I'd extend this even further: never use a single account for more than one purpose. Create a separate account at the same company for the other purpose. Some examples:
- Every product/project you manage should be on a separate account on Google, Facebook, Amazon, etc.
- Nothing tied to your consumer accounts should be used for anything business related.
- Your Amazon shopping account and your AWS account should definitely not be the same account.
- Don't use services where you're required to mix accounts like this.
Some examples:
- If the issue in this thread is actually an automatic ban, account siloing very likely would have avoided the issue. ([edit] likely, it would not have been possible to silo accounts in this case, as a child comment points out)
- Facebook apparently lacks the willingness to block an account from Marketplace, but they will block an account from all Facebook properties.
- Paypal has banned businesses because the account was created years ago by someone who at the time the account was created was 17.
The point of this isn't that it's impossible to connect the dots that you are the same person. The point is to make it difficult for an automated system to deal too much damage to you, and make it difficult for someone looking at a single account's history from accumulating too many "strikes" against that account.
(Author here.) This is excellent advice for consumer apps/products, (it's especially important to keep enterprise accounts fully separate from your individual consumer accounts), but it wouldn't have helped DroidScript in this case.
DroidScript is a non-profit organization; when they signed up for Google AdMob and Google Play Store, they provided the same tax ID (their EIN) in both cases. Creating separate Google accounts with separate email addresses would not have been sufficient; Google knows that they're paying the same company.
(The ads in question were being run inside the same app that accepts Google subscription revenue. Google can and will follow that thread!)
Creating a subsidiary business for every type of Google account you have would be quite expensive, and, if Google realizes what you're doing, it will make you look like you have something to hide, making you more likely to get banned, not less.
>Creating a subsidiary business for every type of Google account you have would be quite expensive,
Do you really have to create a separate subsidary business? Why not just get another EIN for the account? Then as far as the online service is concerned, that will be another taxpayer id, unlinked to the original one.
The IRS does have limitations[0] (you can only apply for one EIN per day), but as far as I could tell, there is no limit to the number of EINs you can get for your company.
In fact, I would argue that if you are a self-employed person, you should get an EIN and use it when creating accounts at any SAAS that require a social security number.
Modern AI techniques also don't really work as well as many think; they're awesome, but the hype far exceeds the reality. (For example, self-driving cars are very far away.) A HAL-like approach is actually better for most purposes I've encountered than “throw the problem at a deep neural net”.
The hype is excessive, but a lot of stuff is good enough for the real world even if it’s far from perfect.
Self driving crashes for example are rare enough to make the news. That might not be good enough, but it is a very high bar. We crossed a threshold where it’s significantly more dangerous for someone do 90+MPH on the open road than set their car to do 5 over the speed limit and take a nap on that same trip.
We have done this in past. At one point we had 4 LLCs with 4 adsense accounts each making $30K per day. There was nothing fishy here it was perfectly legal and 100% legitimate traffic. Over time we even split our large website into multiple domains under these 4 accounts to make them profitable. Google eventually banned all 4 over time without ever telling us why. We shut down out company eventually.
I had several domains once for a couple of ideas I was working on, due to them taking about a year to do as it was just personal thing I did in spare time in between playing games and attempting to have a life, I decided to domain park them with Adsense.
I set them up. Clicked on each one once to make sure it worked. Closed it. Didn’t open the domains again.
This was like in 2005. I didn’t really know what I was doing because it wasn’t adding JS to the page. And when updating the NS records it wasn’t rendering properly. So yes I clicked on the ad. It linked me to the site. And I deemed it working. I also even added my (static) ip to the list for ignored clicks.
Sometimes one may be able to take a good guess at where one did not comply with the letter or the spirit of a certain rule, but still not be told which specific violation was detected and triggered a ban. Both are useful information and the question could have referred to either.
It does depend on the state. I am also including registered agents, physical (mailing address) and digital presence. Depending on the nature of the business, insurance is also included in that cost. I did not include increased accounting costs
For small company accounts in the UK, you can file them yourself. It is not completely easy depending on what you are doing but well within the ability of an engineer, as long as you are keeping the relevant receipts etc.
For me, running a company was never expensive, just hassle like sending your annual update to Companies House and understanding the various overlapping communications from HMRC for tax.
if you're a "micro" enterprise (turnover <£500k and fewer than 10 employees) you don't even need to produce a P&L, just a balance sheet
it can be done entirely for free on the Government's Companies House site, which generates your accounts, the regulatory statements and also does your tax return
takes me about 10 minutes a year, sending the figures to an accountant rather than punching them into the government's website would take longer
OP was including other base fees beyond just the registration fee. The registration fee is $50-$500 annually depending on the state. With most states charging $250 or less.
Even at a mega-scale social games publisher like Zynga, we had to deal with automated bans all the time. That's why at one point we used an avatar for each game that was separately managed and was basically a separate identity with a separate bank account with a holding company etc.
- Invent an avatar that has their own profile, residence, birth date, gender etc.
- Use separate email addresses, not on your company's domain (to avoid domain bans).
- Use a separate mobile phone number, if possible.
- Use a separate smartphone device. There's Android devices for less than 100 bucks now, so that shouldn't be an issue.
- Make sure the geolocation of the Android device doesn't change too often. Paypal and others block you immediately because they're too stupid to realize people can actually travel and work from multiple locations; even with 2FA and SS7 enabled.
- Use a password manager, use 2FA, and make sure to backup account data and every security question. (and all the other standard practice advice)
- Treat your app's / game's avatar as a separate identity, which means don't have the same friends that your private accounts do. Don't link to other accounts of your ownership. Don't mention other projects of your company, otherwise they'll likely ban both accounts for click fraud.
I find it hard to believe Zynga had to use such techniques unless you’re referring to very early days. I, too, have used the techniques you’ve mentioned and went way down the rabbit hole. Among the things you’ve mentioned also found myself shipping friends and family laptops and Teamviewering into them to use alias accounts. Not fun to have to resort to such tactics. If Zynga still employs such, I shall make a mental note to stay the heck away from their stock.
I am not sure what you are implying. I am not an expert in this field but based upon the article and comments here it seems that this is something you have to do unless you want to be banned, even nowadays?
If you are just paying a couple of $100 a month for app related stuff you can just use a new bank if you want and just transfer the amount needed each month. Opening accounts is something banks really like when you do so its usually not hard.
Depends on the country. A well regulated bank has to know who the real or legal person behind the account is, but that doesn't necessarily mean the name of the bank account has to correspond to the name on a birth certificate. It's the business of the state to make sure they can tax you, but it isn't the business of the state to make sure Google can ban you.
It also depends on whether your company legally resides in the US or not. And also where the HQ is located (as that's the legal baseline for taxes in Ireland).
Most of those mega companies probably are not even paying taxes in the US, due to them having their legal residence in a postbox office in Dublin.
In addition to my initial comment: Most banks that offer enterprise/business bank accounts have a feature to split up accounting so that you can manage the financials of teams and suborganizations in a separate manner which eases up filing tax reports, too. I know that this is the case in Europe, but dunno anything about the banking system in the US.
Funny thing, that sounds precisely like what you'd do with shell companies and any other kind of alter-egos making you hard to find. Bonus points if the companies have different owners and formal directors.
Nice of Google to educate people how to do this stuff.
> - Your Amazon shopping account and your AWS account should definitely not be the same account.
My Amazon account has been locked for a few days now because I tried to buy a friend a gift card, and I can't even access my AWS account at all. Thankfully all I have on there currently is some old backups in S3, but I previously used AWS for some projects and this could've been a fucking disaster.
I tried to buy an Amazon gift card the other day for a friend's birthday, and a few minutes afterwards, the transaction was reverted and my account "was locked for unusual activity". I got an email saying they thought an unauthorized party accessed my account, and it included instructions to reset my password. I did so and then tried to buy the gift card again. A few minutes later, my account was locked again, and this time it told me to wait two hours and then call customer support. I did so, explained everything, got my account unlocked, and the customer service rep assured me the gift card purchase would work this time and volunteered to stay on the line for a few minutes while I reordered the gift card to make sure it worked correctly. It seemed to go through, and then an hour later it got reverted and my account got locked a third time. I waited two hours, called customer service again, and they told me that they'll mark the purchase as legitimate and that I should try logging in again after 24 hours. It's been a few days and my account is still locked. I need to call again. Seriously what the fuck.
About 75% of the times I log on to ebay, (no exaggeration, I only purchase something a few times a year and this happens almost every time), my account gets locked for suspected unauthorised access and I'm forced to reset my password.
I have a static IP, and only ever use the same two devices. I have a strong unique password.
I spent 15 minutes on the phone with their account security team who could tell me nothing about what triggered the lock, nor did they have any advice on what I could do to prevent this from recurring.
Something in their automated system is giving a false positive, and neither I nor seemingly anyone on the account security team has any way to address it.
I had this same issue with "suspicious activity" many years ago, and I had to call a US number to have it sorted. Though I did have it sorted.
They keep spamming me with the meaningless "help us protect your account" emails tho. The kind with a lock icon and zero useful information. I set up a rule to auto-delete those.
We have closed your Amazon.com account and canceled any pending orders.
We took these actions because our records show that an unauthorized person has signed into your account. For your security, the credit card information stored on your Amazon.com account cannot be accessed via our website and your full credit card number is not displayed in your account.
"""
What the actual fuck. Do I at least get refunds for my digital kindle book purchases?!
... I called again, they insisted my account was permanently closed, I talked about all of my Kindle e-book purchases and that I really wanted my account back, they said they'd forward the case to their account specialists, and 30 minutes later I got an email saying my account has been reinstated. So it turned out good, but I gotta say I'm pretty soured on Amazon right now.
Something very similar happened when I tried to buy a MacBook on Amazon.com with an European credit card. It just would not work, probably due to my **ty bank rejecting the payment… from Amazon. Good job.
Many attempts, calls, and hours later, I used my debit card from N26 and it finally went through.
While I get what you are saying, this is sounding more and more like an abusive relationship. "Getting beaten by your husband? Try not being around him when he is drunk." At some point we have to face the reality that the tech ecosystem needs some serious fixing, for both consumers and developers.
I had this exact comparison pop up into my mind yesterday when I read this, yet another, news of Google flexing on someone.
Actions of both tech companies and content publishers make it clear as day that they have zero respect for people. Well, since consumers keep returning to them, they evidently don't have much respect for themselves either.
Since when have we not looked at capitalist entities as abusers and exploiters?
No one wants to be in this situation wrt megacorps and their stranglehold on the internet, free speech, and so many livelihoods. Putting the onus on consumers to fix this is hilarious and naive.
While I agree that the onus should not be on consumers, it’s generally not bad advice to say “avoid those who abuse you”. it would be better, of course, to say “avoid those who abuse you… but I’ll be trying to protect you”
Look at it as a part of the portfolio of approaches we take to address this problem. It may not solve the problem on its own, but it's an important step to take. And arguably a necessary one; a great deal of what gives these companies so much power is that people simply can't imagine trying to do without them and don't even try.
Just because people say to stop giving them so much money and attention doesn't mean that they think that's the whole solution. But if you aren't making even a token effort to stop giving them so much money and attention, you're probably more part of the problem than the solution.
If you think these companies are a problem... take action. If you aren't willing to even so much as cancel a streaming subscription or take responsibility for backing up your own photos or whatever the issue is, you're sending major signals to the legislative system or whoever else it is you expect to swoop in and save you that you don't care enough for them to need to do anything either.
I don't mean this to be absolutist, either. I use Google in a few places, even despite my distrust and distaste of them. But even there, I hold them at arm's length. If they completely nuked my current accounts, it would mostly be an inconvenience. Worst bit would be the ~$20 of apps I'd have to repurchase. (I'd lose more than that but mostly I could just let them go.)
If there was a screwdriver analogy, we could turn this in to: "If all you have is an MBA, every customer looks like it needs to be screwed".
All of this is of course fine banter, but there does seem to be a pattern where the end-of-the-chain responsible party just has some generic business related schooling that results in questionable practises in the name of profit, or in some cases just growth (or some derivative).
It's not the customer support agent that woke up one day and thought "how can I screw over the next customer I get on the line", it's probably not the engineer that made the software in such a way that it just screws over everyone who comes in contact with it. Middle management probably doesn't have much to do with it either; they are often just doing what their manager told them, and don't want to go against that and risk their position. They are often not responsible for the top-down policy either... so that leaves us with the people that feed a bad policy to the rest of the company.
More critically, it's people that claim positions of authority while not having any clue of how real work actually gets done, making protecting their own position their primary goal. These people excel at playing politics such that nobody is responsible for any given problem, so once you get a critical mass it becomes a stable situation where little can change.
If you created a new company with ten random people from this thread, it would not suffer this banning problem as everyone would be aware of this failure mode. But if you fed the same people one by one into Google, they would each either succumb to corporate politics or quit, and at the end nothing would change.
These kind of bullshit jobs are the best argument for basic income. Our society would be better off if they were paid to stay home and stay out of the way.
Oh hey it's the "you should leave him" guy. As with abusive spouses, there are usually circumstances trapping people there. Not least the unequal power relationship.
This is a circumstance where society, in the form of government, needs to weigh in to force tech giants to behave more sanely, because only society as a whole is a bigger fish than Google, Facebook, etc.
If you want to sell Android apps, you are. Yes, I know Android allows installs from sources other than Play Store, but if you want to be popular, you have to be in Play Store.
I'm actually surprised/impressed with how successful that strategy has been for Google. I've always considered sideloading and alternate app stores to be an advantage for Android, but Google's store is effectively a monopoly anyway.
Statements like this are technically correct, but not very useful to discussion of the problem of Google and other large corporations being in control of such large pieces of widely-used infrastructure that they effectively decide what kinds of things others will create.
The parent's comment is so infuriating: yes, you can chose something else instead of Google, but it hardly matters because all of them are more or less equally terrible. Which, I guess, only makes sense in the competitive market: way too terrible or way too pleasant entities go bust (for slightly different reasons), what's left are entities that are just "good enough", and there is not much reason for them to try and improve the quality.
And you’re going to argue with me on the semantic definition of “force”, ignoring the sheer power Google (and a few other tech companies) wield over the technological word, which now encompasses basically all commerce and industry to varying degrees. The smartphone market alone means you’re forced to deal with Google.
Single line pithy comments set up these situations. They’re not good communication really, in my opinion.
It is absolutely possible to make an app that doesn't support iOS or Android and runs on weird unpopular Linux smartphones, and thereby bow down to nobody.
This is what makes the forced Facebook login for the newer Oculus VR devices so problematic. You can't create a second Facebook account just for VR.
If you get banned on Facebook, you lose access to your paid Oculus store apps on your VR glasses.
Of course, granting Facebook access to the extremely private tracking data that you can gather during use of VR is another terrible idea.
Its just about same anything. Simple guilt-by-association is a real thing for google at least. You have an employee who's deemed by google as a bad app developer? That can impact the business that employs them even if its an unrelated app.
If I remember correctly GitHub also locked an entire organization’s repos because someone accessed GitHub from a red-flagged country probably 2 years ago.
I can’t wait for regulation to arrive and stop this kind of behavior.
That's a very different thing, because they were worried about breach of US law. Not saying that makes it fair or non-destructive to the business, but it's not in the same league as Google being over-aggressive in protecting their ad money.
(And if there were regulations around this, Github would probably still have done the same thing, because "national security" regulations punch through "consumer protection" regulations every time.)
> - Your Amazon shopping account and your AWS account should definitely not be the same account.
If you need another reason. I've heard allegations that the recovery process for Amazon shopping accounts and for dedicated AWS accounts are different, with the former being easier to socially engineer.
Probably some risk management department figuring that in the case of the former any "fraud" can be resolved with any chargebacks/refunds
> I'd extend this even further: never use a single account for more than one purpose. Create a separate account at the same company for the other purpose.
This should really go without saying. I’m sometimes shocked at the extent to which it has become normalized to mix up one’s personal accounts with work. I can’t count the number of times a colleague accidentally sent me an email using their personal account, or texted me from their personal phone. Some people even use their personal phone directly for work, without even doing so much as creating a work profile. Why are you doing this to yourself? You’re just asking for trouble.
Don’t even get me started on how entrenched “Sign In With [Company]” schemes have gained traction. Why deliberately have such a single point of failure? To save what? An additional password?
However, in practice, using "Sign in with Google" by default dramatically increases resilience to most failure modes for almost everyone without a sophisticated threat model.
> To save what? An additional password?
The average person does not manage their passwords in a sophisticated way; if someone is signing up for many different services, they are probably using the same password everywhere, or some simple enumeration scheme. Then, when some random forum or web service gets compromised (as they inevitably are), their password to everything is compromised - including Google! On the opposite end of the spectrum, if Google is the only service with a password, and everything else is driven by Google-owned SSO, that person is essentially immune to compromise; whatever I think about the company, I do believe in Google's security team to keep passwords safe and block dictionary attacks more than any other service on the internet.
And while we can evangelize setting up password managers and using strong random passwords everywhere, the truth of the matter is that many people simply cannot accomplish this. "Sign in with {Google, Facebook, Microsoft}" gets them 95% of the benefit at much higher reliability.
> if someone is signing up for many different services, they are probably using the same password everywhere, or ...
This is completely the case, and at least from my experience the reality is worse than what is often believed: people don’t have distinctions between websites.
i.e. if a layman registers john@cool-website.invalid:correctStaple, and then they open another-sitename.invalid the other day, and presented with login screen, his intuition will be “john@.:correctStaple has to work”, because that’s what he “entered” yesterday.
Federated sign-in solves this by allowing users to use coherent id:password string for any login page without having to have distinctions between domains.
Strongly agree! And if Google closing your account is a big part of your threat model, that's something to hedge against.
But I suspect that for the average consumer - people using their gmail to send and receive emails, and doing stuff like watching Youtube and installing Android apps - the odds of that are quite small, especially if they don't have a business or developer context associated with their personal gmail. Account loss/takeover due to password re-use is a much bigger threat for the average person.
> Don’t even get me started on how entrenched “Sign In With [Company]” schemes have gained traction. Why deliberately have such a single point of failure? To save what? An additional password?
Well, no, it doesn't save a password. People use the same password across all their independent accounts.
Sign in with [Company] doesn't improve that, obviously, but there is the idea out there that [Company] might be doing a better job not leaking your password than the couple dozen sites that know it under the other system.
In other words, Sign in with [Company] is a way for a website to protect itself (from touching your password) at your expense. It's not there for you.
It’s pretty helpful for online shopping to be able to use Apple Pay. On your phone, you just click the button, use FaceID, and confirm shipping address. It can be done in 2 seconds compared to regular checkouts which step you through 4 or 5 screens.
Sign in with GitHub has also been nice for me on gitter. I don’t need a separate gitter account for any reason, and sharing my GitHub account on gitter is reasonable.
> Don’t even get me started on how entrenched “Sign In With [Company]” schemes have gained traction.
Absolutely!
My advice is to never, ever, use these links to sign in with a different company. It is a sure fire way to lose completely unrelated accounts just because ML went crazy somewhere and banned you.
(Also, on the advice front, always run your own domain for email. You need to be able to transfer it elsewhere when gmail blocks you, if you're using gmail.)
I'm not sure if this isn't a bit too paranoid approach. Using single sign on is imho fine as long as you use that account only for single sign ons. At least I haven't ever heard of anyone banned for this. Sure, it isn't ideal, but it significantly lowers overhead of managing too many identities.
If you want to represent your business, organisation, brand or product on Facebook, you can use your personal account to create and manage a Page.
We have a diametrically conflicting policy, by which personal accounts absolutely may not be used to manage company resources, for exactly the aforementioned reasons of minimising blast radius; so, we basically gave up on Facebook.
The double standard is evident: can you imagine any FAANG security team allowing a major corporate communications channel to be owned by a personal account? Answer: no; because doing something that fucking stupid would be a disciplinary offence.
Yep, I wanted to set up a Facebook page for my company, but as I don't want a personal Facebook account, I figured it wasn't worth it because it
would end up being fake info, and they could then just shut it down.
It seems like a risk with Google too. It's common to be logged into Google/Gmail with multiple Google accounts. Even with separate Google accounts, Google can tell they are related and could potentially ban them too.
A quick web search came up with Google's "associated account ban":
> "Associated account ban" means not just explicit account linkages, but also implicit ones, where a wife can be banned for the misbehavior of her husband
Legit question: is there any other service/company on earth that bans you for having multiple accounts? This seems like an insanely restrictive policy. One of the defining characteristics of internet communication is that you can have a “work persona” and a “home persona” and maybe another one for your hobbies, another one for your porn browsing and gambling, another one for your aunts and uncles. To deny this basic, universal concept is backwards and frankly shouldn’t be acceptable to anyone.
Internet companies have decided to deny this right the moment they figured out that your identity is valuable. Nowadays Google and FB, among others, will punish you if you use different online identities without their knowledge.
And while I love complaining about policies and behavior of FB, Google, Amazon etc, this one makes sense.
Almost always you ban person, not account - so standard is to allow one account or to require accounts to be clearly linked (for example, a separate bot account that is clearly declared).
GitHub disallows multiple free accounts in the TOS, meaning identity separation seemingly implies a continuous subscription cost forever. I'm not aware of any high-profile enforcement, but it's there.
It would be so ridiculous for Microsoft to have a one identity policy because Microsoft software accounts are generally provided by employers and tied to them, I have 4 MS identities (personal, two companies and university) and MS does not provide an option to use a single identity for that.
You can create Page accounts directly, which are not "people", so they aren't subject to that policy. They also do not have access to the same features, however.
> Create a separate account at the same company for the other purpose.
I'd love to create separate accounts for other purposes, but doing this has become such a big pain that I only did it a couple of times so far.
Most services now require mobile number during account registration. It seems necessary to provide a unique number, but how to get one? Numbers from "burner" apps often cannot get the text with confirmation code. Also, the registration process itself is difficult; sometimes multiple genuine attempts at account registration get your IP blocked, at least temporarily.
If anyone has any tips, I'd be happy to hear them.
Until those services decide to force you to have a phone number registered, which means that you can't have more than one of those services, unless you're willing to sign up for a new cell contract because they don't accept prepaid cell numbers anymore or VOIP numbers.
All cloud/hosting providers offer domains sometimes for free. You don't want that.
Because if you get locked out of an account you get locked out of your domain. Sure you can sometimes get at least domain back, but that usually involves layers and can take weeks or months.
If you can (its often not practical, but when it is) hosts your DNS elsewhere as well.
And most importantly, have at least one backup somewhere else (if you host on AWS have backup on something that isn't using AWS as a backend)
I would exercise caution doing that. If the accounts are created from the same infrastructure (IP, computer, mobile device), they are easily associated and can be swept up in a ban.
This is also why I NEVER use "Log In with Google" on any other service or site. I also just realized that even using the gmail address as the contact/backup is a bad idea, as if the acct gets reset and I no longer have access to that email, it's unrecoverable (exit's stage left making task to change all acct contacts off of Google..).
Also, seems from what I've read elsewhere, that the threshold for banning is as low as a single click on a known machine. this means that you can't even do a legitimate check of your own adverts.
In essence, this means that the Googles and Facebooks of the world are working to connect and consolidate identity information, and we now must work extra hard to dis-aggregate it. Seems there's an opportunity in this space to simplify and automate parts of identity fragmentation...
Sometimes when one of your accounts get banned you (the account owner) are legally required to stop using any other accounts. Bottom line - it increases survivability, but at the cost of breaking ToS. Separating corporate and personal accounts is a good idea in any case though.
This is the right thing to do, however Google has ways to detect multiple accounts from the same individuals. Cookies, credit card numbers, IP addresses, etc. It's really hard to separate them enough so they can't link them.
And sometimes they will ban all your accounts if they find something they dislike on one of them.
We need competition, an alternate app store or a rule that says that companies involved in making operating systems cannot get into the business of maintaining/curating/controlling app stores. Else these app publishers end up being beholden to the whims of the companies controlling the app stores.
While this is good and practical advice, it does irritates me that there isn't more of a push for regulation to protect people against automated actions like this. I know in the EU we have protections under GDPR which allow us to request an explanation for an automated action, but I don't believe we have anyway to request human review.
Part of the problem it seems is that even if these actions are unfair and unjustified it still makes financial sense for these companies to be trigger happy with automated account bans rather than implementing a more nuanced and intelligent approach which would likely require some human intervention or investment in more intelligence automated systems.
If we had some way to request human review or dispute automated actions it would become far more expensive to take unjustified automated actions as people would just complain and request a human reviews the case. Personally I think we've become far too comfortable with tech companies making it almost impossible to contact them. Requiring a human review process for automated actions and requiring companies have some way for customers to contact a human would create jobs and give us some legal right to adequate consumer service. It's weird to me that we have rights when it comes to how our data is used (at least in the EU), but no right to basic consumer service when our business is destroyed overnight because Google takes some automated action.
> I know in the EU we have protections under GDPR which allow us to request an explanation for an automated action, but I don't believe we have anyway to request human review.
There is, with limitations. The relevant part of GDPR is Article 22, "Automated individual decision-making, including profiling" (Full text: https://gdpr-info.eu/art-22-gdpr/)
This is probably the most restricted of the rights granted under GDPR. You have the right to manual review of algorithmic decisions, only when those decisions result in "legal effects concerning him or her or similarly significantly affects him or her."
Whether it applies to Google depends on how you interpret "similarly significantly affects," and that's something likely to vary from country to country and well beyond my experience with GDPR. If this were the US, I would expect that to include housing and employment. There's a much stronger argument that this right applies to a Google account if it represents a significant fraction of your business income.
> account siloing very likely would have avoided the issue
Not necessarily, if your personal@gmail.com and business@corp.com Gmail accounts almost always access Google from the same Comcast IP address, from the same Wi-Fi BSSID, and awake/active at similar hours, Google could easily tell these two accounts are likely the same person.
AFAIK AdSense also tries to detect forms of click fraud where you ask people in your network to help you click ads, and I can only imagine they can do that because know who you have e-mailed before, whose phone contacts you have, and who you have had calendar events or Hangouts with before.
Banning apps with no recourse or appeal process, however, should really be illegal. They could easily bankrupt certain small businesses and livelihoods from their rash algorithmic decisions.
Agreed. But this causes so much energy expenditure in setting up and maintaining these separate profiles for each project. We need more tools in this space, along the vein of password managers.
That is quite a bit of effort to protect from accidental temporary bans. It's definitely important (and easy) not to mix personal and business accounts, even for for single-person companies. But keeping different accounts for different parts of the same company without committing fraud is not that easy.
If the ban is permanent and results from a change in policy, this won't help significantly anyway: if Google actually wants to ban your business, they will find all related accounts, and ban them.
IMHO, it is not true with GitHub. Once I had to access a couple of my clients' GitHub account and all of them got banned. It was a stressful process to remove the flag.
This in general is sound advice however most large cos will have the ability to detect cluster of ids that are owned by same person.
- Beware of impersonation. It is a felony offense. When you create accounts give the same first name and last name. There are many forms where you have to answer questions like "Have you ever used any other alias?". While 99% of times it is fine, there are rare cases where you might get into trouble. I know some people who did.
While I agree with the suggestion it is explicitly not allowed on some platforms.
We recently had this issue with Apple. We wanted to create a separate account for App Store Connect to use with automated builds. Apple locked the account and required identification scans. Our VPE submitted his own info and it was rejected. For now we're stuck using someone's personal account.
> Create a separate account at the same company for the other purpose.
To make it even worse: you should even keep separate devices for the profiles. God knows who uses device-unique identifiers to join "sock puppet" accounts together, it is pretty much suspected that Twitter does.
> Create a separate account at the same company for the other purpose
fyi this is against Google Ads's terms last time I looked into it. You can do it if you've got the secondary account registered as it's own legal entity but one Ad account per entity
Amazon groups accounts they think they belong to the same person and when one is banned, they band them all. Just ask 3rd party marketplace sellers. I doubt G/FB aren't doing the same.
For Google specifically, do not use one email address as a recovery address for another - both will be banned together. Also, do not share recovery phone numbers.
Four months ago a friend of mine had his Google account suspended with a vague message about a terms of service violation. He escalated and appealed it with my help. It was no use. He lost everything. Files. Photos. Email. Calendar. Even his business domain registrations. He was paying for Google services like YouTube and storage. He couldn’t even get a download of his data.
This is why I never used Google Cloud. I’ve heard these stories for years. You can lose everything and have no recourse. It’s not worth it.
If you are on Google do a regular takeout [α] in preparation for a future ban. It exports everything. Easiest way to back it all up and gives you time to wean off Google.
Yes, I agree. But this does help people both mitigate AND move away from Google services. The main sticking point for me with Google is having all your history searchable and now it’s possible to set that up over your takeout data as you move to someone else for email, calendar etc.
* Some account bans are for illegal content - Child porn, bans so an account state can be investigated, copyright claims etc. In that case, letting a user download their data could violate the law/ethics.
* Technically implementing this in Googles infrastructure is hard. The login session used by takeout has to have access to all data (so that takeout itself can get your data from each service and build an archive). Stopping you taking that same cookie and using it to access services directly isn't part of their auth model.
Despite all this, I think they should try harder, both for the users, but also to save a potentially very expensive EU fine when someone with power in the EU gets impacted by this...
If it is "hard" to let user download their data, then they shouldn't be in this business in the first place. It's like they want their cake and eat it too.
> very expensive EU fine when someone with power in the EU gets impacted by this...
Given how EU works, more likely scenario is money under the table after a period of sabre waving.
> getting links to download stuff takes more than enough time to get you to forget it.
Building takeout archives is incredibly expensive for Google. Do that just a few times and you might have wiped out years of profit Google made off you. Thats because most data in your Google account (eg. a random email or a photo you took in 2013) is only accessed once and then never again. Storage systems are designed for that. Yet when you go and try and access every single piece of data ever, you're putting more load on their storage systems than years of regular use.
Thats part of why it takes so long to build the archive - they do it at low priority and slowly so as not to overload the service for other users.
Once the archive is generated it isn't hard to download it I don't think... Click the link in the email and it starts downloading... They even have an option to split into multiple files for ease of download if you have slow or unreliable internet, and their download links do support "download managers" which can resume failed downloads.
Giving you 7 days to download it seems fine... Remember they are effectively giving you double storage capacity for those 7 days, and hundreds of gigabytes of network egress (which would cost $8 or so if I paid GCP network costs each time I takeout my account).
You defend Google better than any of their official spokespersons IMO :-)
I still dislike Google intensely for a number of things but not for this anymore.
(In case you are interested:
- serving me insulting ads and not giving me good ones whenever I didn't have adblock activated for over a decade. (edit: I've lost count of how many times I've clicked "not interested" on semi nude pictures advertising for scammy dating sites)
- causing me hours and hours and hours of frustration by breaking doublequotes
- killing Google+
- keeping me worried that they will shut me down until I can migrate my last account off Google and a few weeks
See if any of the top three or ten results contains the word "goolge" or if they have silently rewritten it in the background.
Adding doublequotes used to mean it should search for that exact phrase. Super simple example of one place were it was useful: when you were troubleshooting a weird crash and you saw a mis-spelling in an error message: you copy or type in that exact message in quotes, bam, if there was a match you got it.
Google is always doing lots of experiments on all of us, vut for the last decade this has been broken for me. It just ignores the doublequotes. Same with the verbatim setting, it has been just placebo.
Have you tried to use your GDPR rights and complain if they were not delivered? You are most likely get a template response, completely irrelevant to your complaint. Then few more templates when you try to "escalate" and finally you get no replies.
That's how those big companies are serious about GDPR.
Then if you try to complain to one of the body responsible for GDPR they'll likely say if you don't like the service, delete your account and no further action will be done.
GDPR is one of those all sizzle but no stake.
Article 79 gives the data subject legal standing to bring a civil lawsuit against the data processor.
It's been the case before GDPR that you had to at least threaten legal action to make corporations behave.
Freedom of association does typically mean that a human can just ban you from ever being their customer again, but that's IMO an important freedom. The monopoly ISP in your municipality doing the same to you does not seem ok, however. And it might not be reasonable to ban ownership of a Google account that's used exclusively for "Sign in with Google".
With the way the system is designed, it's trivial to game the system in such a way that your ad-supported competitors get purged from the play store. Just extract the AdMob ID and submit it to click farms all around the world, and within a few days your competitor should be dropped from AdSense forever.
Like any Google product, partnering with them is a major risk for your business continuity. I'd never combine Google Ads and Google Play, just like I wouldn't combine a Google-hosted email domain with a Play account. Hell, even a Youtube account that's shared with your personal email is a data risk.
I do wonder what happened to get the app flagged. Maybe someone found a way to use the app to automate their ad fraud (it's an IDE after all), and Google determined this app to be the culprit? Maybe one of the app's dependencies had a piece of malware added? Who knows at this point. Google's lack of transparency makes it impossible to build any sort of business on their products. I don't get why people still try to do so.
> With the way the system is designed, it's trivial to game the system in such a way that your ad-supported competitors get purged from the play store.
Its only a matter of time until people start abusing this heavily, if they don't already do so. But then Google will probably have to do something about it, if it gets out of hand.
It happened with SEO. People found a way to game their rankings by buying backlinks to their pages from spam sites. Google started punishing that behavior, so some have instead started buying backlinks for their competition to de-rank them.
That's why I pulled out all of my projects from Google index. Interestingly despite I disallow robots from parsing anything, I can still see residual data in search results over a year after I disabled crawling in robots.txt.
Now my traffic is truly organic, because the only way of knowing about these is the good old word of mouth.
Imagine this would be the case for physical stores and only 2 companies in the world could decide what products you are allowed to sell. You start a coffee shop and 1 day later a representative of company X walks in and shuts down your entire store because you "violated our conditions but we won't tell you which one. You can beg us to reopen your store but first you have to tell us why you didn't violate our policies".
This sounds like a dystopia. And yet it's already reality in the app world.
I know a board game shop owner that had this issue... He was specialized in a certain card game I won't name, and one of their employees had shares of the biggest shop in the country, and then by "coincidence" all shops that competed with that big shop, but weren't big enough to defend themselves, kept losing access to products, and kept being banned from hosting tournaments, because they violated some policy that there was no explanation, and the only way to get accepted back was convince the manufacturer of the game that they didn't violated the policy... whatever policy it was.
It only stopped after a regular couldn't buy his favourite product, got pissed, and threatened to sue the manufacturer, that regular is a star lawyer so the manufacturer finally understood they faced a real threat now.
Amazon and Walmart? If you’re trying to make a mass market product you may have to bend to their will. The reason laundry detergent went from being mostly water to “super concentrated” is actually Walmart. They said jump and manufacturers said how high?
If there's a good alternative never use Google anything. The sole fact that there is no appeal system to account shutdowns and the way they just kill services at random should be enough reason for anyone.
Stories like this always scare me because they remind me that all of my domain names are on Google domains, including the one I use for my work email address.
Forgive me for piling on yet-another-unsolicited-registrar-recommendation, but I'm a big fan of NFSN due to their terms of service and feel safe that none of my domains will ever get pulled without very good reason. I've never had that trust tested, but it's at least spelled out:
They haven't been easy to get a response from for me. Tried to ask a question that wasn't in the FAQ and got silence. That was a few years ago. Went elsewhere. Same situation different question last year and again no response. YMMV but I got zero mpg.
I've contacted them a few times over the years to set/change the glue records for my vanity NS and they were always very responsive. It also cost like a dollar each support instance, but I still haven't spent double-digits contacting support in over a decade of membership :)
I also prefer to host any actual services behind my domain on a third provider, but at the very least being able to redirect your domains is very helpful.
Epik and Namecheap are pretty good imo. Definitely don't use GoDaddy.
EDIT: One can find several instances where users search domain names on GoDaddy and they are available at regular price but when they try to place the order, the domain is no longer available and must be bought at a premium price.
Namecheap are not very cheap, and they basically stole a domain from me last year by freezing my account randomly and requiring a cam-show on an unrecognized domain where i was to put my credit card on cam to verify i was myself.. i tried contacting them, as it sounded sketchy, but the deadline ran out before they replied. They refunded some of my money and kept my domain.
Thoughts on Hover? I've been using them without issue for a while but I also never hear about them in the conversation. Is there something I'm missing?
Hover has the best search interface IMO (it's GETified so you can create a custom search engine in Firefox) but it's expensive, especially if you are constantly buying domains.
Okay, but we're in a discussion about avoiding services that randomly ban people, so that sounds like a positive: If they won't even ban white supremacists, they probably won't ban me.
Well, so this is a matter for the FBI and the DOJ.
If you know of any such case, please report to them.
And by the way, another reason private companies should not be in the business of law enforcement is because by cutting service to such sites they could well be damaging ongoing investigations
It's not about legality; it's about societal norms. Visiting the bar known to be a stormfront hangout doesn't make you a white supremacists, but would make most reasonable people not want to associate with you.
Google doesn't protect scammers and actively goes after them. But if they flag _you_ incorrectly then your entire legitimate business may be defunct if you have your domains there as well.
If you use a service that has the moral high ground, that is all fine and good. But there is chance the service may decide you are immoral.
The only way to protect yourself is to use a service that also protects people you don't like.
I couldn't have said it better. If we refuse to allow speech for those who we don't like, then we will soon be the next silenced.
Remember Google came for Tulsi Gabbard by banning her Adsense account and now they are even coming for the anti-establishment classical liberals like Jimmy Dore, Aaron Mate, Glenn Greenwald. Anyone who opposes forever wars is the next "white supremacist" and "russian agent".
I don't see how skin color is relevant but since your comment enjoys assigning responsbilities based on skin color - I am a brown immigrant. Divide and conquer has been used for centuries and is what’s being used as usual to get political points. Nothing new about it.
Your comment is doing the same racism which you claim to be against. Usually the next response is to call me an Uncle Tom for not falling for the boogeyman and going along with the narrative. Anything which doesn't fit the establishment narrative gets classfied as "white supremacist" and other such labels now a days - just like your comment did.
Ps. Won’t be replying further because this discussion is neither relevant nor productive, plus probably borderline breaks HN rules.
Well we are talking about companies with questionable ethical practices. It would be weird to NOT mention the neo-nazi tolerance when suggesting epik in a discussion like this.
As someone who has a lot to lose if nazis ever get back in power:
isn't the correct thing to still register their domains and just go to the police with it?
Based on my sysadmin background I actively try to know as little about my customers as possible: sure I might become a hero whistleblower but more likely I'll taint myself in various ways.
No, because this isn't a Phillip K Dick novel. Police don't do pre-crime: they comes after the crime happened.
We are also not the police.
You needn't ask your customers "Are you going to do something bad?" (sometimes regulation forces you to ask if they _did_, but that's a past-looking question).
But once you know they are using that service for unacceptable activities, it's ok to remind them that such behavior is unacceptable. After all, you don't want having a reputation of the place that has those kind of customers.
I think life as a neo-nazi should be as difficult as humanly possible so I'd try find a way to boot them off any service I operate. It's likely many hosting providers etc have a "no illegal stuff or neo-nazi shit" clause in their TOS. A few of these sites have bounced around providers before landing with Epik, so it doesn't seem to be rare or hard to do. It's a choice Epik have made to, if not welcome them then tolerate them.
Sorry if that might seem naive, if it makes anyone feel better I'm not operating a domain registrar or hosting provider so my opinion is kind of moot anyway :)
How does one effectively police who is a neo Nazi? This thread is about the failures of customer service and anti-abuse techniques at scale, the inevitable false positives and the dire consequences. You seem to be advocating for more of that.
With broadly applied rules, you either have to accept some rule breaking will occur, or accept that you will end up punishing the innocent in efforts to prevent it. Realistically it's both, but there is a give and take between them.
Those inevitably flawed systems are not an ultimate solution to the problems they mitigate. To tackle the problems stemming from bigotry and intolerance, for example, attacking the perpetrators as "bad people" doesn't work, and is a bit self defeating. The goal should be to defeat the harmful ideas underpinning it, through positive proof of better ideas.
When one doesn't defend free speech for those they don't like, then they don't care about free speech. Would you rather have them run their site in open so people can simply not visit their site and others can watch for vile stuff they might be talking about? Or put them under the rug so they go even more underground with even less opposing view points and thus falling in their echo chambers?
Also now a days any opposing speech gets classified as nazis and white supremacist etc labels. Take Tulsi Gabbard getting her Adsense account censored by Google for example and getting called a russian agent and then it escalating to her supporters being called nazis and Assad toadies. Bernie supporters got called misogynsts for political purposes. The censorship tools always get abused eventually on those who advocated for it.
Related article on how ACLU used to defend free speech of even neo-nazis but have since then abandoned their principles and now actively give their data to Facebook:
I think ACLU are severely misguided, if not acting dangerously in their active support of a CLIENT rather than a CAUSE, and thus actively supporting and encouraging proprietors of hate speech.
Those who are already clicking on "reply" ready quote Niemöller's poem back to me should expect to be quoted Popper back, and be reminded that those that came for Niemöller are the same ones they wish to protect, and that those assholes wouldn't lift a finger to help you back: they'd rather punch you. It's not a bad idea to punch them back and remind them that they have no place in society, and should crawl back to whatever beerhall they crawled out from.
> the company serves at least seven groups on the U.S. State Department’s list of foreign terrorist organizations, including al-Shabab, the Popular Front for the Liberation of Palestine (PFLP), al-Quds Brigades, the Kurdistan Workers’ Party, al-Aqsa Martyrs Brigade, and Hamas.
> CEP has sent letters to Cloudflare since February 13, 2017, warning about clients on the service, including Hamas, the Taliban, the PFLP, and the Nordic Resistance Movement. The latest letter, from February 15, 2019, warns of what CEP identified as three pro-ISIS propaganda websites.
I do wish CF would apply the same standards to other sites too.
In case you don't know, when you transfer a domain name you do not lose the remaining registration time at the your current registrar. You pay the new registrar for an additional year, and the domain transfers over good through the original expiration plus that year - just like if you had renewed it for a year at the current registrar. So if you've been putting it off to "get the timing right", don't!
Chinese authoritarian state intervention isn't a bogeyman, it's a real threat first and foremost to its own people, and secondarily to those who do (especially tech) business there.
Just because a real threat is widely acknowledged doesn't make it a bogeyman. Bogeymen, after all, are mythical. Chinese tyranny isn't.
Good service, but their stupid whois privacy guard email system means you would need to turn privacy off to transfer a domain away from them, that always put me off.
> The only thing I haven't been able to replace is YouTube. That's a tricky one because it's the content creators that keep me locked into it.
Yes, this is a pain. At least YouTube does not require an account and you can use it through Invidious (or NewPipe on Android, or mpv/youtube-dl on Linux if you already have the YouTube link).
> Brave instead of Chrome.
Brave is Chrome repackaged. This a bit feels like "I avoid [brand] but I'll take this white-label product (produced by [brand]")
> Brave is Chrome repackaged. This a bit feels like "I avoid [brand] but I'll take this white-label product (produced by [brand]")
> Avoid anything Chromium.
Yes but this whole discussion is taking place because of the policies Google has for running things, not for building things. It's the operations that suck, not the underlying product.
If I want to watch someone knowledgeable working on my favorite language I will look for this content (or I will find that they are doing this via some other means - like Twitter, irc, Mastodon etc.) and unless experience is not horrible for some reason I don't care if it's Youtube, PeerTube, RSS feed with links to the video on ftp server. If you delivery something unique enough (in this case I assume that there are not that many people providing such content on similar level) for specific group of people you can probably leave YouTube and be fine.
But if I'm interested in something less specialized like for example tech news and I'm not attached to specific creator I might not even notice that someone left the platform. If I don't see "Linus tech tips" in my video feed I'll watch "Gamer Nexus" or "Hardware Unboxed" or something else.
Sad truth is that when I want to see video about something general I look for it on YouTube and don't even bother searching for other source. I think that YouTube "monopoly" is not on hosting video content but on discoverability of it. And I say this as someone who tries to avoid Google products as much as possible.
Works if you are only delivering live videos.
I've never been able to get into Twitch because there is so much dead time without anything interesting happening.
Patreon only works if you already have established fan base that is willing to pay for your content. It does not help with discoverability at all.
Youtube is still the king of video no matter how you slice it.
Ah you know I am thinking of Vimeo I think. (The producers I follow upload only prerecorded material.) I guess that demonstrates how little brand recognition the YouTube competitors have :)
Twitch isn't much better than YouTube when it comes to arbitrary bans.
Their top streamers can literally spread their asshole on camera and get a 3 day ban. All this while normal streamers can get permanently banned for any small offence.
Vimeo or Floatplane seems to be the way to go, depending whether you want to be subscriber-only or have free viewers too.
Do other mobile ad networks have a working appeal system?
It seems doubtful because of the same dynamic the article describes. Any working appeal system would teach people how to game them.
The ironic part here is that Google is essentially gaming themselves here: creating a feedback loop that encourages people to not use their ad products. I guess the ML algorithms are not clever enough yet(?) to figure things like that out.
Google is pretty good at weeding out bad players and all these bad examples are often on margin. Unfortunately the bad guys are getting more and more sophisticated. Google is not entitled to admit every publisher into their program but needs to provide enough assurance to advertisers that their money will be well spent. Hence they are likely to make mistakes on side of caution. This hurts developers like us but it benefits a business like Google.
Sadly, there is no clear quality alternative to Google as of today. I have worked for the adnetworks that boast to be second to Google but in reality are pretty disgusting and filled with crappy advertisers and even shady publishers.
Agree. I've moved my business email off Google because, despite being a paying customer, I had zero confidence in getting a resolution if my account got banned for any reason.
I still have an Android, and a personal gmail etc, but if they go away I can still run my business and I'll recover quickly.
How on earth does google manage to still be one of the most valuable (in $$$) companies in the world with this kind of behavior. I just can't imagine treating my customers half as bad as the way google does and still continue to be in business.
Abruptly dropping support for products[1], violating their user's privacy [2] , working with organizations accused of human rights violations. Each passing year it seems google is trying to unlock all the badges under the "be as evil as possible" campaign mode.
Funny bit is how you can replace the words "ads" and "android app" in the title with any two other names of google products and this same situation would still apply.
Because of scale, and because they own almost the entire ad space.
But yeah, IMO the reputational damage in the prosumer POV is already reaching a tipping point. It's too early for them to notice anything but it looks that it has enough momentum.
Google was cool, but we shouldn't cling to it too much because of nostalgia. For me, it was most of my internet life with it. But now Google represents values and has behaviors that don't really go with me.
Abuse of its market position, violating anti trust laws left and right. It is sad how even the "open" handset alliance it created to manage android is just a thin wrapper around licensing agreements that have been found inherently anti competitive and illegal all over the world. There is an army of lawyers waiting to jump any of the large Android manufacturers if they tried to move away from Google services for even a single Android based device.
I think it's because a single account for all. Email, drive, docs, calendar, photos, YT, Android etc. Having said that, it does not justify their unruly behavior.
Are you serious with your question or is this hyperbole?
When you hear about something like this you are seeing the one in a million false positive or more likely there was some fuckery going on. Obviously there is no upside for the banned devs to admit that they tried to abuse click rate on their ads, so unless Google comes forward admitting they made a mistake we will never know whose on right here.
This still leaves millions of happy consumers using Google's products without any issue and ban of some Android IDE is hardly going to be moving any needle anywhere.
The defendant (Google) was asked to defend their actions, on multiple occasions, and could not.
That amounts to a default judgement against then in our eyes, is all.
It'd be pretty silly to withhold judgement until the defendant admits to wrongdoing, which would explain why few other people in this thread are doing that.
That argument could be, and has been, used to justify some terrible actions by governments and corporations.
While we may never know the full story in this specific case. What we do know for certain is that Google has a history of pulling the pin on services and products used by customers. Google's lack of customer support is also a well known feature of the company. These two facts suggest that the situation described in the article is likely to happen, and may actually happen fairly often.
It really does feel like there's a day of reckoning coming for services that can boot you with one fell swoop. And unfortunately it's unlikely to come from the source or from a general public appeal, but from government intervention.
My adsense account was banned years ago. No details, no receptiveness to appeals. It's the kind of thing that's kept me from some personal/professional pursuits because I know there's a big barrier to monetization should it gain traction.
Google (or Apple) purgatory really doesn't seem like a sustainable business model. Someday they'll tick off the wrong person and it will turn into a big deal involving the government
This is my exact situation, I was banned from adsence over 10 years ago when I was a teenager. I still to this day do not know what caused the ban. I'm now running a successfull business and have had to shape our whole monetization strategy around avoiding google.
> unfortunately it's unlikely to come from the source or from a general public appeal, but from government intervention
Not unfortunately. Hopefully. Government doesn't work very well, but still much better than all those huge private companies. There are appeals, for one.
Government is not one thing though. There's the rule making branch of government and then there's the executive branch of government, the various agencies and government owned companies that often make people just as helpless as these tech behemoths, in some cases even more so.
It's simply very hard to go up against monopolies, regardless of whether they are private or public. It all depends on your ability to pay for good lawyers and survive the time until you get justice (both physically and financially).
What we need here is government in its role as a rule maker. This is a function that only government can play. It's not a question of being better or worse than private enterprise. It's a categorically different role.
I think it's unfortunate not that government is involved but that they'd have to be involved because Google is uninterested in improving this policy and its customers lack the voice to compel them.
> And unfortunately it's unlikely to come from the source or from a general public appeal, but from government intervention.
The government IS the ultimate form of general public appeal, right? It would be unfortunate if we had to resort to begging or public demonstrations instead of having our elected representatives enact our will through law.
I winder if stories like that will ultimately be Google and other tech giants downfall.
The idea is that you can get banned, you will never know why, there is no way to appeal, they won't give you a chance to fix things, and the only contact you will have will be robots, or if you are lucky, people completely dehumanized by the corporate structure.
So simply, they are unreliable. Just like files stored in a hard drive. With the hard drive, you can lose data because of a power surge or a random bug, with Google, you can lose data because you ticked the algorithm the wrong way. The solution: backups.
But that's the problem. These tech giants value proposition is that they do everything for you, including keeping your things safe, and they charge a premium for it. But if they can kill your account any moment, they are no better than your unreliable hard drive, so why pay the premium?
If they don't change, I can see them slowly losing market share, companies start to understand that putting all your eggs in one basket is a bad idea. They may be attacked by smaller companies that, while also unreliable, are cheaper and more agile because of their size. Or companies that offer you real, competent people you can talk to.
By tech giants, I mostly mean Amazon, Google and Facebook, I think (without being sure) that Microsoft knows better, and Apple is mostly a hardware company.
Another underappreciated danger is nationalization or regulation if google et all continue on the trajectory they are on now. As they strive to become more and more essential to participate in modern society, these opaque bans will become more and more devastating. There is a reason there is a justice system in place to create some kind of accountability and appeal process when cutting into the rights of people. If being able to interact with google service approaches being as essential as finding employment, they can't handle limiting access to their services in the way they have been doing forever.
I guess the $10B question is whether if someone could set up a competing app store that was available on all Android phones and could present some form of assurance that it wasn't full of malware, would Google lose the entire market or do they have special access to Android OS to prevent this happening?
For competing with google one would have to set up companies with proper humans in the loop, and in some neutral and stable jurisdiction. For non-US customers it would be also very helpful to tone down the heavy political patronizing that Silicon Valley/anglosphere has, which is ridiculous sometimes.
I recently implemented AdMob ads in an app and I wanted to contact Google support with a question. However, any time their "contact us" assistant didn't know the answer to my question, it would respond with an Error Page saying the email the support team can't be found.
I've been trying to set up a private google cloud account for some experiments, however anytime i try to add a payment method there is a generic error.
Ironically, there is no way to reach their support without an active paying account, so they're basically blocking me from becoming a paying customer.
I have no confidence left in google for anything critical.
I have a very old app in iOS that serves AdMob ads. I don't even have it installed in my devices. So I myself never launch it, and it hasn't been updated in years. On the computers I use, I have ad blockers. I don't think I have clicked on an actual ad in a decade. This is a small time app that manages to send around $20 every 3 months or so (through ads).
Still, about every 2 weeks, Google sends me an e-mail saying "my ad serving is limited" due to "suspicious activity". I do nothing. After a couple weeks, Google notifies me that my ad serving is "restored". Then after a couple weeks, again, I am informed that my ad serving is limited due to suspicious activity. Then they restore it back themselves. This goes in a loop. Whatever they are using to detect this stuff, I believe it is (intentionally or not) broken.
I just don't see how this can be legal. How can they be allowed to completely destroy a business with no evidence and no appeal process? This surely must class as abuse of a monopoly position.
I guess the fact that they haven't been sued yet must be evidence that their terms are fairly tight but it feels like I've seen something that states that terms are only enforceable if they can be shown to be "reasonable" and it sure can't be "reasonable" to say "we think you have committed fraud but we will show you no evidence that you have done so and will give you no way to appeal your innocence".
Right now it seems like they literally have the power to completely destroy any business hosted on their platform at a whim.
I agree, I think it's totally insane that we are allowing this to happen (and I'm most the liberal/free-market person I know).
Google is literally one of the most profitable companies in the world. It could easily implement a fair, open and transparent appeals process if it wanted. It's choosing not to. That is a massive "fuck you" to everybody who has invested huge amounts of time and money to build businesses that basically now operate at the whim and mercy of an unaccountable giant.
Suing also isn't at good solution. If your business suddenly get cut off from 100% of its customers, do you think you're going to have enough cash sitting around to pay employees and lawyers for the next 3 years waiting for your case to be heard? There needs to be a mandated appeals process that is audited by an independent government agency.
> Google is literally one of the most profitable companies in the world. It could easily implement a fair, open and transparent appeals process if it wanted.
I'm not so sure. Google's business model is to take a slice of billions of small-value transactions, usually in ad-serving space, while using every bit of automation to minimize its employee-effort per transaction.
I suspect that implementing meaningful human review at the necessary scale would kill those operating margins. Fairly handling an appeal from an app with $10/month in ad revenue would take about the same amount of human time as one from an app with $10k/month in ad revenue.
This doesn't excuse the business model, but I think it goes a long way towards explaining it. As you note, the tail risk here is regulatory -- if a sufficiently powerful government cracks down, it could impose an even more onerous review process than Google would choose for itself, or legislatively rewrite terms-of-use to impose a fairness or good faith standard.
> Suing also isn't at good solution.
Leaving aside the access to justice issue, suing isn't currently a good solution because it's not obvious what right the victim has in tort. Google's terms of service will allow its behaviour, so you'd be left with more speculative actions like unlawful restraint of trade that might require explicit evidence of bad-faith intent.
Everyone is bashing Google, and rightfully so. I avoid using their services.
However, I've also experienced the other side. I've run an online gaming business and we had to ban players that created multiple accounts to cheat. I remember an infamous player whom we kicked out after he created a bunch of accounts and used them to brazenly cheat.
He created yet another account and posted on our forums complaining about his locked main account. It contained a statement, written in all caps "ICH BIN MIR KEINER MANIPULATION BEWUSST" ("I'm not aware of any manipulation") that turned into a meme in our company because it was so brazen.
Google has no interest in locking out its users and customers. I'm sure there are many accounts that got locked erroneously and it's appaling that it's almost impossible to reach a human to appeal the decision. But i'm convinced that there are far more accounts that were rightfully locked.
Google could at least treat differently two kinds of “customers”: anonymous zero-effort freshly registered accounts and actual paying clients who have undergone extensive KYC and have years of history.
I think the main issue is not automated bans, but playing by all rules, jumping through all hoops, and still getting an unappealable ban on a whim.
What i was getting at was that some of these reports may be from people or organisations whose account closures were not in error. I do think they should give people the opportunity to download the data from the account even after it was locked.
What I was getting at was that some of these reports may be from people or organisations whose account closures WERE in error, and that is much worse than the possibility that they were not.
Any sufficient system of meting out justice requires a sufficient level of assurance that it won't get it wrong and punish an innocent person. Perfection is obviously not possible here, but increasing that level of assurance is.
I've been thinking about how to monetize the game I'm building and AdMob seemed like the obvious candidate. I checked a bunch of sources including Youtube videos, blog articles and reddit posts, and stumbled across a whole bunch of apps that got their ad serving limited because of "suspected click fraud". Most of those apps have in common that they are relatively new and had massive download spikes thanks to ad campaigns.
Obviously that was a massive red flag for me, but the search for alternatives gave me a good impression on how massive Google actually is. Many developers don't even seem to consider any alternatives for AdMob/AdSense.
So far the best alternative I was able to find seems to be MoPub and to use their mediation capabilities. I really don't want to go all in on Google, but especially when working on mobile, it often seems like there are not too many choices.
This article suggests a weird anti-synnergy between Google products. If android app makers knew that an adsense/admob ban led to a play store ban, they would use some other advertising platform on Android, which would lose Google money.
I keep reading about all of these people who got their Google accounts nuked, both business and personal, and keep wondering how there hasn't been a class-action lawsuit yet.
Their marketing says "your data in the cloud, safe", but then uploading a single copyrighted movie to GDrive (even if you don't share it) can result in not only losing access to all your other unrelated files, but also emails, app purchases, etc. And if you're really unlucky and administer a company's GApps, the entire company might get dragged down alongs with your personal account, despite there being no other connection than "administered by the same person".
This is so unreasonable that even if it's in their ToS, that wouldn't be enough in court, and surely there's some law that's breaking somewhere...
If they're banning a free account and you haven't suffered any monetary loss I doubt if the court will take kindly to its time being wasted with a case like this. Any argument about data loss would be put back on you with "back up better next time"
Many people have spent money with Google: Google Play purchases, Google One, Youtube Premium, whatever music service they're pushing these days, Google Domains, AdSense, a linked GApps account for your business... Some dude is already suing Apple for deleting his iCloud account that had a bunch of app purchases on it.
But monetary loss is far from the only thing you can sue someone over. If you can sue a store that you never even went into because you walked past it an slipped on ice that was technically on their property, twisting your ankle (and in many places, you can), I see no reason why you shouldn't be a able to sue Google for deleting your entire digital life (keep in mind that basically everything is tied to your email), even if you were using their services for free.
I know I'd much rather break my leg than have to deal with the disaster that would ensue if my Gmail were deleted, and I've been slowly migrating off of it for years now.
Edit: I guess a better analogy would be a company providing free warehose space (maybe for a temporary opening promo). They market it as a safe warehouse so you put your stuff in there, then they take it and shred it. In response they say that their parent company also owns a convenience store chain and one time, you looked at a cashier there funny. They point you to the ToS that is printed on the roof of the warehouse in 12pt Comic Sans.
That makes me wonder if Google has a whitelist of accounts, never to ban unless via manual intervention. Kind of like how Trump was not banned for years from Twitter despite breaking their policies multiple times.
This way, Google can keep the general muck banned but the actual troublemakers or those capacity for such will stay up.
However I wouldn't be surprised as part of the profile they build on each user that there isn't some kind of influence metric they can use to work who the high profile people are.
It could even be as simple as watching the inbox for when the "high profile verified social tick approved" emails arrive.
What I find interesting is the little information they give you after a ban. Apparently if they explained the reasons of the banning then other people could use that information to find flaws and 'game the system'.
This means that, if you deliberately made something against the rules and were banned, you can then 'explain your mistake and the measures to not do it again'. But if you don't do anything unusual and simply break one of the crazy rules they have by mistake, it's game over.
P.S. If you have a blog and practically all of your visits come from a single source (perhaps a link in something popular) don't EVER use admob on that blog. You will be banned too.
So Google can manage hundreds of feature/experiment flags on accounts to control which shade of blue you see in an A/B test, but silo-ing which products an account has access to just isn't possible?
I think it's more like they don't want to do it. If they consider someone a "fraud", why allow this "bad actor" to be still in the system? It's like "if someone steals, put them in the jail altogether, instead of just ban him from grocery stores".
It still seems overly harsh at the personal/individual level. Should lose your photos because you make a ghastly comment on YouTube, or lose your email access because you app. got pulled? A Google account has incredible breadth. I understand they have to deal with an incredible scale of fraud but surely they can differentiate between a recently created account using a few of their products for fraud vs. an account that has human-looking activity over a longer period of time.
I totally agree of differentiating punishment from behaviors. A bad comment shouldn't cause all the pics from Google Photos to be inaccessible. But like you said, Google probably has to deal with these issues in incredible scale, so unless some high up personally deal with the individual cases, almost all of the bans are automated.
Also, considering all the intervention would incur some cost, especially with high ups involved, unless unbanning the account has greater benefit to Google, why would they waste time doing it?
> Google will never tell you why they banned you from AdSense/AdMob. (Honestly, it sort of makes sense that they share no evidence, because Google doesn’t want people to learn how Google detects click fraud.)
No, I don't think that makes sense. Google is not sharing this information because they want to protect their own business, but in doing so, they are shifting all risk to the app developers. If you have a business model that only works because your process for removing bad actors is kept secure by obscurity, then maybe you should rethink whether your business model is sound?
I'm not aware of any major business that publicizes this kind of information. Try going to your bank and ask them for details on how their anti-fraud system works.
The problem here is this imperfect click fraud ban can ricochet into your app getting banned too.
No, I've worked a bit with banking fraud and money laundering, if we'll "fire" a customer, we won't provide any specifics.
Pointing out specific behavior is appropriate if you want people to change that behavior. But in such cases we don't want them to start working differently, we want to stop doing business with them. We don't want them to create a new company and try to do the same thing more carefully and keep within our detection limits, that's not a success, that would be a failure of our detection, we want to keep them and people like them out, preferably forever, and preferably with minimum expenditure of resources to keep them out. The same probably applies to Google.
"If you believe your account was wrongfully closed, you can file a written complaint with the Office of the Comptroller's (OCC) Customer Assistance Group."
Yes, and with Google you can also appeal. Problem is the same, though - you don’t know why the decision was made and don’t have the full view of the problem.
Reading the email exchanges there, I got a clear understanding that Google process is built in a way that makes impossible for a common person (without side channels to somebody important at Google or ability to cause massive bad press to them) to get any resolution. Moreover, support people (if those are people and not scripts?) don't even know what it is about, they just repeat "you violated policy X, see document Y, okthxbye" until you give up. They don't know how one violates policy X or what can be done about it, they just see some record "violated policy X" and have to compose (likely copy-paste) email to the complainer about it, so they shut up and go away.
I am still amazed people invest so much time and effort into Android apps that can be squashed like a bug for no reason at all, just because nobody cares enough to fix the utterly broken syustem.
The biggest issue isn't Google ads. It's these automated App Store monopolies. Not only App stores, but services provided by any of these FAANG mega-corps.
You, as a customer, should have a right to speak with an actual person, to find out what the issue is, and to appeal. If you suffered damages due to a mistake on their end, they should be found liable.
Is there a reason Google doesn’t offer a premium support tier for stuff like this?
There are millions of dollars flowing through Android to some companies. Paying $100 a month to always get to deal with a human seems like something that would be in demand.
I get that moderation can’t scale on the cheap, but with the dollar values involved, it doesn’t need to for the high paying customers.
Judging solely from the outside, Google seems to believe that anything that can't be automated isn't worth doing.
On the one hand I understand that their target markets are composed of billions of people. On the other hand, it's a strong contributor to their "Google is evil" reputation. The fact that you can never speak to a human is probably saving them money, but it seems so consistent and important to them that I'm not convinced it's entirely about the money. There has to be a lot of people very high up who are totally uninterested in the idea of customer service.
Google is a joke! Title should of said, NEVER use Gogle at all. They will ban you from AdSense even for menu or search design/style not looking how they like it. There automated system is horrible, they make money and don't care about there customers. So don't use google at all everyone!
I find it strange that it's so normalised to consider something as invasive and manipulative as advertising as the standard method of monetisation. How about trying to make a product so good that it has some intrinsic value that a user wants to pay for?
Because people won't pay, especially not on Google Play. Even if people do buy it and it's mildly successful, a company from a country where work costs less will clone it and offer it for free with ads - and no price can compete with free.
And in turn people are unwilling to pay for fairly good reasons.
I decided to pay for one of app with premium features (my the first payment in Google Play). What happened? App was "redesigned" two weeks later with features that I paid for removed.
What caused me to not pay for anything else, why I will gladly pay for software which I can download and keep running even if new version is crippled.
For example yesterday I bought LibgtBurn for controlling laser cutter, at 80$ price. While I am unwilling to pay 1$ for an app.
If someone else can clone your idea so easily then surely the idea is likely not to have much value anyway?
More importantly, my point was more an expression of disappointment that people are too keen to make quick and easy money through something which I consider to be generally deplorable. A large proportion of adverts are FUD exploitation and I don't think it's in the consumers' interests.
For me personally, if it came down to a choice between 1. monetisation through ads or 2. earn my living another way, I'd make an effort to pick the latter. I caveat this with the fact that I haven't had to face this choice in life yet.
I got banned from Google Ads at age 16 because Google was convinced I was doing this. I'm 35 now. Never figured out how that happened, but it doesn't matter because I wouldn't choose Google's ads anymore, anyway.
I dread doing business with these mega-companies. Its like dealing with a fickle god of chaos. Completely dystopian even if you follow the rules. Even worse if one of the daemons decides you broke a commandment and pits you into purgatory or hell with no hope of a meaningful appeal.
The endgame is a credibility company that keeps a permanent history on everyone. Then once you have bad credit, no companies will want to give you a loan. Landlords will not want to give you space.
I believe the GDPR requires that companies be able to explain the decisions of black box algorithms when they have the potential to cause harm personally or financially.
GDPR does have a clause (Art. 22) referencing "The data subject shall have the right not to be subject to a decision based solely on automated processing[..]" , however:
1. the scope of GDPR is about rights of natural persons so anything about a company or organization Google Ads account is out of scope. A non-profit organization (AFAIK DroidScript is one?) is not a "data subject" to which that article can refer.
2. even if it would apply, it does not require "that companies be able to explain the decisions of black box algorithms", it requires "at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision" so if you complain, express your opinion, and then the company has a human review the automatically gathered data and respond "yep, we looked at it and our decision stands" then that's compliant, that GDPR article does not require them to provide you with an explanation, only with a human intervention.
1. Mandate that each accused has the right to view the evidence against them - this means no bans without specific evidence that the user can view and defend against.
2. Mandate that each accused has the right to face their accuser - this means each ban must provide a way to speak to a person via phone and email to appeal it.
3. Mandate that each accused has a right to a fair trial - this means that, at some point in the appeals process, the banned must have the option of, with minimal investment of time and effort, being judged by a neutral party, which has the power to ultimately overturn judgements by the non-neutral party (Facebook)
The problem isn't that there are no solutions - each of these three totally reasonable rights was conceived of centuries ago. The problem is that Google doesn't want to do them because it is at least 1 cent cheaper to _not_ do then.
I'd say - use any platform for what it's good at. Extract value from platform.
Benefit from it, monetise it, let it help you to gather users or following.
But NEVER rely on any propriately platform for your business. You're NOT in control.
Make sure you have a contingency plan. Have backup (whatever it is for your business).
Make sure you have direct, alternative contacts with your users if platform goes nuts.
> But NEVER rely on any propriately platform for your business.
And after so many bans and incidents there are still businesses dependent on google services. The ban threads keep coming to the too, and pretty sure there are many threads like this not reaching the front page. I'm blaming this businesses too, not just google.
> But NEVER rely on any propriately platform for your business. You're NOT in control.
This is just not possible for so many companies. Dating app, banking service, online shopping? Apps are how customers use your service. No app, no customers, no business.
> But NEVER rely on any propriately platform for your business. You're NOT in control.
While I agree with the premise of your comment, a lot of times, this is pretty much impossible to be done. If a developer gets suspended by Google or other companies like VISA, PayPal etc, it's pretty much impossible to do business then. There needs to be an internet bill of rights which should take care of these things.
Another example on how tech giants control the livelihoods of millions of people. They can press one button and put thousands of people out of a job at any time. Workers rights? How about an automated reply and no specific reason for the death of your company/application/income.
These companies need to be regulated ASAP. Especially when it comes to terminating users.
Well, I know someone who wrote a bot to play his game and watch the ad at the end. This person made about 4 dollars in one or two nights letting the bot run. When pay day came, Google marked half of the revenue as invalid, and only paid 1,75 dollars.
This person knew the risks of being caught and let it go. My point is, I think Google warns you first about doing that.
If anyone doesn't think Google and FB are advertising monopolies imagine getting both or either of your ad account banned. Say you have a small Shopify store selling a niche product and competitor reported your ads, no one will answer your support tickets. This actually happens
I think the alternative is a simple web app. For many many apps it would work just fine. If it works in a browser on a PC, it really should work on a browser on a phone.
What’s a good Adsense alternative? They’ve temporarily disabled my Adsense a couple times in the previous year for “invalid traffic” and this is making it sound like a huge liability.
I've had my ads completely shut down twice for months at a time "for investigation" due to invalid traffic. I don't click on my own ads. I don't know, it's a little worrying.
I sympathize with the developers. Is it possible for a judicial review of the problem, for the "strong" side to present evidence of manipulation of the ad network?
I would assume that part of the testing process (or part of the checklist after going live) would involve clicking user interface elements, including ads?
There is an ongoing meme series with that guy with stone face who mocks stupid social media lifehacks. Let me be that guy for a moment:
Always create new Google account for your new project. Use that account for related Google Cloud, GMail, Google Play and all the SSOs into third-party services like Github/Gitlab, cloud CI/CD, hosting and so on. Just add your personal account as a collaborator to those services for convenience.
It will take one minute and protect you from a ton of problems later.
You create a monster (Google, Facebook etc..) then you cry for help when it comes bite your own hand? This one is on America and "American dream" Sorry I meant "American greed". Maybe both are same? Unfortunately whole world suffer as always -_-
If they know you clicked your own ads, then why can't they simply filter these signals out?
To me it seems like they are trying to find every avenue to wiggle themselves out of paying.
Such a nasty company.
> Google will never tell you why they banned you from AdSense/AdMob. (Honestly, it sort of makes sense that they share no evidence, because Google doesn’t want people to learn how Google detects click fraud.)
I disagree with this as I mentioned on a prior post about DroidScript. If a justice system doesn't tell people what crime they committed, what proof they have of such crimes etc, then such systems are exploitative and a lot of innocent people get hurt.
But justice system works equally for everyone, while this is private sector, where contracts rule. It is apple vs pear. Same to freedom of speech. Anyone can say anything in public, but if someone post a thread in Google Groups, they can ban you for whatever reason, because the user agreed to their ToS first.
Of course, DroidScript has the freedom to choose different ad provider altogether, but they didn't.
The reason government is treated differently from companies in that regard is because the government has a natural monopoly in many areas. You cannot choose an alternative government, you are forced to deal with the one there is.
When companies hold monopoly status (which Google absolutely does), there is also no real, viable alternative to choose from. When publishing on Android, realistically you are forced to deal with Google. They are not any different from a government in that regard.
The only difference between Google and the actual government is that (under the current set of laws) Google can get away with levels of abuse without recourse that the government cannot.
> Of course, DroidScript has the freedom to choose different ad provider altogether, but they didn't.
They could have chosen a different ad provider, but that is clearly not the problem. They could not have chosen a different publisher on Android without sacrificing >95% of their marketshare, and after being banned by Google from the play store it is game over for them.
I agree with you. But legally speaking, Google is not monopolizing until they actually lose an antitrust case. So before that happens, if anyone wants to play the game legally, they have to abide to Google's ToS, no matter how absurd it is, no?
No, they are not convicted of monopolising until they lose an antitrust case. That doesn't mean they aren't monopolising right now, it just means there hasn't been a verdict set against them for illegal monopolisation. Cases such as these (and discussing cases such as these) will help in mounting evidence against Google for abuse of their monopoly position.
How does one ensure that the contract is even being abided with when such company refuses to even provide any info?
Google, Amazon, VISA/Mastercard, Apple etc companies have basically become the railroads of 21st century and they need to be treated the same way the railroads got treated in the 19th century.
- Every product/project you manage should be on a separate account on Google, Facebook, Amazon, etc.
- Nothing tied to your consumer accounts should be used for anything business related.
- Your Amazon shopping account and your AWS account should definitely not be the same account.
- Don't use services where you're required to mix accounts like this.
Some examples:
- If the issue in this thread is actually an automatic ban, account siloing very likely would have avoided the issue. ([edit] likely, it would not have been possible to silo accounts in this case, as a child comment points out)
- Facebook apparently lacks the willingness to block an account from Marketplace, but they will block an account from all Facebook properties.
- Paypal has banned businesses because the account was created years ago by someone who at the time the account was created was 17.
The point of this isn't that it's impossible to connect the dots that you are the same person. The point is to make it difficult for an automated system to deal too much damage to you, and make it difficult for someone looking at a single account's history from accumulating too many "strikes" against that account.