I'm trying to not make this sound harsh; but you really don't need a government regulator to tell you that centralising all your data with Google, who are providing largely free services, is risky.
It is like building a house on the edge of a cliff then falling off the cliff one day. It was always a real possibility. Being locked out of your stuff is quite a likely end of the story with Google.
You need a government regulator to stop large companies from buying up lots of small companies and adding them to this risk pool.
I bought 3 Nest thermostats long before Google bought them. I wouldn’t have done so after the buyout.
If google bricks my thermostats because my kid does something dumb on YouTube (through the linked tv accounts) that will suck.
I suppose regulators could also prevent companies from bundling lockouts in that shutting down gmail for YouTube problems. Or shutting down Nest for gmail problems, etc.
The phone company can’t just randomly cut off service and ghost me. Regulators are the reason for that, as I’m sure they’d love to if they could.
Nest sold you a poorly designed product. If they had sold you something that could be plugged into any network then you could reuse it. From the start the product had a big fault google buying it just highlights that design flaw.
For the record, there have been cases of companies (IIRC Cisco wifi routers) that attempted to do this retroactively - pushing a firmware update that "helpfully" made the hardware cloud managed only.
So indeed, buying open API stuff only is a good start, unfortunately one still needs to be vigilant.
> but you really don't need a government regulator to tell you that centralising all your data with Google, who are providing largely free services, is risky.
>You need a government regulator to stop large companies from buying up lots of small companies and adding them to this risk pool.
These two statements are not even close to arguing the same thing.
The previous commenter is saying that it's common sense that "centralizing all your data with Google" may not be a great idea, especially if you don't have any backup of that data and keep all of it in Google.
They are being downvoted, wrongly, by people who knee-jerk about the "don't need a government regulator" bit. But they only used that phrase as a kind illustration of the common sense that people should have about not having a backup of their data.
Yes, Google does need some government regulation. And yes, people shouldn't need a government regulator to tell them not to keep all their data in the cloud without any local backup at all.
>The phone company can’t just randomly cut off service and ghost me. Regulators are the reason for that, as I’m sure they’d love to if they could.
If you're paying your bill, why would they care?
Regulation is part of the answer, but it's also part of the problem. If a YouTube comment wasn't at risk of "being mean" or breaking arbitrary rules (pushed by regulators, Google isn't doing it on their own), you couldn't be locked out. Corporations don't gain by cancelling their customers.
> Corporations don't gain by cancelling their customers.
Sure they do. If a certain customer's behaviour is alienating or obstructing other customers, then that customer gets cancelled, because they are having a negative impact (on the business - not the users!) that is larger than the benefit they provide.
That's a net positive result.
Ignoring your whole concept of "mean", it is 100% up to the company to decide what the negative behaviour is, which is part of the problem.
Sure some of it might be "mean behaviour" and so we look at it as Google doing a good thing perhaps.
But what if you went around Google's services and informed people of better alternatives to their services, and you started to actual gain traction and cause people to stop using Google?
There's nothing mean about that, in fact you're providing a good service to those people. But in Google's eyes your actions are negative, and they could just cancel your account at their discretion because they don't like what you're saying.
That is the kind of thing that regulation protects from, when dealing with essential services - and I think there's a stronger and stronger case to be made that these large providers are in fact essential services.
p.s. Devil's advocate: the theoretical actions I described above (recommending alternatives) could so easily cross the line into spam. But who decides where that line is, if Google was to be regulated?
I was specifically addressing the other rather broad statement that I actually quoted.
To address your point too though, there are definitely customers that the phone company is required to serve that they would rather not serve, because the costs are higher than the revenue.
Remote rural customers, customers who need accessibility-related support, certain outdated services that people are grandfathered into and don't want to cancel, etc...
And again that's where regulation protects the customer from the corporation that doesn't care about the customer's needs, unless they align with their own needs or are forced to via regulation.
The blurring of and overlap/cooperation between corporation and gov't also shifts incentives. For example, you can skirt fiduciary responsibility by appealing to regulation.
There are a lot of stories of people paying for Google Services getting locked out too.
Personal experience, once I created an Adword ad using one of the image that Google Ad creator had suggested. It was nothing, just a woman in bikini. It was approved and then rejected with warning that I violated their guidelines. I wanted protest but thought probably not worth it. This could have perma banned me from Google, I stopped using AdWords.
Do you think Google really cares about this, or do they get pressure from "outside" forces to impose such rules?
I seriously doubt Google cares one wink about people posting bikini photos. These rules exist because activists put pressure on the company to enforce such rules, for better or worse.
Google is huge and they run a vast portion of the internet now. If they were to suddenly decide that all FastMail accounts should go to spam tomorrow, any users of FastMail would be SoL—they would be unable to communicate with a huge majority of the internet.
They could decide to randomly throw every 5th email that is not a gmail into spam and blame it on other providers having low reliability. Make it random enough to gently encourage you to get a gmail account again.
These are extreme examples, but Google could easily do these kinds of things and there is nothing any of us could do whether we use Gmail or not; it will affect us because they control so much.
Fear of leaks to the press from insiders discourage ideas that would leave a document trail -- plausible deniability is required. More likely then would be ever-tightening, subtly biased, anti-spam criteria.
> That would backfire spectacularly, and would probably kill gmail.
How would that kill gmail? It's not like they're going to lose any real part of their user base. Short of a press release from google confirming the behavior, the average user is not going to go through the hassle of finding a replacement provider and then changing every email address associated with every service they use (if it's even possible for the service) all for some nebulous and impossible-to-confirm conspiracy theory put forth by tech experts and security experts that don't get listened to even when there is proof. And it's not like other companies and services would take a stand by ceasing to offer service to customers with gmail accounts- that's an incredible way to lose a vast portion of your customer base.
I wish it weren't this way, but I just can't see that bringing down gmail. Especially not when every google service requires a gmail account- probably the same one most people have had for years.
A ton of online services, customer support services, government services, airlines, etc. etc. use e-mail but don't use gmail to send it.
They can't afford to let 20% of that go to spam without a backlash. And if they kept doing it despite the backlash, who knows what would have happened to gmail.
Lose a few thousand dollars or an entire vacation by google regularly blackholing messages from important and expensive services like airlines, when they send you email telling you your flight departure was changed, and you'll be looking for a better email service in no time.
Now imagine this happens to 1/5 of the customers of said airline, just because of google's 1/5 non-google mail go to spam policy. It would be a scandal.
If Google only locked you out of the functionality you seem to have violated somehow, it would still be a viable strategy to use their services.
Imagine losing the ability to comment or upload videos on YouTube because you wrote something offensive or published a video with copyrighted materials.
Potentially bad for YouTube creators, but definitely not dangerous for normal users which also use other services.
Reports like this were the reason why I removed almost all Google services from my life a few years ago, but I wouldn't have done it if the bans had been granular.
Global bans "seem" to be new. I've read many stories of shell scripts randomly permanently banning android developers for life from their platform, but those stories always involved being banned from the play console and so forth, not being banned from search / maps / gmail / youtube / etc.
It seems to be news that if you tell people in public youtube comments that you vote for Trump, or whatever it is they're enforcing today, google will fight back by disabling your thermostat or whatever.
I used to work at Google on stuff related to account bans.
Global bans are not new. They were standard a decade ago. The reason is due to the structure of the various spam/abuse industries that plague any service that allows user generated content. What happens is this:
1. Accounts get harder to create as signup security improves
2. Black/grey-market account sellers come in and start creating accounts that get bought by spammers/fraudsters.
3. Spammer/fraudster abuses an account on service X, it gets locked for service X. They sell the accounts _back_ to the seller, who then resells the account once again with a note that it can't be used for YouTube or whatever.
4. Different spammer/fraudster buys the account, abuses it on a different service, goto step 3.
Their systems have some notion of why accounts were suspended or blocked, and the tech does support individual service level blocks. But they weren't used much back then because the pattern of a user being bad on one service and then being bad on every other service was too strong.
The problem of false positives was well known a long time ago, and the noise:FP rate is very good - if a script accidentally disabled good users with even quite low volume the people in question would be on Twitter or HN within hours making articles like this one, which did get noticed. So false account blocks were pretty rare.
Back then and still now, I think Google need to make it easier to handle this situation. Strong end-user support in these situations is hard because genuine fraudsters will happily file support tickets and socially engineer support to get their accounts back - I even witnessed auto-generated pleas to support once. They were quite convincing individually, only when you saw a few thousand of them with re-arranged sentences all begging for help with identical language was it clear they were spam. However they could still make it a lot easier, and in particular, could improve Google Takeout to be easier to use (e.g. automatically uploading the backups to various non-Google services).
Why are accounts suspected of TOS violations not simply put into read-only mode instead of shutting out users completely? If the identity/authorisation of the user is not in doubt it makes zero sense to not let people download their data before closing the account.
This simple change would fix all the consumer related horror stories with zero cost to Google. In fact it would become cheaper for Google because people would stop pleading with them.
Also, why is there no one-off paid support option that covers the cost of a human checking evidence and is expensive enough to deter mass abuse by fraudsters? Why is there no option to provide a photo ID upfront so that there is always a last resort to check whether a user is who they say they are?
A lot of abuse is things like posted comments. The locks are retroactive and "account disabled" is a signal to each service to hide content generated by that user.
Read only mode would make sense for content that's truly private, or which can be made private. Nothing stops them allowing Google Takeout for disabled accounts, heck maybe they do these days.
Paid support:
1. the optics of false positives being held to ransom to get their account back is terrible. Giving the money back isn't always easy (credit cards support this sometimes but many users don't have them). And this is made worse by:
2. many accounts aren't easily verifiable. People imagine that every Google/FB user puts their entire life on these accounts. A very small number do. For those, expensive ad-hoc processes could maybe increase the account verification rate by a little bit. But most accounts that get disabled are accounts with fake names, that use exclusively one service, etc. It's extraordinarily difficult to come up with reliable ways to verify the identity of the holder of accounts that required no identity to sign up.
> Back then and still now, I think Google need to make it easier to handle this situation. Strong end-user support in these situations is hard because genuine fraudsters will happily file support tickets and socially engineer support to get their accounts back - I even witnessed auto-generated pleas to support once.
How much are accounts currently worth on the market? It seems that making the recovery procedure more expensive than the worth of the account should resolve that issue. At the same time legitimate users are probably willing to invest some money in order to recover their account.
For example offer a $20 option to send a registered letter to an address provided by the user. Then Google can check if: 1) The name on the credit card matches the name on the account, 2) a given address hasn't been used too often, 3) the identity check done by the postal service (checking if the recipient actually has a given name) succeeded.
This won't be a perfect solution and there are definitely edge cases for which it won't work (in countries without registered mail, if someone doesn't have a credit card, etc.). But it should be able to cover the majority of cases where legitimate accounts have been locked.
Most users don't have a credit card - they're not all in the USA. A big chunk don't even have bank accounts at all.
However that's basically what phone verification does. In case of suspicion someone has to provide their mobile phone number. It's texted with a code and a counter increased. The same number can't be used over and over. Unlike credit cards, the assumption of universal mobile phone access (amongst people who have internet access) is very strong. It works very well. In this case, the account was shut down without this being possible, which is only used normally for very clear cut cases. Don't assume the full story is public.
Then what you do is set up some sort of monetary charge, to verify that the person you are dealing with is real. Someone willing to pay for support is highly likely to be an actual customer, not a fraudster; and you can even have their local bank or notary to verify their identity, if you are worried about identity theft.
This is a problem that is largely solved at government scale, which is what Google is now, and there's no reason not to take advantage of existing infrastructure to do so.
The vast majority of Google accounts have no real identity associated with them. Also, this doesn't help if an account was NOT a false positive. You're assuming this guy is truly innocent of all problems, but from past experience, unfortunately I can say that sometimes when obviously non-spammy accounts go poof overnight and nobody is willing to explain why, it's because it's related to a criminal investigation.
I'm confused. The goal of my proposal was that someone who was wrongly flagged (a false positive) could identify themselves as such by being willing to put up a (cash) bounty, or identify themselves with a financial/government institution that is set to handle such things at scale. Someone who is committing fraud, or trying to steal anonymously, or is involved in other criminal activities, is extremely unlikely to do such things. Legitimate people, however would have a route out of this kafkaesque maze. That system could even be automated, and it would work better than what's going on now. At a certain point, some problems just cannot be solved with just code.
Google+ banned accounts globally if they discovered a fake name. Fun way to roll out a facebook killer. Kind of killed Google+ but that's a story for another day.
At some point companies are large enough that not having an account is an handicap. IIRC, the supreme court of Canada mentioned in a ruling that Facebook terms are unenforceable because they can't be negotiated and because not having an account in too consequential. In essence, it's not a agreement you freely enter in. It was about forced arbitration.
My point is there are limits that what private companies can do. Stretching the boundaries like that is sure to cause a strong regulatory reaction at some point.
When you have governments using Google logins or schools communicating with parents via Facebook groups, or state broadcasters reporting on Twitter as news, then the line between private company and public utility has been crossed.
That's not theft in the least. They kept the data that you gave them while using their service. Should banks throw out records for people who close accounts?
Why should a customer be punished for buying products that are not banned by the government and for tripping up on an invisible tripwire within said product?
If there were a definition for "set up to fail" it would be that customer... Or are we to assume google is a potentially hostile force, whenever it feels like being one.
We used to ban the sales of products that harmed customers.
What do you expect your average person to do? Set up their own mail provider?
A tiny number of companies set out to have an unbreakable joint monopoly over the Internet, and succeeded. Now you're blaming the average person for this - like the average person has the skills or the time to do anything about it.
It is like building a house on the edge of a cliff then falling off the cliff one day. It was always a real possibility. Being locked out of your stuff is quite a likely end of the story with Google.