancel your account at their discretion because they don't like what you're saying.

That is the kind of thing that regulation protects from, when dealing with essential services - and I think there's a stronger and stronger case to be made that these large providers are in fact essential services.

p.s. Devil's advocate: the theoretical actions I described above (recommending alternatives) could so easily cross the line into spam. But who decides where that line is, if Google was to be regulated?


>If a certain customer's behaviour is alienating or obstructing other customers

This is not a random cancellation.

There is zero incentive for your phone company to cancel an account in good standing otherwise.

The OP said "they'd love to [cancel my account] if they could". Why would a phone company "love" to cancel accounts?


I was specifically addressing the other rather broad statement that I actually quoted.

To address your point too though, there are definitely customers that the phone company is required to serve that they would rather not serve, because the costs are higher than the revenue.

Remote rural customers, customers who need accessibility-related support, certain outdated services that people are grandfathered into and don't want to cancel, etc...

And again that's where regulation protects the customer from the corporation that doesn't care about the customer's needs, unless they align with their own needs or are forced to via regulation.


The blurring of and overlap/cooperation between corporation and gov't also shifts incentives. For example, you can skirt fiduciary responsibility by appealing to regulation.


There are a lot of stories of people paying for Google Services getting locked out too.

Personal experience, once I created an Adword ad using one of the image that Google Ad creator had suggested. It was nothing, just a woman in bikini. It was approved and then rejected with warning that I violated their guidelines. I wanted protest but thought probably not worth it. This could have perma banned me from Google, I stopped using AdWords.


>It was nothing, just a woman in bikini.

Do you think Google really cares about this, or do they get pressure from "outside" forces to impose such rules?

I seriously doubt Google cares one wink about people posting bikini photos. These rules exist because activists put pressure on the company to enforce such rules, for better or worse.


Adwords, youtube, adsense carry that danger. Setting up a youtube channel become risky.


Google is huge and they run a vast portion of the internet now. If they were to suddenly decide that all FastMail accounts should go to spam tomorrow, any users of FastMail would be SoL—they would be unable to communicate with a huge majority of the internet.

They could decide to randomly throw every 5th email that is not a gmail into spam and blame it on other providers having low reliability. Make it random enough to gently encourage you to get a gmail account again.

These are extreme examples, but Google could easily do these kinds of things and there is nothing any of us could do whether we use Gmail or not; it will affect us because they control so much.


Fear of leaks to the press from insiders discourage ideas that would leave a document trail -- plausible deniability is required. More likely then would be ever-tightening, subtly biased, anti-spam criteria.


That would backfire spectacularly, and would probably kill gmail.


> That would backfire spectacularly, and would probably kill gmail.

How would that kill gmail? It's not like they're going to lose any real part of their user base. Short of a press release from google confirming the behavior, the average user is not going to go through the hassle of finding a replacement provider and then changing every email address associated with every service they use (if it's even possible for the service) all for some nebulous and impossible-to-confirm conspiracy theory put forth by tech experts and security experts that don't get listened to even when there is proof. And it's not like other companies and services would take a stand by ceasing to offer service to customers with gmail accounts- that's an incredible way to lose a vast portion of your customer base.

I wish it weren't this way, but I just can't see that bringing down gmail. Especially not when every google service requires a gmail account- probably the same one most people have had for years.


A ton of online services, customer support services, government services, airlines, etc. etc. use e-mail but don't use gmail to send it.

They can't afford to let 20% of that go to spam without a backlash. And if they kept doing it despite the backlash, who knows what would have happened to gmail.

Lose a few thousand dollars or an entire vacation by google regularly blackholing messages from important and expensive services like airlines, when they send you email telling you your flight departure was changed, and you'll be looking for a better email service in no time.

Now imagine this happens to 1/5 of the customers of said airline, just because of google's 1/5 non-google mail go to spam policy. It would be a scandal.


>They can't afford to let 20% of that go to spam without a backlash.

They will launch a 'secured sender' program where you pay Google a monthly fee so your company's email doesn't fall into spam.


It's happening now with smaller providers or by hosting your own server. Try to send an email to gmail from your server.

It hasn't kill gmail. How could it unless other providers refused to route gmail emails the way google refuses to route your personal server's email.


I do, it works most of the time.


I am for banning all spam technologies.


Why are governments so slow in providing these essential services to their citizens?

The scenario you describe does not seem so unlikely to occur...


I disagree actually.

The issue seems to me that it's a global ban.

If Google only locked you out of the functionality you seem to have violated somehow, it would still be a viable strategy to use their services.

Imagine losing the ability to comment or upload videos on YouTube because you wrote something offensive or published a video with copyrighted materials.

Potentially bad for YouTube creators, but definitely not dangerous for normal users which also use other services.

Reports like this were the reason why I removed almost all Google services from my life a few years ago, but I wouldn't have done it if the bans had been granular.


> The issue seems to me that it's a global ban.

Global bans "seem" to be new. I've read many stories of shell scripts randomly permanently banning android developers for life from their platform, but those stories always involved being banned from the play console and so forth, not being banned from search / maps / gmail / youtube / etc.

It seems to be news that if you tell people in public youtube comments that you vote for Trump, or whatever it is they're enforcing today, google will fight back by disabling your thermostat or whatever.


I used to work at Google on stuff related to account bans.

Global bans are not new. They were standard a decade ago. The reason is due to the structure of the various spam/abuse industries that plague any service that allows user generated content. What happens is this:

1. Accounts get harder to create as signup security improves

2. Black/grey-market account sellers come in and start creating accounts that get bought by spammers/fraudsters.

3. Spammer/fraudster abuses an account on service X, it gets locked for service X. They sell the accounts _back_ to the seller, who then resells the account once again with a note that it can't be used for YouTube or whatever.

4. Different spammer/fraudster buys the account, abuses it on a different service, goto step 3.

Their systems have some notion of why accounts were suspended or blocked, and the tech does support individual service level blocks. But they weren't used much back then because the pattern of a user being bad on one service and then being bad on every other service was too strong.

The problem of false positives was well known a long time ago, and the noise:FP rate is very good - if a script accidentally disabled good users with even quite low volume the people in question would be on Twitter or HN within hours making articles like this one, which did get noticed. So false account blocks were pretty rare.

Back then and still now, I think Google need to make it easier to handle this situation. Strong end-user support in these situations is hard because genuine fraudsters will happily file support tickets and socially engineer support to get their accounts back - I even witnessed auto-generated pleas to support once. They were quite convincing individually, only when you saw a few thousand of them with re-arranged sentences all begging for help with identical language was it clear they were spam. However they could still make it a lot easier, and in particular, could improve Google Takeout to be easier to use (e.g. automatically uploading the backups to various non-Google services).


There are a couple of things that I don't get.

Why are accounts suspected of TOS violations not simply put into read-only mode instead of shutting out users completely? If the identity/authorisation of the user is not in doubt it makes zero sense to not let people download their data before closing the account.

This simple change would fix all the consumer related horror stories with zero cost to Google. In fact it would become cheaper for Google because people would stop pleading with them.

Also, why is there no one-off paid support option that covers the cost of a human checking evidence and is expensive enough to deter mass abuse by fraudsters? Why is there no option to provide a photo ID upfront so that there is always a last resort to check whether a user is who they say they are?


A lot of abuse is things like posted comments. The locks are retroactive and "account disabled" is a signal to each service to hide content generated by that user.

Read only mode would make sense for content that's truly private, or which can be made private. Nothing stops them allowing Google Takeout for disabled accounts, heck maybe they do these days.

Paid support:

1. the optics of false positives being held to ransom to get their account back is terrible. Giving the money back isn't always easy (credit cards support this sometimes but many users don't have them). And this is made worse by:

2. many accounts aren't easily verifiable. People imagine that every Google/FB user puts their entire life on these accounts. A very small number do. For those, expensive ad-hoc processes could maybe increase the account verification rate by a little bit. But most accounts that get disabled are accounts with fake names, that use exclusively one service, etc. It's extraordinarily difficult to come up with reliable ways to verify the identity of the holder of accounts that required no identity to sign up.


>A lot of abuse is things like posted comments.

Right, but removing an offending comment can easily be done indepenently of any other action against the account.

>the optics of false positives being held to ransom to get their account back is terrible.

That's true and I had that thought as well, but it's clearly the lesser evil compared to stories of people losing irreplaceable data.

>many accounts aren't easily verifiable.

True, but as I said, users could be given an option to make their account easily verifiable.


> Back then and still now, I think Google need to make it easier to handle this situation. Strong end-user support in these situations is hard because genuine fraudsters will happily file support tickets and socially engineer support to get their accounts back - I even witnessed auto-generated pleas to support once.

How much are accounts currently worth on the market? It seems that making the recovery procedure more expensive than the worth of the account should resolve that issue. At the same time legitimate users are probably willing to invest some money in order to recover their account.

For example offer a $20 option to send a registered letter to an address provided by the user. Then Google can check if: 1) The name on the credit card matches the name on the account, 2) a given address hasn't been used too often, 3) the identity check done by the postal service (checking if the recipient actually has a given name) succeeded.

This won't be a perfect solution and there are definitely edge cases for which it won't work (in countries without registered mail, if someone doesn't have a credit card, etc.). But it should be able to cover the majority of cases where legitimate accounts have been locked.


Most users don't have a credit card - they're not all in the USA. A big chunk don't even have bank accounts at all.

However that's basically what phone verification does. In case of suspicion someone has to provide their mobile phone number. It's texted with a code and a counter increased. The same number can't be used over and over. Unlike credit cards, the assumption of universal mobile phone access (amongst people who have internet access) is very strong. It works very well. In this case, the account was shut down without this being possible, which is only used normally for very clear cut cases. Don't assume the full story is public.


Then what you do is set up some sort of monetary charge, to verify that the person you are dealing with is real. Someone willing to pay for support is highly likely to be an actual customer, not a fraudster; and you can even have their local bank or notary to verify their identity, if you are worried about identity theft.

This is a problem that is largely solved at government scale, which is what Google is now, and there's no reason not to take advantage of existing infrastructure to do so.


The vast majority of Google accounts have no real identity associated with them. Also, this doesn't help if an account was NOT a false positive. You're assuming this guy is truly innocent of all problems, but from past experience, unfortunately I can say that sometimes when obviously non-spammy accounts go poof overnight and nobody is willing to explain why, it's because it's related to a criminal investigation.


I'm confused. The goal of my proposal was that someone who was wrongly flagged (a false positive) could identify themselves as such by being willing to put up a (cash) bounty, or identify themselves with a financial/government institution that is set to handle such things at scale. Someone who is committing fraud, or trying to steal anonymously, or is involved in other criminal activities, is extremely unlikely to do such things. Legitimate people, however would have a route out of this kafkaesque maze. That system could even be automated, and it would work better than what's going on now. At a certain point, some problems just cannot be solved with just code.


Google+ banned accounts globally if they discovered a fake name. Fun way to roll out a facebook killer. Kind of killed Google+ but that's a story for another day.


Google is a private company. So they can choose there customers. If they don't want you, they are free to throw you out.


At some point companies are large enough that not having an account is an handicap. IIRC, the supreme court of Canada mentioned in a ruling that Facebook terms are unenforceable because they can't be negotiated and because not having an account in too consequential. In essence, it's not a agreement you freely enter in. It was about forced arbitration.

My point is there are limits that what private companies can do. Stretching the boundaries like that is sure to cause a strong regulatory reaction at some point.


Lots of people don't have a FB acct or don't use it anymore. It's largely died off unless you are old.


That's not really relevant to the argument, but just s/facebook/new_hip_site if it helps..


>So they can choose there customers.

And we are free to complain and vote to change those rules. Guess what happens then?


Google is a private company. So they can choose there customers. If they don't want you, they are free to throw you out.

I do love these sorts of arguments. There is a modern expression that goes "f* around and find out". Like Standard Oil did.

https://www.britannica.com/event/Sherman-Antitrust-Act

When you have governments using Google logins or schools communicating with parents via Facebook groups, or state broadcasters reporting on Twitter as news, then the line between private company and public utility has been crossed.


And steal your data? Bullshit.

The worst is that they are certainly keeping your data, because they never throw anything out, while they are preventing you from getting to it.

That is theft, pure and simple.


That's not theft in the least. They kept the data that you gave them while using their service. Should banks throw out records for people who close accounts?


Why should a customer be punished for buying products that are not banned by the government and for tripping up on an invisible tripwire within said product?

If there were a definition for "set up to fail" it would be that customer... Or are we to assume google is a potentially hostile force, whenever it feels like being one.

We used to ban the sales of products that harmed customers.


It's not just harsh, it's wildly unreasonable.

What do you expect your average person to do? Set up their own mail provider?

A tiny number of companies set out to have an unbreakable joint monopoly over the Internet, and succeeded. Now you're blaming the average person for this - like the average person has the skills or the time to do anything about it.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: