Everyone here is commenting about overautomation, but this isn't an overautomation problem. It's a secondary sanctions problem. The developer isn't being banned for breaking Google's rules, he's being banned for having hired someone else who later broke those rules; and then that ban was transitively applied to their personal account as well.
This is beyond the pale. Google should not have the power to decide who you are and are not allowed to hire. It both goes against the basic concept of a limited-liability corporation, and harms worker rights.
I had a scare last year where Google supposedly gave me 30 days before they would shut off my Google account of 20yrs. Family photos, youtube videos, 20yrs of email, not to mention the treasure trove of personal documents on GDrive. It took two weeks to duplicate the content and back it up elsewhere. This is a paid tier Google account and I've yet to get an explanation on why this happened. It appears to be because of an "associated" (whatever that means) Google Business account for a startup where I worked where they shut off my GSuite account after I resigned, but customer service couldnt provide a real explanation why it would also terminate my personal Google account. The automated websites where you upload photo ID to prove identity didnt work and didnt give an absolute confirm/reject...so i slept uneasily for almost a month knowing that my 20yr account might disappear.
Ultimately it did not disappear in 30 days. Was it because I upload passport photos? Not sure. Because I spoke to customer service? Not sure. Because the original shutdown notice was a mistake? Not sure. The lack of clarity made it worse.
I've heard stories about people losing personal accounts like this due to GCloud usage. At work, where I'm CTO, I have open access +MSAs to the three major cloud providers -- BUT I am very hesitant to use anything but AWS/Azure. The risk of something going wrong with GCloud and that metastasizing to my (or anyone's on the team) personal Google account (or vice versa) is huge and just not worth the risk.
After reading so many posts like this, I decided to bite the bullet and start moving off-Google. Funny thing is, ProtonMail and Obsidian are much better than Gmail and Keep anyway.
I'm still forced to use Google stuff here and there but I'm no longer dependant on them, and coincidentally I've been sleeping much better recently.
> So how do you know those services don't pull the same stunt?
It's a questions of eggs per basket. Google wants you to keep everything in their one basket, and the result is that if they arbitrarily terminate your account, you lose everything. If they give you 30 days like OP, you have to remember all the different places you need to download content from.
If you split your services up, a sudden termination only affects a few things rather than everything, and a forewarned termination has a much smaller surface area you need to consider.
> If they give you 30 days like OP, you have to remember all the different places you need to download content from.
Google Takeout (takeout.google.com) should give you almost everything in one place. It's a good idea to do this periodically in case you don't get the 30-day notice. Be prepared to download a few dozen GB, though. And there is no "incremental" option.
Takeout is nice, but I am surprised by the lack of features in other products that would easily allow to import the data from Takeout format.
I wanted to migrate from Google Photos to iCloud. Turns out there is no easy way how to import the photos to iCloud without loosing metadata. I gave up and just bought more storage on Google.
I agree with you there. All the data is right there, in fairly open (if not exactly standard) formats. They even include an index document and basic descriptions of the data formats. One would think their competitors would want to make it easy to port exports from Google Takeout into their systems.
I'm a bit surprised that you had trouble importing photos, though. Isn't most of the metadata kept in standard EXIF tags in each file?
Everything has benefits and drawbacks of course. It's true that you can minimize the impact of one service pulling this stunt.
However, I don't agree with "remember all the different places you need to download content from". Google does this with Takeout, so I can have 1 backup of most of my things. When using different services, I need to have various backups.
Reason is: I don't depend on services giving me 30 days. I assume they can block access on the spot.
Obsidian is a self-hosted repository that ultimately stores everything as plaintext markdown (.md). It is 100% portable and by default owned by you.
Protip: you can easily sync obsidian by sharing the top-level vault directory with syncthing. Its entirely transparent, you just start obsidian and open the vault, and changes you make on one system automatically appear on others.
As for protonmail, its better than google -- but you're right in the data ownership. In the case of protonmail, they have a much better track record than Google, but if you are really paranoid choose a service that supports SMTP/SNMP. You can then just have a mail client store the mail as an archive or connect it to any other mail system.
I think you mean IMAP. Protonmail supports SMTP (the mail-sending protocol; it needs to to interoperate with other mail servers) but not IMAP (the client side mail-reading protocol).
Depends on the service. For example, if proton bans me I can move my email to a different provider because I own my domain. In case of Obsidian, it's an offline app that uses Markdown, so I can easily migrate to a different note-taking software for any reason.
Your backup note is on point; I highly recommend everyone to do a Google Takeout every few months (or at least years!!). If you've never done one, like most Google users, you're playing with fire.
Notice that Google Takeout is broken with regards to non-UTF8 email encodings (for some of you who archive old emails). I noticed it when coding a small tool https://github.com/karteum/gmvaultdb to (among other things) import the mbox from Takeout into an sqlite DB : Google performs some encoding conversions that permanently break all non-ascii characters in non-UTF8 emails (they are all replaced by 0xEFBFBD). In order to archive old emails, I had to use mbsync with IMAP (gmvault does not work anymore with Python 3, and I didn't try yet https://github.com/GAM-team/got-your-back ).
I think for email it makes sense to have an offline IMAP setup (i.e. a copy of all mail is downloaded) on at least one device (e.g. your desktop) so that you can still access things if you are abruptly cut off from the provider. This can come in handy even for temporary outages.
I agree, but an an alternative to mbox/maildir format on your machine : I wrote https://github.com/karteum/gmvaultdb in order to have a single-file SQLite DB with all old email contents (all UTF-8 inside, simple/minimalistic schema), together with a small GUI to consult emails and do queries (full-text not fully implemented yet but this is the target) and all attachments extracted in a side folder so that I can directly browse with a file manager.
> If your domain registar bans you, you’ll lose your email all the same.
Maybe? I would hope that you could raise the issue with the dowmain registry or ultimately ICANN if the registrar does not let you move the domain elsewhere after banning you. Registrars do not have the same platform ownership over domains that Google has over gmail accounts, they are just middlemen.
Proton, or fastmail, or any number of other mail providers for that matter, don't control half of the internet. They don't associate personal accounts with professional accounts, and they can't block necessary services at a whim.
Because they don't _control half the internet_. They only have one service you use, not 50. Your phone (voice), cloud storage (drive), website hosting (sites), chat (not even gonna try), music streaming (YouTube music), video hosting, etc aren't all dependent on the same single point of failure like they are with Google. All your mail provider can do is stop processing your email for you (at which point you switch providers). If Google doesn't like you, you lose _all_ of those things, likely all at once. Google even has a hand in your credit card transactions with Google Pay (though anecdotally, I've never actually seen anyone use Google Pay, so not sure how many people that would affect). Google provides such a diverse range of services that having them all shut down on you is a huge deal. I'm currently in the process of looking for a replacement for my legacy Google apps account, and that's just email.
Thanks for explaining, I was curious too. I only use Google for email hosting out of your list. I can understand how people are deep in that ecosystem though.
When they start growing close to the size of Google you could start worrying about this type of problem. With smaller players you could reach them easier if something happens, especially if they care about their customers. Ultimately nothing is guaranteed so backing up the data regularly is a good idea but that's not the only problem though, a lot of people's identity is tied to some services that if they stop functioning for them they're in a bit of a nightmare situation.
In my case, I moved to Fastmail... and yeah, the hilarious thing is people remember moving from AOL to Gmail over a decade ago, and think Gmail is still so much better than everything else.
Gmail is worst-in-class at this point. It's slow, it's bloated, it's bad at spam filtering compared to the alternatives. They've been riding on people remembering email before Gmail, but not really actually stayed competitive with any modern alternative offering.
I admit I don't have a lot to compare between, but my company switched from Rackspace mail a couple years ago because of the unrelenting spam and seemingly no way to stop it. I suggested Google because I hardly ever see any spam there in my personal account, so we made the switch.
The difference is night and day. I can look in the spam folder for my work email now and there are hundreds of spam messages there for the last 30 days, and absolutely zero false positives. I have seen a handful of spam messages come through, but it's in the single digits over the last two years.
I believe you, but there is still the usual dark side that has been mentioned maaany times here: very often emails sent by small/tiny email providers aren't delivered at all to Gmail receivers.
That's often the case with one of my friends who has a Gmail email address: anything that I send him (once or twice a year) doesn't even show up in his spam list without first making him start an email exchange to me => in my opinion that kind of filtering is just too easy to do (come on Google, at least put it into the spam folder and/or show it as a colored/blinking line and/or put some warnings whatever - don't just delete it), and of course it poses questions about oligopoly etc. How Gmail works is just not fair (in my opinion) :(((
Silently dropping mail is something that should just not be tolerated. We need to enforce that email providers either deliver something (to the inbox or spam folder) or reject the mail at submission time - with legislation if needed.
I tried switching to Fastmail (from Gmail) 7-ish yrs ago, and I ended up switching back to Gmail specifically because the spam filtering was far worse with Fastmail. Is it Fastmail's spam filtering actually better now, or does it just seem that way when you start a new account because you're not getting much spam in general?
Another anecdote - I switched earlier this year (prompted because of the ending of my grandfathered Gapps account, but my experiences are largely with the "standard" Gmail account vs. Fastmail).
Spam filtering on Fastmail has been the same/better than Gmail was - including possibly fewer false-positives on the Fastmail side. Gmail was getting worse about those, both with mailing lists and individuals' emails.
Like many on HN, I'm diversifying my data/access risk across more providers. Too many wake-up calls recently about Google locking people out. There are still some services Google is compellingly better enough that I still use them (Android, Maps, YouTube, Google Sheets), but Email was too precious to tie up with them. I also wanted to finally kick myself into stoping using the `gmail.com` address at all anymore (maybe 20% of my emails before the migration).
So, I moved to Fastmail in 2016, and I'd say I've never had to get a legitimate email out of my spam folder, and I've never seen obvious spam hit my inbox. I do occasionally get the "my husband left me five mil overseas" type garbage, it's always spam-binned correctly. (Meanwhile, my Gmail account I retain in case someone tries to reach out to it, regularly has emoji-subject-filled spam and other garbage Gmail fails to classify, and also has a deluge of garbage spam coming in... at this point, Gmail is 98% spam for me?)
One important point here, and I don't know how long you used Fastmail when you tried it, is that Fastmail uses a personalized spam filter. It probably took me six to eight months to receive enough spam on Fastmail to actually train it. (In the interim, they use a non-personalized filter, which as I said, still worked!) Gmail doesn't seem to be able to make personal spam decisions: When I was regularly using Gmail, some types of regular messages would spam-bin no matter how many times I marked them not spam or classified them as a particular category of mail.
Many people consider Gmail as consenting to spyware. Unfortunately, lots of people don't know any better or haven't bothered to take a good look at the account settings or Google's policies.
Anybody that knows better, will avoid Gmail like the plague or use it for only the minimum.
That's so true. Switched to Mailfence recently. I still can't get used to it that whenever I click on something, the action gets done immediately. Its web/mobile client is a bit limited but crazy fast.
How is ProtonMail better than Gmail in your opinion? I use ProtonMail but find the UI meh, the spam filter worse, and the calendar bad (not to mention it's costing me $). I like the privacy aspect of course, which is what drew me to it in the first place.
the editor for Google Docs is the one really good thing I can't get elsewhere, but I don't do that much important stuff in it - just like planning vacations, etc. Once I'm done editing something, if I want to back it up I can just export it elsewhere
I've really pared down my Google usage with the end of grandfathered GAFYD accounts as the last straw, so down to Sheets, YouTube, and Android as my last google usage. YouTube has no alternative, Android has too much sunk cost, Sheets I'm probably going to go back to Syncthing + Libreoffice I guess. Office 365 is the equivalent alternative, but not sure I feel much better about MS's consumer products than I do about Google.
Just use Invidious links instead of going directly to YouTube (for example, yewtu.be for the same remainder of the URL) for viewing. If you're talking about hosting videos, use Vimeo. Even when people post youTube links I use the Invidious alternative to stop feeding Google data. Also invidious has embedded download capability on their various sites.
Apps and well the alternative to Android for me would be Plasma Mobile or something anyway. Many apps I use (Syncthing, Firefox, file manager, emulators) are forbidden or crippled by Apple policy.
While I have a work iPhone 12 so I use both iOS and Android daily, I do actually prefer the Android ecosystem, plus iOS being locked down in terms of installing third party apps is a disqualifier for my personal device. Also bugbears like the headphone jack, though I might be out of luck there in Android in another device rotation.
Out of the frying pan and into the fire. Of course, I'm being a little flippant, but the MS ecosystem is not without its problems. A colleague has 3 MS accounts for dealing with 3 different things (a government contract, a 3rd party company contract, our company account). Because of this, he was in hell for days because of some fubar on the MS side. I have (seemingly!) different MS accounts, for Azure development and Office 365 and I am regularly confused by the various MS websites.
MS Azure accounts always seemed odd and overly convoluted to me. I had an issue with my personal Microsoft account where I couldn’t sign up for an Azure trial (wanted to kick the tires on Codespaces before it moved to GitHub). Turned out, my account got associated to my kids’ schools MS account because that email address was on a school mailing list. That was a pain (and many hours) to get figured out.
my friends that have one MS/Outlook account at their jobs, which have enterprise support reps for their big enterprise accounts sometimes have multi-day lockout for unknown reason, 2FA failure for days, absurd issues with timezones being inconsistent across MS services, etc.
For Google docs I switched to using a Synology server. Very nearly as good (better, in some ways) and I don’t have to worry about what Google is up to.
The up-front cost and setup time is a stiff investment, but I’m much easier in mind now.
The other side of the coin is my wife’s gmail, which is going to be deleted come May. So... we gotta figure that out.
> Is there a Nextcloud / Owncloud alternative to Docs / Sheets for collaborative editing?
Yes, NextCloud and Owncloud both integrate with OnlyOffice Community Edition[0][1] which supports collaborative editing of text documents, spreadsheets, and presentations.
Same as Google, afaict. It has a slightly better permissions model, imo (I can create a doc with a password and share the link freely, or I can give specific permissions per user, like Google). Same editing/commenting/viewing interface.
My collab needs are pretty light, I only work with a few family and friends, but I haven’t run into anything I wanted to do in Synology that I couldn’t.
Protonmail specifically seems to have strange problems with some old and busted email systems, ex: I've seen several government ministries in Taiwan (roc) that for some reason can not send email to protonmail or domains MXed there and no one has been able to explain it to me.
Protonmail seems to routinely get flagged by fraud, spam, and security systems. You emails are probably getting eaten by a security appliance before it even reaches the government exchange server or whatever.
Protonmail is one of the few remaining email hosts that let you create a free account without a verified mobile phone number. It probably does get used for spam quite a bit - relatively to gmail/outlook/etc., not in absolute terms that is, IME most spam is from compromised hosts and botnets. Then again, the major mail providers, especial Microsoft, are really trigger happy and don't seem to care about the damage they do to smaller providers so it could just as well be lazyness or intentional anti-competitive behavior. I think at some point we will need legislation to keep email an open federated system.
> It probably does get used for spam quite a bit - relatively to gmail/outlook/etc., not in absolute terms that is
Not really, big players have the advantage that nobody is going to block them. Most of them spam regularly by thousands of letters before some automation of theirs triggers (or the spammer stops).
I've been using it for a little over 3 years and it serves all my note-taking/storage needs, especially with the relatively recent addition of extensions/add-ons. I have had no issues syncing through either dropbox or Nextcloud.
ProtonMail doesn't do e-mail categorization like gmail, so "much better" is very subjective. Their IMAP gateway is also a paid feature, which is really sucky.
For my personal accounts, I've stayed but now I have backups of everything elsewhere. I'm also now double-replicating everything across other providers. The value add having everything so beautifully in my Google account is enticing, so I continue to have that as my primary personal account.
For my corporate accounts there is NO WAY i'd use GCP. I have the privilege of MSAs with all three major cloud providers and we're doing most things with AWS. So on the corporate front, I didn't leave because I just didn't enter in the first place.
I tend to only use cloud drive as a mean to share files, but I do not trust them for permanent storage. Always keep offline copy (on multiple storage devices)
Yes, they do have customer service and I did get on the phone with someone. I'm not sure if this is universal, or because I had a paid tier Google account.
That said, the rep failed to provide any definitive guidance on issue or resolution.
For Google Workspace (previously called GSuite), you do get support. Anecdotal but I recently used their live chat and the person was very helpful and helped me figure out a weird issue with a lot of patience. I would say it was a pleasant experience but this was the only time I needed them so far so you never know :)
I've also reached reasonable-quality support due to being a paid consumer of GoogleOne, which includes phone support for most (all?) google consumer products.
>>> Is this an issue with all cloud providers? Or just large ones like Google, Amazon, Microsoft?
>>> I'm currently thinking of migrating from Google for productivity to Office 365. Wondering if I'm just re-branding the risk of my counterparty.
With AWS/Azure, you typically wouldnt have extensive personal data with them, so you dont have the risk of work and personal accounts colliding. I dont know anyone with personal emails/accounts/photos on the Microsoft ecosystem. With Amazon, whats the worst that can happen? You lose your connected Amazon purchasing account, doesnt seem terrible.
With Google you often have email/documents/photos with them. If you have an Android phone, you have almost everything with them.
BlackBlaze.
It required some manual effort and scripting.
It is on a manually triggered batch that i'm running quarterly.
I wish there was a service that could do it, ideally on a more regular cadence.
> Everyone here is commenting about overautomation, but this isn't an overautomation problem. It's a secondary sanctions problem.
It's both. When you work with tech companies this kind of overautomation is rife. When you work with any other type of business they give you an account manager and you manage these issues openly together with a relationship. If there was a human at Google who picked up the phone and worked out the problem with the developers before this ban was imposed, this could have all been nipped-in-the-bud before an account was terminated.
My current account doesn't have much money in it, but my bank would call me if there is an issue which would terminate my account, and I'm confident that they would work with me to offer up solutions rather than instantly terminate it. Google should provide developers more respect than my bank offers average consumers.
There is no excuse for them not picking up the phone and just talking these things through before they implement the bans (unless there is active malicious behaviour in an app, in which case I would expect a suspension to happen and be followed up with a phone call straight away).
Google is much more profitable than your bank, and this is why. The reason tech companies sit all at the top of most valuable companies is essentially because they've automated away a ton of tasks which normally require hiring a lot of employees.
The only way to fix this is to legally require it, because nobody's going to stop the profit train by themselves.
Well, yeah. Bankers would go to jail [1] for the kind of market manipulation google does on ad markets [2]. The realization may not have dawned on our industry yet, but the abuses big tech is currently into are the kind that gave banks their reputation, and also their regulation.
In both cases the organizations would eventually descend into using the skin of newborn infants for making snack food if they thought it would make them an extra dollar.
> The only way to fix this is to legally require it, because nobody's going to stop the profit train by themselves.
I don't know what Google's rates of customer service failures actually are, but even a minuscule of rate of horror stories seems to hurt brand, judging from HN comments.
I wonder whether fixing half of, say, 0.00000001% of cases that would otherwise be PR horror stories, could translate into measurable boost to brand value.
Maybe all the math has already been done, and all possible wins for creative automation motivated by business payoff (and promo bids) have already been achieved, or maybe not.
I doubt it. Brand value is a notoriously fuzzy concept, and corporate decision-making features a heavy measurement bias. A toxic brand might be measurable by the time it's influencing enough purchaser decisions to show up on "would you consider?" surveys, but that's an advanced stage of the problem.
I've never worked with or for Google, but having worked for software companies my whole life, I suspect that it's overautomation, combined with "silo-ing". Even if somebody identifies the problem from the user's perspective, it becomes a rats nest of responsibilities to untangle to figure out who or what group(s) can address it and how. The people who actually understand how a particular component works and can change it are limited to their particular component and the people who are nominally in charge of "everything" have no detailed visibility into anything at all.
There's also folks that justify their behavior and choices based on the size of their paychecks. As long as they get big numbers it doesn't matter if others lose their livelihoods arbitrarily and without recourse.
Google is dealing with a very real problem. There are bad actors, particularly internationally, who systematically and at scale try to subvert / cheat. This includes multiple accounts, and businesses that hire folks who try to cheat the system. Google almost certainly has statistics supporting the increased risk of working with developers / businesses that hire folks who break various rules. Certainly there are false positives as well.
A lot of folks are offended by $100 / year developer fees. If Apple et al charged $10,000 to get going as a developer, they would probably be better positioned to deal with all this less automatically. In fact, game dev historically might have followed a bit of this model (xbox etc).
Anyways, my own thought, there should be a pathway to a $5,000 fee where you get a higher level of human interaction.
>> Google is dealing with a very real problem. There are bad actors, particularly internationally, who systematically and at scale try to subvert / cheat.
I really dislike this explanation because there are so many obvious things they can do. Example:
1. Force uploads of Passport/ID for identity confirmation. If you have 100 accounts with the same passport...ok...issue, but if not, is it worth human review at least?
2. Force credit card payment with address verification, ideally match to passport. Same credit card used across 1000 accounts...ok...issue, but if not, perhaps worth a review at least?
3. Still an issue? Force user to pay $100 for verification and run credit check routine.
The idea that blanket account terminations are the only way to handle issues seem lazy.
Even if Google were paying support engineers $100/hr, in what universe is the average developer going to need 50 hours of support per year? In reality, it's at most averaging to 2 hours, and typically only in situations where Google messed up and should really be fixing it for free anyway, because it was their mistake. So, at most, it would be a labor cost of $300/yr including benefits and taxes, and more realistically that number is much closer to $100/yr.
And that's pretending they don't already make obscenely high profits per developer, and can absolutely afford to provide the necessary support for these situations, which again, are largely their mistakes to begin with.
You are conveniently ignoring that developers create apps which are sold in Google's marketplace, of which Google takes a minimum of 15%. They are making more per developer than $25. Please take your inflammatory nonsense elsewhere.
This type of setup is routine in most real businesses.
If you want to talk to a tech company engineer for bug fixes, you pay for that level of service.
There is something a bit almost scammy about all these "businesses" demanding white glove custom treatment, but complaining loudly about even being asked to pay a one time $25 fee to get on platform.
It used to be to deploy to a platform / get SDKs for the platform the costs were FAR higher.
There are something like 5M+ android developers. If you want to support this developer pool with 2-3 hours of work per developer per year, you are looking at 15M hours of work per year. And these people also become a risk - they can be socially engineered, they can be paid off etc. We've seen this over and over again.
If you look at phone co employees who are supposed to protect you from sim swap attacks etc, they have a large number of employees, so service is "good", but security? Not so much.
What you are proposing is that google should offer a human service in a very adversarial and tricky area (ie, your own staff may be working against you) and that asking to get paid for that is "extortion" that would result in jail time. This is perhaps why they don't even offer a way to pay (a lot) for a very careful high level review. Folks like you would demand jail time for them. Instead we are stuck with automation.
"Bid more than your competitor on AdWords for the literal name of your business or else they'll get the customers who intended to do business with you."
Some users like being made aware of competitors to businesses. In new SAAS app areas, I'm sure the top 3 results will all be competitions to the business I'm looking for. Works reasonably well.
You would think something like this would increase competition between businesses (competitors surfaced immediately for users). Instead I guess this is seen by a bad thing - though it's not been clear to me recently that the FTC is looking out for users, they seem to have gone BIG into protecting businesses for some reason.
Exactly. I don't think people appreciate how actively all of Google's policies are being attacked and attempted to be circumvented. I'm very suspicious of any developer that claims total innocence.
I can't help but notice the "they're a private company, so they can do whatever they want" folks that pop up whenever somebody's account gets banned for political views are strangely silent right now...
They were cheering it on a week or two ago when it was against Russians.
My favorite was when they were licking their lips and reaching ecstasy over Parler getting deplatformed but then throwing a tantrum like a week later when Terraria dev got banned by Google.
Terraria guy and this guy simply need to build their own Google, Gmail, Play Store, and Android, easy! ;)
> They were cheering it on a week or two ago when it was against Russians.
Also celebrating that Google was ‘on their side’. Until they are not.
> My favorite was when they were licking their lips and reaching ecstasy over Parler getting deplatformed but then throwing a tantrum like a week later when Terraria dev got banned by Google.
That was my favorite one. Basically the chickens cheering on the wolves eating the other chickens that disagreed with them. Now the wolves are eating them as well and they are complaining why they are ‘not on their side’ anymore.
They thought it could never happen to them. Just use the same ‘private platform’ logic towards them for everyone else that is getting banned after Parler and now they are all crying in the comments here.
These companies are not on anyone’s side and these bans can happen to anyone on their platform. They won’t change.
Maybe people getting banned from twitter for their political views is a bit different from people getting banned from their work means because the son of an ex-coworker abused youtube in some way?
This is the exact reason stuff like what Google is doing has gone unchallenged. Any attempt to say "Google needs to put more effort into avoiding false positives with content moderation" inevitably gets met with "Yes, I agree. The two of us both believe that I should be allowed to send death threats and dox random minorities without any criticism of my behavior."
It's both (over-automation and secondary sanctions).
The secondary sanctions exist because it's near-trivial to automatically create dozens of proxy accounts for a bad actor to launder reputation through. So in addition to direct fraud detection, Google has had to automate secondary "Is this account probably the same bad actor" detection.
That system, like any such system (including human review), has false-positivies where two accounts are believed to be the same owner when they are not. But the automation-with-insufficient-human-review problem is specifically Google's mistake, and there's room for improvement.
As somebody whose worked in the large scale anti-fraud area… I always make sure my team knows that the real people who fall through the cracks matter big time.
Anti-fraud is a tough space because you can never be 100% sure which actors are legit and which are scammers… after all if you knew who the scammers actually were you’d have blocked them all ready.
I always make sure there is some kind of escape hatch for legit users who get caught in our system. These escape hatches might not be super awesome for real users, especially if they fell into a bucket that strongly labels them as scammers, but at least they have an out.
I suppose the best practice solution to this is to try to keep company Google Play accounts as "sterile" as possible?
Give access to as few employees as possible, and have all access to Google Play go through a designated, trusted release manager or "play account manager"? And don't log in to Google Play from random browsers and IP addresses which could create an association with other Google accounts?
Or just don't link personal and company accounts. Even these issues aside , there are so many reasons to keep them separate and unrelated. That's not unique to Google but goes for GitHub, AWS, and whatever else.
Use company e-mail addresses to register for everything. Enforce it for your employees. This is in the interest of both the company and the employee. Yes, the summer intern gets a corp email too, which at minimum gets access to internal resources beyond the OT chatroom revoked when they are out.
(Your advise is not bad though: grant granular access as it's needed)
It sounds like Google have other means to establish links between accounts, though? An employee using their personal account and a company account from the same browser is likely to result in a "link" or association being established between those accounts.
Easier said than done, in my experience. Years ago I had to log into my Company's Play account on my computer for some specific reason, one time, and more than a year after that, my daughter purchased a game on my android phone and the CEO sent me a message saying "FYI, we just paid $3 for a princess coloring book app, please enjoy it with our compliments but please delete the Play Store login info from your devices." I still have zero idea how that could possibly have happened. That company will be shutting down and now I'm worried that my google account is somehow "linked" to it.
Guess: Logged in using Chrome? IIRC Chrome has specific functionality regarding retaining and linking Google account information. This is how you get the account-selector.
As mentioned in a sibling comment: Utilize browser profiles (Chromium-based/Firefox) or Multi-Account Containers (Firefox).
This may very well be the case, but it was years ago so I don't really know. This type of linking is something that always gives me the willies when it happens without warning and makes me think I should stay away from using components that are too "smart." I got really freaked out once when I was using a portable wireless access point owned by my employer (for on-call duties) in a starbucks and it told me a second device had attached to it. Turns out I had just bought a new iphone and Apple had stashed away the wifi password and automatically given it to the new phone, rather than the explanation being some hacker sitting near me in starbucks. I completely understand why they did this, but it really would have been nice to be asked if I mind if they store a copy of my password in the cloud.
> I suppose the best practice solution to this is to try to keep company Google Play accounts as "sterile" as possible?
This is probably "best" practice, but Google has randomly closed accounts for our mobile test devices. They're only used to run our (non-shady) apps on a single device that is never used with other accounts.
> he's being banned for having hired someone else who later broke those rules
FWIW: there's some reason to suspect that the "later" bit is being spun here. Per the timeline in the article, there were only 5-6 weeks between the employee being fired and Google taking action against the employer[1].
That's pretty tight, and from an enforcement perspective is going to make it extremely difficult to distinguish which entity is doing the bad things. And, frankly, given the spin elsewhere in the story, I'm inclined to suspect more ambiguity here and not less.
What's the ask here, that Google (which correctly detected the association between the accounts) audit the IT permissions logs of accounts that commit bannable offenses before taking action? That just doesn't seem feasible.
[1] They further spin this by trying to claim that the employee left in 2019, but have to admit that he was still present as a consultant.
Mar 2019 - H. Left the company, all permissions removed except on one game which we were still using H.'s consultation on - The app was unpublished later on
04 Dec 2021 - Termination of H. (Former Employee) account because of multiple policy violations
26 Jan 2022 - Termination of our company account (Raya Games Ltd - AKA TOD Studio) without prior notices and warnings
I think the 04 Dec 2021 is Google's termination of the "H" account.
Guilt by association is the kind of thing people create when they want to terrorize a population for control. It not existing is a basic human right.
What we are seeing is a monopolist abusing its power by directly harming somebody and the civil society refusing to acknowledge any harm. And it's doing so by the most visible power demonstration it can.
Google has freedom of association. If they don't want to work with you based on your employees, that's their prerogative. That's not controlling who you can hire.
Really, it's a monopoly problem. You shouldn't be affected by whether google wants to work with you or not
The problem isn't that you don't have options with regard to hosting, email, etc (with the notable exception of google play store), the problem is that once you've picked your option it's hard to migrate out, and as a customer you have a right IMO, whether in the terms or not, to a good faith effort on the part of the service vendor to sort our any problems you encounter with the service. If a robot just shuts you down no notice and there's nobody to reach to sort it out that's a negligent business practice and I believe any vendor of any service that operates this way is liable.
If they want to offer migration tooling, notice and access to your data I can see it being alright. A pain in the ass, but at least not the end of your business one morning while making coffee.
As far as google play goes, I think there's the monopoly aspect to work on and hopefully legislation brings a resolution to this problem, like offering independent repositories as a default option or something like that, til that time though, do not rely on it entirely. If you have to open source it and put it on f-droid, maintain an aptoide repo, apk download on your site and market that heavier than your google play account, whatever you have to do, just do not rely primarily on the play store because you're basically giving google the keys to your kingdom.
So no one should make an Android app, since the persistence of Android (with or without the play market) relies on Google not trying to lock it down into something similar to what Apple has.
> The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
> In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
Data can be both, in which case GDPR right still apply. Several GDPR fines have been handed down for processing business data about a person. Especially (but not only) data about sole proprietors/solo traders.
Got a link? Because while I don't doubt the logic, it just seems too esoteric to be an actual "issue" that people know about. Plus, I can't find anything.
Cool sounds like this guy can open a police case, a detective or police person looks into it, finds "yeah, sure enough, we audited Google's code and they broke rule 2c, so we'll give you X-million in compensation for this." And then the detective (because it's an open-shut case mind you) goes further with: Getting an extract of 12,393,333 other people affected by this "problem" so they issue a court order to charge Google 12,393,333 * X-million in damages. And then further also issuing a court order for Google to stop all operations immediately until they deactivate this automated process.
As if that will ever happen. We don't live in a world of rules and logic until things play out as simply as above.
Just clarifying that the concept of a limited liability company has nothing to do with this. It is about not having company liabilities (e.g. debt) reaching stockholders (e.g. banks seizing your personal car and house to pay for your business defaulted debt).
The timeline makes me wonder if the personal account ban triggered an audit of their previous actions and found similar activity from when they were an employee.
But Google has its own reputation (and users) to protect. It's taking a risk whenever it allows a developer on its platform. If a developer with low name recognition uploads malicious software, it's not the developer's name that makes the headline.
Crucially, there's no information on what the employee (and later contractor) 'H.' did to get themselves banned. Or fired. From the OP's own timeline, the ban came less than two months after they severed their relationship with 'H.' Google isn't swinging around the ban hammer years after the OP separated with 'H.'
The OP's games could still include code contributed by 'H.' And 'H.' is apparently untrustworthy. Is that a risk Google should be forced to take as the curator of the Google Play store? I don't think so.
Yes all large websites that provide financial incentives to run scams on them have this problem. Whenever there are $$$ to be made at scale the scammers will work very hard to get their cut.
The problem lies in the people who implement these anti-fraud measures forgetting that not every account their system flags is actually a scammer. The goal should always be to fuck over the scammer as hard as possible. However you must always make sure the real humans that get caught in the net can always get out of jail.
Assuming that the 1% of real humans that get flagged in your system don’t matter is how you piss people off. Always provide ways to get real people out of jail! Those people are honest people doing the right things. They are the ones you are trying to protect!
Are you suggesting that Google ban all current apps in their account? Google has no idea which apps 'H.' contributed to. Or whether 'H.' still has a relationship with Raya Games.
If 'H.' is a malicious developer, then all apps that were extant while 'H.' was associated with Raya should be considered suspect. Google (and its user base) have no idea what apps 'H.' touched. The very least Google should do is ban all apps uploaded and/or updated during 'H.'s employment.
And even then Google has no way to know whether 'H.' still works at the company, or will work again there in the future. Google doesn't (and can't reasonably) have any insight into personnel decisions at Raya Games.
Is Google throwing the baby out with the bathwater? Yeah, probably. But Google can't differentiate between baby and bathwater when it comes to malicious developers. Google has an affirmative responsibility to protect its userbase. It doesn't have an affirmative responsibility to let any individual publisher sell apps on the Google Play store.
I get what you're saying, but if 'H.' did something bad, Google should be telling companies that hired him to check their source code for malware. They shouldn't be accusing his former employer of being a shell company for 'H.' to continue doing bad things.
Once again, the resolution of this problem will come down to either the OP knowing a Google employee or a Google employee happening to see this and feeling pity. For the vast majority of people who deal with Google support and don't have access to Google employees how many of us on HN do, when the hammer strikes: they are completely out of options.
I have such little trust in Google's automation for banning accounts that I don't even bother commenting on Youtube or uploading videos anymore. Who know when some innocuous footage that I have will trigger a cascade of copyright strikes and ban my personal GMail? It's like walking around glass.
I don't understand why the fear of being sued is not preventing Google (and other big players) from misusing their position like this. Is it impossible to sue Google?
I was able to get my Adsense account reinstated simply by sending Google a letter alleging they had breached our contractual agreement. In researching my case I found a lot of people who had sued Google.
One of the most interesting ones was Free Range Content v Google[1] where a number of Adsense publishers had their accounts closed after Google detected invalid click activity on their websites. The publishers sued alleging Google breached the Adsense terms of service.
Incredibly the Court denied Google’s motion to dismiss and allowed the breach of contract claim to continue. Google settled shortly thereafter but the takeaway is that these terms of service contracts are not as ironclad as Google would like you to believe.
They have in house council coming out their ears, that know the relevant contracts, regulation and precedents by heart, and whose day job it is to manage these issues. They have the budget to delay / protract things indefinitely.
You are paying hundreds of dollars per hour to someone who is discovering your issue.
It's possible,sure. But how do you think that's going to play out?
Unless you lost kin, or a 5 million dollar inheritence due to your issue with Google, you're going to find a way to live with it.
The aim of the lawsuit threat, would not be to actually sue but to get someone to reinstate your account.
The whole idea is that you get a lawyer to be taken seriously instead of been dismissed.
It costs them money to have their lawyers look over a letter from your lawyer. It costs them nothing to ignore your emails. It also separates you from most scammers, that would not get a lawyer because their position is bullshit but will 100% send a bunch of emails to googles support.
Theoretically no but practically yes. Even if they know they are in the wrong and would loose a court case, they still "win" by just dragging it out and making you go broke on legal fees.
Do you really think they'd drag out the case endlessly rather than just having a human spend 5 minutes looking at your account, verifying that it's indeed not malicious, and reinstating it?
Their wealth and power rivals many states, yet they act with a level of impunity that most dictatorships will never attain. We can and should break Google and others up into many smaller companies. They'll be less efficient that way, but efficiency is not in itself a goal.
> the resolution of this problem will come down to either the OP knowing a Google employee or a Google employee happening to see this and feeling pity.
In other words you need [transitive] "Google priviledge".
I will say this once again: App Stores are too important in the current world to be left to the mercy of some big Internet company. I agree they should get a cut due to them being both the creators and maintainers of their platforms, but their ability to regulate what's in them should be left to a third party or government agency, just like trade is not left to its own devices and has regulators. Apple and Google are way too powerful for their own good.
Figuring out a fair and effective set of laws/regulations to control how these companies run their app stores seems way too hard and unrealistic.
The easier and more effective solution is to simply force them to allow alternative app stores (without suppressing competition, like Google currently does). A free market tends to correct itself in the long term, so that should solve the majority of problems plaguing the mobile software industry today.
> Figuring out a fair and effective set of laws/regulations to control how these companies run their app stores seems way too hard and unrealistic.
I don't think it's hard or unrealistic to force companies to provide realistic support. Entire industries have had this established for decades.
Imagine you're renting office space and the landlord decides you've done something wrong, clears your things out and changes the locks -- refusing to tell you what you've done or allow your business to continue to operate. This sounds extremely unrealistic because it is, in the real world you'd take them to court and sue them for losses. And there is plenty of legislation behind it to support you.
Similarly, having companies like Google become accountable like this isn't actually that hard. There just isn't any will to do so at the moment and livelihoods will continue to be destroyed in the interim.
That’s different though. There aren’t only 2 landlords in the world, so making laws that affect landlords makes sense.
But how do you design a law that corrects the bad behavior of 2 monopolists, while at the same time not adding a burden to any potential competitors (and thereby strengthening the existing monopolies)?
Forcing competition makes more sense to me. No need to get into endless debates about the risks to innovation, or government being too big, etc. Just open the gates to competition and call it a day.
If the mobile app store market goes to shit in the future, then we can start getting into the weeds of it. But for now, there’s no need for that; the answer is obvious.
> while at the same time not adding a burden to any potential competitors (and thereby strengthening the existing monopolies)
Expecting some level of support being provided, especially in a paid B2B engagement, doesn't stifle competition. If a competitor can't provide basic support, especially when they're just starting up, then it's best that that business fails.
They're essentially modelling their business plan based on Google's worst attributes. That's not competition I'd like to see develop a foothold, or the type of competition we should be encouraging, let alone structure our laws to support.
Yes, competition is better. Force them to allow other app stores on the same footing with Google's and Apple's. See how fast both suddenly find resources to deal with issues like these.
Sunlight (and competition) is the best disinfectant!
Not necessarily. In a competitive market, Google would need to fight to win over developers, otherwise their store will be lacking apps, and therefore customers.
A noisy post like OPs would actually make Google shit themselves if they didn’t have an app store monopoly. Even if it’s a single dev out of millions, the bad press would be much more costly than making things right.
I would much rather have a repository system like F-Droid (or you could compare it to Debian/AUR/openSUSE) where the publisher has to create a repository that respects some kind of standard so that they can distribute their software.
NewPipe does this for F-Droid in order to deploy the updates faster. Otherwise, F-Droid needs to very, compile and deploy themselves and it usually takes a few days.
F-Droid repositories are equivalent to alternative app stores, including all of the associated malware risks they bear, just with a nicer UI and lower barrier-to-entry than building your own app store.
F-Droid's rules exist specifically to ensure that an app's source code corresponds with it's binaries. This reduces the risk of using F-Droid because all source code is available and auditable. There is no guarantee that said source code has been audited, and FOSS malware does exist[0], but it makes it harder to hide such code.
I would personally prefer if Google Play had similar requirements, but the entire industry would be up in arms if Google started mandating source code escrow.
[0] Notably, the ironically-named `peacenotwar` package on npm, which is a cyberwarfare tool that attempts to wipe files on Russian and Belarusian machines.
Eh. Governments should absolutely not get in the business of creating or running an app store. Mobile computing is, effectively, a necessity in the modern world but the web already serves as a great independent distribution platform. We should rather focus on not enabling the technology giants to gimp the web for their business moats.
I know a group of devs collaborating on a side project. Same thing happened to them. They created a new developer account for this project, worked together on it, and the app vanished off the store and dev account terminated, along with one of the developer's personal developer account.
They assumed, but don't know, it was because the developer who had his personal account suspended as well once worked for a company who was kinda scummy and went fully scummy a few years after that developer left. Somehow that was associated with him personally and then the chain of guilt made its way to them.
This seems to re-enforce that this kind of chain of guilt is a thing.
It's the new virus! Your account was terminated because you know a guy who knows a guy who worked at a company whose CEO is the cousin of a guy who broke Google ToS.
In the Apple TV series Foundation they do that, including extending beyond the family to any kind of connections, friends and etc. Eventually including something around 1500+ individuals tied to one person. The point being to eliminate whatever impact that person had on the universe.
Maybe Google's algorithm is more concerned with being a tyrannical emperor than we think ...
My question, is there some statistical support for this? I scummy company employees tend to trend towards scummy stuff? No doubt lots of false positives, but folks keep on seeing this as a "mistake" google is making, and google may not think this type of associative banning is actually a mistake.
I think the problem is the only solid connection google has are developer accounts / that's the only club they have to swing. So bad actors may jump from account to account and Google's method of whack a mole is to just associate accounts.
Way back in the day I worked on an old forum where we used to try to do that for spammers and such. But we didn't automate it. We just had a checking mechanism that would indicate if some accounts might be from the same person ... maybe.
But beyond anecdotes and the above story I've no idea how widespread this is.
But Google is not open about the reason and if you can get the attention of their internal support people (if you have the right kind of account) they don’t seem to know why this was done either. If Google were explicit about the nature of the problem and were to provide an open process to contest and address the accusation that would help a lot. As it is, they are opaque and non-responsive. It’s an abusive relationship.
In the discussion of the last article, there was a discussion about weaponizing "associated accounts" when Google shuts things down.
Looks like it's 100% a valid tactic.
Looks like you need to make sure your employees all leave on good terms, and stay on good terms in the coming years. Otherwise, you too might find your Google accounts terminated with no recourse.
This also suggests a need for app development companies to ban developers from using personal accounts to associate with a project. I realize this just sends more money in the direction of Google but if every app developer was set up with a G-Suite (or whatever it's called this week) account for developer access then there could be no question of actions a developer does on their own accounts coming back to bite the company. Likewise, there needs to be a mechanism for the company to mark a developer's account as "fired for cause" so that if they did anything toxic on the company-assigned account the company could pre-signal to Google that they are proactively taking care of things and following the rules.
> ban developers from using personal accounts to associate with a project
As I understand it, this may not be sufficient, since Google also looks at things like "logged in from the same browser" or "logged in via the same IP" to find associated accounts.
> mark a developer's account as "fired for cause"
Which, practically (and maybe legally) speaking is not something Google needs to know. Then again, in a world where Google can shut your company down arbitrarily, perhaps it is something Google needs to know...
So you need to have separate WiFi networks, separate corporate devices that are so locked down that developers can never use their personal accounts from your devices or your corporate IP range (and ensure the same applies in reverse).
This sounds virtually unenforceable. Gated and protected phones and computers are the domain of highly secretive projects, and cost an arm and leg to enforce. It means searching personnel as they enter the protected zone for watches, phones, computers, tablets, etc. Since phones geolocate and Google has this data, the protected zone needs to be enormous. Like, an entire city block to prevent the algorithm from detecting the handover. If you somehow overcome this, you need to ensure that the employee never ever, for any reason ever logs into anything personal on the gated devices. It basically means preventing them from using the internet. How productive are developers who can't go online? It also means zero cross-communication to outside the zone. No emails to/from home/work. No sending files, no checking emails, no taking calls (someone could easily use a connected service to make the call). This "air" gap is extremely difficult to enforce.
I've ever seen anyone successfully pull off this kind of secrecy in anything larger than a 10 person team, and the cost was insane.
So, please correct me if I'm wrong, but I think I read a similar HN article a while back, that said a users company and their personal google developer accounts got "associated" somehow (can't remember the specifics), so I'm not sure if that would be a mitigation for this issue.
I do agree that it's a sensible thing to do and it _should_ be enough to mitigate issues like this.
It is valid and I’m sure quite effective but it isn’t perfect. You need to provide escape hatches for real people in all anti-fraud systems you create. Even if those escape hatches sometimes let fraudsters through as well.
I’m not Google and I don’t know the kinds of fraud they attract (note: probably all kinds of fraud imaginable) nor do I know the level of effort those fraudsters are willing to put in (note: probably unimaginable amounts of effort)… but I do know that all anti-fraud work needs to allow ways for real people to escape. Your job in this space is to protect real users… and sometimes those real users inadvertently behave like fraudsters and get flagged. There has to be ways out.
It seems like there is: appeal your case in a public forum (HN, Reddit) and hope you catch the attention of a sympathetic Googler with the political clout to get the case reviewed.
But I can't imagine this will work forever. It certainly doesn't scale.
I think it would be more accurate to say, when an employee leaves, it's imperative to cut that associated account, regardless of whether you're on good terms with them or not.
Upvoting just because Google's (and Apple's) app store processes are so horrible, and this is probably the best way the case gets noticed by someone human in a normal timeframe (according to the post, they've been going through it for 2 months already).
To everyone reading this who feel the same: Please avoid commenting too much (unless necessary) since HN pushes down stories with lots of comments (to disincentivize flame threads) even if it has tons of upvotes.
Who can not help you. Appstore policies are rife with catch-22, personally I have never had problems with Google but Apple has been a pain every time. I am unable to update a ten year old app because Apple think they know the 10k daily users better.
15-20 years ago, I had a pretty good opinion of Google, as they seemed competent and true to their then motto "don't be evil". Now I avoid them wherever I can personally (unfortunately, and to my great dismay, my employer is fully dependent on Google cloud products). It seems they have become very evil. And what's worse... casually evil. The fact that these things happen is bad enough, but not having any recourse or a good way to resolve this is just unacceptable.
Even 15 years ago we were hearing stories of Google summarily terminating whole accounts without stating a reason beyond some business-ese for "You know what you did". They have always treated their anti-fraud teams as secret police rather than just a way to mitigate business risk.
10-15 years ago me and I assumed most people here viewed Google in a very positive light. At that time they seemed to be doing everything right and were somehow at the top of everything they did. Gmail was game changing, Search had no equal, Youtube was mind boggling, and Android and Chrome and so many other things. Somehow they lost their way in the process which is a shame.
Update: Google reviewed our case and reinstated the accounts. I really appreciate your help and I'm extremely grateful to anyone in this community who helped us to reach a real representative in the policy team. Although our issue has been resolved (and we are really happy about that), there should not be a need for such a social media campaign in the first place and not all small businesses might have this chance to reinstate their accounts. I hope that the team at Google stops associating the accounts automatically and would improve their relationship with the developer community more than ever.
This is the issue with data being tied and connected....
Not long ago, someone here raised similar concerns with Microsoft 's ecosystem
It stemmed from their current underway process to force all Minecraft accounts to Microsoft accounts, and the current Microsoft account process, if you don't add a phone number during account creation, locks and bans the account automatically after a week with they only recovery option being to then give a phone number, and most voip ones are auto detected and not accepted.
If you set up the account with an alternate email, that has no effect. Setting up TOTP has had scattered reports over sometimes allowing the account to not auto ban you, but recent reports are that this too often won't stop it.
There are reports that using Microsoft s own authenticator app, does stop the account from auto banning you unironically, that I have not confirmed
Of course this means they can then tie it to potentially your computer pending how you set up Windows, or Xbox live, etc.
Which is a risk if you've been formerly banned from something like xbox- everything is now linked, and therefore subject to action automatically with no human team to talk to about the process.
Also, if you then go and give it to them then afterwards try to remove it, the system will not let you without extreme effort, and more details.
I worry greatly about this situation where our personal accounts are all tied together through hardware ids, mandatory phone numbers,IP addresses, and different accounts across systems, only to all get banned or locked out at once with no recourse - or demanding more data(like Minecraft indirectly giving Microsoft every single phone number for the biggest player base in the world, as mandatory(with specific exceptions for like one or two countries who's laws they are working around now, with Korea appears to be one)
Also, so many companies use Amazon, Google, Microsoft company emails and systems- your full name is there, so there is a increasing risk that if something happens to your company account, the systems knows your personal accounts and by name, bans or affects them too.
Privacy advocates are being proven right about the need to be able to not give info that ties everything together
This. I genuinely wonder if people understand how much data is flowing about them on a daily basis and whether they would care if they did. I am just a guy at a place and I personally think I have way more insight in people's private lives than I should.
I can't imagine how bad it is at a less regulated institution.
Do you have the source information on the minecraft accounts? I'm about to fall on this grenade myself. Needless to say I've avoided an MS account like the plague but of course that didn't do much good in the end.
I have done some poking around and digging into the microsoft account lock out thing, out of curiousity- only to find it appears to be true, as i've had a LOT of test accounts banned in the past 2 months. I was trying things like setting up alternate emails, and TOTP...
I suspect burner phones are the only way to not give one's phone number, or to gamble with the microsoft authentication app, which theoretically ever since recent versions of android should not be able to pull your phone number from the hardware - theoretically. I have not tested that out yet.
There's quite a bit about this out there
Here's one such thread where a lot are trying to figure out why they are being forced to give up their number
https://github.com/MultiMC/Launcher/issues/4093
to my understanding, since they fully linked it- once your MS account auto locks- you can't do anything, since it's linked to Minecraft- as well as other stuff. You'd think they'd allow one to still play Minecraft- but i guess if you can't log into the account, you're out of luck
We need legislation forcing companies to manually review algorithmic decisions that impact people's lives - there has to be a proper appeals process.
It's simply not economical for many companies to deal with the long tail of false positives, so they don't. Google has billions of users, and if their algorithms are 99.999% right about bans, their metrics look great but that's still tens of thousands users wrongfully banned.
I'm not usually a fan of government intervention but this is such a no-brainer for regulation.
With how much our modern lives are dependent on services like Google's, they effectively become utilities and should be regulated as such.
Call your congressional rep [1]. That's what it takes; to get policymakers to write and pass the law. I imagine there's bipartisan support at the moment for reining in Big Tech [2].
Google is never going to improve the situation out of the goodness of their corporate heart (if such a thing were even to exist).
I don't know if it's still true, but pre-pandemic I used to have occasional contact with legislative types, and they regularly told me that physical letters carry more weight than phone calls, and email was a distant third.
Pretty much, the amount of effort you put into your communication is a reflection of how important the issue is, and how important it is to you.
Which kind of goes hand-in-hand with lobbyists. Companies don't pay them millions of dollars to send emails or rant on web forums.
Sitting out means those who do reach out have a louder voice with policymakers. You can't not participate and also be upset by the outcomes due to your lack of participation.
Microsoft have a better solution, or at least one of their departments does. You pay for support questions and if it turns out it’s actually Microsoft’s fault they refund you the fee. It’s great and most of the time I never had to pay. When I did it was still money well spent as I got good support.
There have been a few occasions where I would gladly have paid Google/Twitter/Apple to answer my questions.
A few months ago I was banned from Twitter for sharing a meme that literally said "I fucking love outer space." [0] That was it. Just an image with some text on it. For some reason this angered some algorithm and 10+ years of tweets and interactions were gone. It was heartbreaking. For a lot of people I followed that was my only real way of engaging with them.
The worst part was the complete and absolute silence from Twitter. I tried opening a support ticket and got no response. DAYS later, I got an automated email about what I needed to do, but the instructions didn't even work. Eventually I was able to get my account back about a week after that by going through some cumbersome verification process.
All for sharing a dumb space meme.
In that moment, if I could pay $10 to talk to an actual human being who could resolve my problem or at least tell me what I needed to do, even if it was via web-chat, I would gladly have done so.
Hmm, I know how you feel. Got banned on some subreddit for some stupid post. 10 years of comments linked to that account. Will never be able to post in there any more, and there is zero appeals process. The moderators themselves are just silent, no response to my appeal at all. The response from the admins I got to my ticket on an ‘unjust ban’ was basically ‘tough luck, subreddit moderators can do whatever they want’.
Living in a liberal democracy has made me so used to the system working mostly fairly that these interactions with a ‘fiefdom’ introduce some sort of cognitive dissonance.
You can sue them, which is the normal recourse for disagreements between companies. Usually that starts with a letter requesting documents from your lawyers to theirs
People sue big companies over bullshit all the time, sometimes it works and sometimes it doesn't. I called a lawyer and they threatened my bank with litigation a year ago, and the bank remedied their mistake (this is a company on par with Twitter).
It's more head scratching to me that people think it's going to be easier to pass legislation than to go through the existing legal channels when a company's policies are causing damages. You sue them.
I can't imagine committing bandwidth to sue a major tech company. We didn't have a lawyer on retainer or something at my old company, we were a very small operation. I'm not saying it isn't an option at all, but it's not like going down the street to pick up some milk. It also just strikes me as silly we should have to sue a company to correct a relatively simple error they could fix if they'd just pay a modicum of attention/responded to us.
Lawyers are how you get them to pay attention and respond to you when companies do shitty things and you don't have recourse. It's really not that expensive or difficult to send a letter to their counsel and get a reply.
Every business needs some kind of legal advice, they don't have to be on retainer. You probably did have one or more lawyers that your leadership was in contact with for particulars. Every business I've worked at has dealt with legal bullshit at some point (even the 3-4 person startups!).
Sure. I think I gave the wrong impression above, I just think for a lot of people it’s very daunting - and I definitely don’t think we should have to sue major companies to get basic service/responses. But I get what I want and what the reality is don’t always align haha
There's a Twitter account that has our company name, but it hasn't been used for a decade, and has only one Tweet. I'd love to pay Twitter to talk to them, so we can take over the account. Maybe they have a process for this anyways? I don't know. All I know is this account gets tagged all the time by people trying to tag our company.
Find your way to your local Twitter ad rep. They may be able to facilitate transfer of an inactive handle. It obviously helps if you are buying or intend to buy ads on Twitter.
Google doesn't have billions of developers publishing Android apps, not even close. They shouldn't need to make these irreversible, algorithmic decisions on the Play Store. They choose to, and there are engineers and product managers and etc that individually choose to support those efforts.
It's true that there aren't so many developer accounts, but there was a thread on here not long ago that discussed how someone's life was turned upside down by getting locked out of a cloud account without recourse. Not even the account being hacked, just being unable to access it.
I would imagine any broad-based regulation around recourse for account locks is likely to start with the individual B2C user due to how many more of them there are (essentially everyone, even if you only count Apple and Google - legislation would of course cover every provider).
The bigger issue is that I don't even know where or how you would start with this. Ironically, there's a certain amount of comfort in knowing that your data is behind an unresponsive brick wall these days as it makes it harder/impossible for someone to socially engineer their way in. The downsides to that are many and varied, and what the post references.
I agree. These walled gardens wouldn't be the end of the world if you could actually talk to a human customer service person to resolve these issues. The problem is that companies are willing to use algorithms that are 95% correct because it's good enough for them, but that ignores that it's screwing over a percentage of their customers.
It’s kind of baffling to me that YouTube/google, Facebook, etc. have been able to get away with “well there’s just too much to manage so we deploy algorithms and pray to the code god it meets a minimum threshold to keep the government off our backs.”
Imagine I’m a trillionaire real estate mogul. I have 1,000,000 properties under my domain across the world. Some will, inevitably, not get the upkeep they need and a situation like the apartment building in Miami occurs. Let’s say even that no one dies, to be generous. Another building the electrical is jacked up and held together by paper clips, regularly leaving residents without power. Another one has grey water coming out of every faucet.
The government comes in and goes “hey, a bunch of stuff isn’t up to code. You can’t have buildings like this.” I then proceed to go, “well, it’s unreasonable to expect me to address every problem. I’m just too large of a company with too many assets. I’d need to hire a small army to manage it all.” The government goes, “huh, that’s reasonable. Well I guess just automate what you can and do your best!”
The EU's proposed Digital Services act mandates a proper appears process for account suspension/termination related to transmitting "illegal content", is "or incompatible with its terms and conditions".
This appeal is required to be real, actually reviewing the content or conduct in question to determine if it violates the law or terms and conditions. If there is enough information to conclude that no violation occur, the company is required to reinstate the account.
If after the appeal, the user is still not satisfied they can appeal to one of a set of government approved arbitrators, who will listen to the dispute and decide the case. It is the user who gets to decide which of the arbitrators will be used (among those certified for the relevant category of platform). The company always handles its own expenses associated with this process, and if the company loses, they must reimburse reasonable fees and expenses incurred by the user.
These appeal processes also apply to removed content, not just account suspension/termination.
There is an exception for "small and micro enterprises" though.
The main downside of this law is that its primary purpose is to create a DCMA++ framework over in Europe, but it still looks to have a much better balance of concerns that the laws here in the US have.
> We need legislation forcing companies to manually review algorithmic decisions that impact people's lives, and have a proper appeals process.
What you want is human judgement, but it will be hard to legislate that. What can easily happen is the human parroting back the underlying reasons for the decision. In this case "We have reviewed your case, and according to our records the account is associated with the problematic account"
I have had this happen to me in bureaucratic situations with no computers involved.
That seems like the same problem we have hear just now you get the headache of the courts on top of the decision, how many people avoid court now for much more impactful and legitimate situations simply because they can't afford the time and money?
What we want isn't review of automated decisions, what we want is openness, transperancy and clarity in the process. The problem people have isn't so much the appeals process it is the opaqueness and seeming arbitrary nature of the whole thing.
There are problems with how transparent you make things though (i.e., giving away the underlying signals). There’s a moving target between fraudsters and risk teams at companies where the fraudsters will try to run just up to the edge of alerting systems without passing over, then scale and repeat it.
If the signals used are made public, fraudsters will win every time. It’s the same with search engines- if they publish how a score is calculated, people will game it immediately.
Maybe the signals should be required to go through a review with authorities? Idk.
I came here to say this too. A lot of the anti-fraud stuff is a closely guarded secret that changes all the time. I don’t even think that legal would let us disclose it even if we wanted to!
That isn’t to say there shouldn’t be some kind of way to escalate an appeal to a real human.
Of course keeping the fraudsters from DDOSing the crap out the appeals process will be a challenge! Because I could see them doing that…
>We need legislation forcing companies to manually review algorithmic decisions
No, I'm sorry, this is a horrible, horrible idea. As long as these companies are targeted by automated spambots, they need automated systems to counteract and remove spam accounts. That's just the reality of the internet arms race in the last 20 years. If you make them manually review everything, you hand a victory over to the spammers and degrade service quality for everyone.
>and have a proper appeals process.
This is a much better idea. Do this and require them to have a functioning customer service department.
Fully agreed - I wasn't suggesting they review every manual decision, but do it as part of a proper appeals process. Google, for instance, is likely seeing abuse on a scale where they have to have automated bans - for everyone's benefit! - and there's nothing fundamentally wrong with that as long as you can escalate to a real human.
Edited the comment to reflect this - thanks!
I worked on an abuse prevention system in the past and know the challenges very well, except my company actually put in the effort to respond to every appeal and compensate affected customers for their troubles.
Yes, humans are expensive, and spammers will try to game the appeals process, too - but it's simply a cost of doing business.
> Yes, humans are expensive, and spammers will try to game the appeals process, too - but it's simply a cost of doing business.
Another Hacker News commentator¹ had a good suggestion for this problem:
> Microsoft have a better solution, or at least one of their departments does. You pay for support questions and if it turns out it’s actually Microsoft’s fault they refund you the fee.
If users paid some up-front fee for the appeal, similar to the above, regular users would have the opportunity to appeal an automated ban (if the appeal was done properly). On the other hand, spammers and other malicious actors would have to pay money for the opportunity to attempt to game the system.
Why not make it hard to create a Google account? Why is that not on the list of potential solutions? If you have bad actors that can make hundreds or thousands of bogus accounts in an automated way, it means the account creation process is too easy. Any legit user who actually wants a Google account already has one and those who don't but actually need one will jump through the necessary hoops. Google isn't a startup anymore.
I believe the GDPR already has that. The problem is that the GDPR is not enforced enough and not enough resources/willingness are allocated to enforce it.
The problem in account termination cases would also be that:
1) they can claim they've reviewed the ban, that it's legitimate and they're refusing to disclose the reasons behind it to avoid helping people circumvent the ban, while in reality they didn't do any investigation at all. Proper enforcement should be able to pierce through this veil (by forcing them to disclose the reasons and data behind the bank to the regulator, a neutral third-party), but it's missing and nothing suggests it's going to get any better.
2) given that businesses are still allowed to essentially "fire" customers at will, and changing that is impossible due to wide-ranging repercussions, nothing prevents them from "firing" you anyway. Proper antitrust enforcement is needed here (so that you're not allowed to "fire" customers this way) but that's missing as well.
That’s the problem with all these abstracted types of legislation.
All it would take is to reestablish that you are the sole owner of your information that is your property, as has been established by the courts, and it cannot be sold without a formal contract, e.g., the way real estate is transferred; and that any tracking is illegal stalking and wire fraud (because it is) just like tapping someone’s phone would be since it is using the public internet. Alternately, these companies can stop relying on the public internet for illegal criminal actions and fraud, and build their own internet if they want to track and stalk people.
The law exists, it doesn’t matter what other laws you make when none, even the fundamental Constitutional law, is not enforced and simply ignored. We have too many people who have these narcissistic perceptions that the real problem is that their pet legislation hasn’t been added to the mountain of legislation; when the real problem is people trying to control others, some in business, some through legislation.
If the general public does not recognize this soon, the clutter of legalization will become a prison, if it isn’t already.
The GDPR does require algorithmic decisions to be non-final. However it provides no mechanism beyond allowing the company to just claim they manually reviewed the case and came to the same conclusion as the algorithm. The purpose of that requirement is really more to limit the effect of automated decisions by insurance companies and such.
In my experience, the algorithms are much more forgiving than humans. At least, when I worked with the risk team at my FinTech company, algorithms flagged people for review and then humans decided to unflag or terminate their accounts. The only time we’d do a freeze is if it looked like an account take over (since that could super badly affect the account owner).
Very true, I've seen similar things. Humans can be just as cold-hearted and unempathetic as a computer is, especially when they deal with problem "people" all day every day.
In banking and financial services we have regulations that require "model validation". Any automated decision needs to be tracked and compliance needs to check the decisions to see that they are sound. They were required after the financial crash in 2008 in order to get a better handling on financial risk modeling, but the laws were written broadly enough that they apply to other automated decisions in financial institutions. We could take lessons from these regulations and apply them elsewhere.
There is a (state level) legislation proposed to 'open source' algorithms used for hiring[1]. Makes sense to expand it to all decision making processes.
> We need legislation forcing companies to manually review algorithmic decisions that impact people's lives
It's not hard to argue that all algorithmic decisions impact people's lives though, Facebook for example, prioritizes certain friends' posts over others... it doesn't seem like a stretch to say this could actually impact who you're close to.
Agreed. I'm facing this right now with my Amazon account, and posted a question related to it. Basically they detected something suspicious, locked my account a while ago, and now the account is irrecoverable for an opaque set of reasons that they won't elaborate on. I feel totally fucked.
You'd be amazed at how a little regulation right-sizes things in corporations. I work in banking -- there's no grumbling about our regulatory landscape. We just have teams of people who make sure we're compliant, and we get through our audits. So, to answer your question: yes.
Why are you comparing banking regulations to tech support? The former is crucial to trust in money, governance, and societal functioning. Tech support is easily overrun and exploited by bad actors, and the upside for the company is very minimal.
The upside of good support for the company wouldn't be minimal anymore if giant and/or frequent mistakes could get them kicked out of the market, either temporarily or permanently.
What I worry about most is that human support requirements will apply to smaller companies and essentially guarantee supremacy of big tech since no startup would ever be able to disrupt them.
Yes of course we propose to make them provide support against their will.
Like we force telecom companies to serve rural areas against their will.
Like we force construction companies to use safety gear and have insurance for injuries against their will.
Like we force credit companies to provide mandatory disclosures.
Like we force airlines to do what the people in the control tower tell them to do.
And so on. The entire concept of a corporation is a legal fiction, a privilege granted by the state that enables them to pretend they even have something analogous to free will. Without the consent of the state companies wouldn’t exist at all. Maybe we should do a better job of reminding them of that.
force companies to provide support against their will?
Yes. This happens all the time in all sortes of industries. But people on HN think that tech companies are somehow different and shouldn't be held to the normal rules that other companies have adhered to for decades, generations, and centuries.
But that's only part of it. A business account might not fall within these rules, and Google can enforce them anyway (after human review) with very little recourse available.
Not really. We a comparable situation in a lot of different industries; if a large companies serves tens of thousands of customers and get hundreds of thousands of malicious requests, they're going to do some filtering and it will lead to some people getting stuck in the cracks, even if it's just 0.01%. More app stores won't solve this; if enough developers would be burned, the problem would solve itself on its own.
That's not to say that I like the current situation, but from what I see it's likely that the actual number of incidents is low (compared to the number of Google's customers) and a third or fourth store won't change this.
There are alt stores on Android though, it just seemingly doesn’t matter. The root problem is that consumers don’t care about this problem and voted with their wallets for the current situation. That’s not necessarily surprising: most people didn’t care that their clothes/shoes were made by suffering child laborers, so a few relatively comfortable devs having to essentially find a new job is barely going to register.
I think that forcing human recourse _is_ the solution. This problem is much bigger than just the “App store duopoly” axe. A law that required the ability to perform all account actions/appeals/etc realtime with another human (phone, chat, etc) would’ve also minimized the need for the recent unsubscription laws as well since the hassle would’ve been much less in the first place. These are the kind of foundational human-centric business laws we need instead of the reactionary hyper-focused ones that don’t address root problems and usually just wind up further cementing incumbents.
> We need legislation forcing companies to manually review algorithmic decisions that impact people's lives, and have a proper appeals process.
I don't think this is enforceable nor I think it's even possible to have such legislature.
At the end of the day Google has every right to decide what they put and what they don't put on their store, with whom they do business and with whom they don't.
> With how much our modern lives are dependent on services like Google's, they effectively become utilities and should be regulated as such.
Calling an online application store an utility seems quite a stretch.
De-googling and de-duopoling is the answer to these situations. At the end of the day you can't force Google or Apple to have your products on their shop.
Apps are effectively utilities today. Apps have replaced taxis and phones. Order food through an app. Transfer money and buy things through apps. Find jobs and work those jobs through apps. Pay parking with apps. A lot of the developing world don't have a web app for certain things.
Refusing to have say, Telegram, on your app store is similar to not allowing a telco to operate. Also as much as I dislike Meta, if Apple/Google decided to remove WhatsApp/Instagram/Facebook, that would disrupt a lot of lives. Many businesses heavily rely on WhatsApp, more than they'd rely on landlines in the past.
> De-googling and de-duopoling is the answer to these situations. At the end of the day you can't force Google or Apple to have your products on their shop.
Eh, just de-googling is probably enough. This isn't really a walled garden problem, this is mostly a Google problem. Apple can do stupid things, for sure, but you can reach a human there. And they definitely don't have the same Google algorithmic "scorched earth" account banning style.
It's unfortunate this comment was grayed out so quickly and I hope that changes.
The sentiment is basically correct. Enforcing a ban on stores being able to control who they do business with is a radical break with all precedent and violates freedom of association. All stores have always had the ability to kick out any buyer or seller for any reason whatsoever short of systematic discrimination against specific protected minorities. Whether or not any particular seller thinks this is a morally optimal situation or bad for their personal business isn't going to change the centuries of history behind this.
The actual problem here isn't the arbitrariness with which Google bans sellers or the false positive rate of their decision-making process. The problem is the device vendor, OS vendor, and app store vendor are all the same company, and there are, practically speaking, only two options for the entire mobile market. Solving this is basic antitrust enforcement. Force competition for app distribution platforms. At least Android allows you to sideload and has F-Droid, but the situation is still anticompetitive and bad for both consumers and sellers.
And yes, with all respect to mobile app developers, access to a selling platform is not a utility. You don't need to be an Android developer to meet the basic necessities of life. It doesn't mean we can't or shouldn't do anything to make the situation better, but this drive to call everything a utility is not helping.
Companies originally were given charters by the government, and limited liability for their owners, in order to perform a public good. Over time that "public good" part seems to have been completely forgotten about.
So now do we say that companies have the innate right to make profit without any regard for the public good? That profits are more important than what voters in a democracy want?
> At the end of the day you can't force Google or Apple to have your products on their shop.
Correct. AdSense worked the exact same way on YouTube. They are just doing the same thing with apps on their platform so really nothing has changed here.
These companies can do business with whoever they want to. You can criticise them, scream at them, protest, etc but they will never change, unless you split them all up.
This is actually the real solution IMO. Instead of playing whack-a-mole with endless stream of various abuses across all the bad business practices they do, these giants should not be able to exist in their current size and scope.
The fact Apple, Google, Microsoft, Amazon, Disney, Verizon, and others [1], etc are even allowed to exist in their current forms is absolutely bonkers to me. The outsized roles
and influence they have on the economy and their individual markets just highlights that the government is incompetent or willfully corrupt.
[1]: Just a random selection of giants I can think of in a split second. But there are tons of other companies that dominate other less-sexy markets that should absolutely broken up.
Is that their fault? There's other operating systems one can install on mobile, they can even argue Android is open source and no one is stopping you from installing a different OS on your phone.
A couple of years ago, the New York Times ran an interesting article where someone tried to live an ordinary day without interacting in any way with Google. The result was that it simply wasn't possible.
I find it would be far more effective and faster to simply demand enforcing the Constitution (at least in the USA), while also enforcing competition and shatter all the cartels and de facto monopolies.
If there were more competition, there would also be alternatives that companies like in the subject case could choose from and which would deter companies from making mistakes in order to prevent loss of market share.
A good measure should be that anything should have more than 3 equal competitors, is 4+ search engine companies of equal scale, 4+ App marketplaces for 4+ phone OS/hardware makers, that can operate on 4+ telecom services, etc.
And that transfer of data and services between each must be effortless.
We don’t need new legislation that will not be enforced or is flawed because it is too specific and myopic, we need enforcement of basic and fundamental law and concepts that expand freedom and choice and our fundamental human rights.
Submit to our every tech company dictate whim or we will destroy everything you have worked for and not be able to work in your industry ever again or feed yourself is not freedom and is a crime against humanity.
Freedom of speech and assembly, security in one’s person and affects, freedom of movement/transportation, even prohibition against slavery (even though that will be a bit too abstract for most), etc.
Google isn't the government, so the first amendment doesn't apply. Security in one's person and affects? The OP still has possession of their apps. Google is just deciding it won't sell them for the user.
And prohibition against slavery? It's both laughable and deeply offensive to consider this situation even remotely similar to chattel slavery.
This kind of thing is why I would never try to build a company where the business model depended on being able to sell through Apple or Google's app stores, which is a shame because it ends up excluding several large categories of possibilities.
I think there's probably a connection between the "bloat" and complexity of the modern web that the Gemini crowd rails against, and the draconian and wildly inconsistent gatekeeping that is applied to native apps for mobile platforms. It puts the Web platform in tight competition with native apps, because it is the only viable alternative; this causes developers to exert pressure to add more and more capabilities to browsers so that they can match native experiences without having to pass review or pay commissions. I wonder if browsers would have evolved in the same way if mobile devices were more open platforms.
Cases like this make me wish Google could be sued for $100,000,000 because it's clear that are they not following their own rules when it comes to banning accounts. This has REAL business impact, not to mention the implication of libel that the holder of the account did something to deserve to be banned. Yeah, I know: the business entered into an agreement with Google to abide by their rules and terms of service but when Google doesn't follow those rules I think they open themselves up to massive liability.
If they just had to pay it this once, I'd agree. But if they had to pay it every time they wrongly unpersoned someone, they'd change their ways really quickly.
Um, they are following their rules. They make this very clear when you sign up. If you have a scammer working for you / linked to your account, your account is VERY VERY much at risk.
Lesson is, don't hire scam artists, ask your employees not to scam while they work for you or are linked to your account.
I have worked at four large scale mobile app companies [10 million downloads+]. All four were thrown out of the Apple store for various reasons. The real killer is the time between getting thrown out and finishing appeals. It's a real corrupt system too - like dealing with Russian oligarchs. You need to know the right people, know the right things to say, etc. If you don't you sort of play Russian roulette with the reviewer. That time between appeal and getting back in is usually enough to destroy all momentum - two of the companies just closed afterwards. I am still in mobile but in education teaching children to read [20+ million downloads]. I sleep well at night knowing we cannot be thrown out.... but any "phone call" from apple [they don't put anything in writing] I would probably throw up and have a full blown panic attack.
Googles dumb machine learning is destroying peoples lives and will continue to do so for decades unless somebody stops them. They control most of the internet and mobile space, it’s like having your water cut off permanently
I've spent an inordinate amount of time banning fraudsters from my own cloud platform. The bots that companies write to do this are designed to fight off other bots. If you have an appeals process, the humans that control the malicious bots will show up to abuse the appeals process. One of my favorite cases was a user that signed up with hundreds of stolen credit card numbers (all from the same IP address, as they are apt to do), got banned, and then opened an issue in our open source repo complaining of trouble logging in. Yeah, you're having trouble because I banned you and your entire network of bots.
There is a balance, of course, but if you haven't seen how much automated abuse there is on the Internet, be careful of what you wish for. Even the tiniest of the tiny services suffer from massive amount of automated abuse. At that tiny scale, it was nearly impossible for me to keep up with the abuse without the help of automation, very broad bans, and deleting related accounts by walking a reputation graph (like Google is being criticized for doing here). At Google's scale, I don't think there are enough humans on Earth to deal with the abuse. As a result, there are going to be some innocent casualties.
I don't think it's an ethics thing, it's simply not possible to run a business without some sort of process like this. There are laws, rules, and processes that could cut all this down to levels that could be managed by humans, but the cure might be worse than the disease. (For example, it would be great if there was a 1:1 mapping between your national ID card and your IP address. All of these stolen-credit-card users could then be imprisoned. But, you know that that's a terrible thing, because it will also be used against anyone criticizing governments or large corporations.)
> At Google's scale, I don't think there are enough humans on Earth to deal with the abuse. As a result, there are going to be some innocent casualties.
Perhaps they've scaled too large then. I don't think "we're too big to be held accountable for screwing innocent people" is a valid excuse.
One thing that never gets talked about is how do we go after the actual fraudsters and bring them to justice? How can private industry work with law enforcement across the globe and get some of these dudes behind bars?
I’m not saying it would be easy. Doing so would require insane amounts of coordinated with basically every country on the planet. But damn would it be nice if fraudsters couldn’t easily hide behind internet anonymity.
> At Google's scale, I don't think there are enough humans on Earth to deal with the abuse.
I disagree.
Some time ago, a person (on HN, although it may have been somewhere else) did an estimate of what it would take for Google to review all 500 hrs of video uploaded to YouTube every minute.
The result was that Google could more than afford it.
Based on that I don't see any reason Google couldn't add more humans to deal with these ban appeals.
While I see your point, when it's accounts with years of history, millions of downloads, thousands of dollars paid in sales etc., it should be easy to discern those from spammers creating thousands of new accounts with no standing.
Maybe. Or maybe the account in question has a long history but got taken over by a scammer. It’s the oldest trick in the book. Find long standing accounts and take them over. Boom, now they look totally legit!
Shit is hard. If it was easy to tell fraudsters from real people we’d never be discussing this. The fraudsters are willing to invest unimaginable amounts of time and effort to get into your systems and do their dirty work. Every fix you make will eventually be routed around. Always.
People who consider this an issue either wouldn't work for Google to begin with or end up butting heads with management and leave the company. The benefits of self-selection.
There is also a lot of internal corporate training and team-building designed to redefine "ethics" to make this sort of stuff acceptable.
It's probably something they're not really aware of. My company does something kinda similar. We're an aggregator of sorts. We have all sorts of quality and safety rules and we de-list things all the time for violations. As long as we aggregate 95% of what's out there, our users are happy, so we don't have massive incentive to spend lots of time manually working with rule violators, especially when a good chunk of them are actually scammers manipulating the system and harming our users.
I'd be willing to bet that there was no one developer or team who was given a task such as, "run our audit AI on accounts and permanently blacklist them forever if that's what the algorithm wants"
It was more likely years worth of minor changes that got it into this state. Teams adding different algorithmic checks for various things, where the output is just setting a flag on the account. And other teams adding account termination logic for certain flags or a certain number/combination of flags, not knowing exactly how the flags are set. Though maybe that would be the bad task. I'm just spitballing.
Exactly. You think that developers are paid to stop and think about the outcomes of what they do? They're all too busy running sprints and meeting OKRs and performance metrics and hustling design and code reviews and playing internal politics to worry about the effect of what they are doing on their users and ordinary people. Besides, even if they did have an end user in mind, it's not the "users". They're motivated by the customers - advertisers.
Even if they do, it’s not their responsibility to fix those problems. It’s government’s responsibility to step in and fix bad behavior that market forces can’t fix (like when it’s more economically viable to destroy thousands of livelihoods per year than to invest in human review processes)
I do feel it's my responsibility to think of the side-effects of what I do and the consequences that bear on others.
But as a sibling to you say, maybe I therefore self-select away from those kind of companies, and those not thinking or caring about those things end up taking those jobs.
That’s because you probably have a moral compass, but that still isn’t enough. If you were a decision maker at Google, those morals would probably get you fired at some point.
The people running a company have a legal responsibility to act in the interests of their shareholders. Even if making a morals>economics decision doesn’t get them into legal trouble, it can get them into trouble with shareholders, and they may be fired and replaced with someone who doesn’t have a moral compass.
So if the infrastructure doesn’t have room for morally correct decisions, no amount of martyrdom from executives is going to eliminate bad behavior in the long run.
They select for sociopaths coding these things. If someone is able to be bothered by these actions, they won't last long or will quit voluntarily and someone more sociopathic will take their place. It's a problem higher up the chain of management.
I think it's a bit more complicated than greed. Remember that the only mobile development shops in town are iOS and Android, and they're both run by tyrants. There are millions of developers who only know mobile development. Giving up their skillset to learn a whole new profession is difficult.
What about Google scanning Company ownership records, without authorization, adding your own residence in Google Maps as the company headquarters, and then prompting you to take over the record on their own system if you are the company owner?
Technically sure, but in reality that's not the case. I've personally seen people lose their GCP account for weeks over amazingly stupid stuff- if that same stuff happened at AWS I'd get a phone call from an account manager to clarify things and humans would be involved in the decision to shut things down.
Google has a history of excluding humans from their processes, with no recourse for when their automation breaks except to complain online and hope someone important enough hears you. That's not something people can trust.
There isn't. Google is just in the news more frequently simply because they have many customers, but that doesn't make it any less of a problem (across the board, not just Google).
They've always been like this. Back in 2005 I had a website that was popular enough to earn about $80 a month in Google ads. When I tried to cash out with $300 to pay for some college books Google cancelled my ads account claiming click fraud and kept the money. They completely ignored any attempts to contact them.
In some ways I'm lucky it happened when it did, as it kept me from relying on Google services since then. Google is horrible when it comes to customer service- always has been, always will be- and it's why I'll never understand people who advocate for GCP or other Google services.
We gave these mofos an ecosytem because they were hiding behind the label of "free and open source software". Now they can screw anyone and not even answer to emails.
They are nothing but crooks.
All software giants hold too much power in their hands and nobody can touch them.
What can you do? They have at least 50% of the market.
For one, Apple has the better 50% of the market. You could do without Android. Secondly, being subservient to any app storefront policy is not a position you want to navigate into in the first place.
We cannot continue to allow big tech to provide these walled gardens with zero recourse. It's turning slowly into a Gibson-esque dystopia as they continue to set the rules under the guise of contracts and EULAs with a shadow legal system.
If it needs to be more expensive to publish and buy apps, so be it. This is unsustainable.
OP: You don't happen to be an Iranian national, do you? Google's relationship with Iranians is... complicated, and likely influenced by the U.S.'s sanctions regime with respect to Iran and some of its nationals.
Before saying anything else: I’m sorry OP. This is miserable to deal with and I know you’re probably very upset right now.
On the other hand- at every company I’ve worked at, this is why there’s clear onboarding and off boarding policies. Yes- if you have someone on your developer account violating terms of service, they’ll shut down the account. No, it doesn’t matter that it wasn’t you personally.
To put this differently: if you had a bank account shared between your developers, and someone who left the company started using it for money laundering, the entire account would be shut down and you would not be getting that money back. In fact, you might even be investigated by authorities for money laundering since it ran through your account.
As someone who works in FinTech, we deal with tons of people just trying to steal / defraud others on a daily basis, and we’re required but governments across the world to be on the lookout for people doing “fraudy” things and terminate their accounts ASAP. If we just said “oh, it’s fine, you’re not in trouble because your (insert X relative here) was the bad person, not you,” then social engineering fraud would be rampant everywhere.
To me, the Google situation is identical to the bank situation. There’s not a good way to prove the bad account shouldn’t be associated with your Play store account. This is why you have to be diligent about who has access to these things.
> if you had a bank account shared between your developers, and someone who left the company started using it for money laundering, the entire account would be shut down and you would not be getting that money back. In fact, you might even be investigated by authorities for money laundering since it ran through your account.
I don't see how that analogy applies here. It would be more like if someone who had access to the shared bank account was using their own personal bank account for money laundering.
The developer wasn't breaking ToS on the company account, it was their own personal developer account. Quote from the reddit post:
> Our company used to have several employees with access to the business's Play Console, and one of them recently had done something wrong with "his own personal" Google Play Developer account.
Yes, but if you read closely, you'll find that OP never actually said that employee "H" was removed from their Google Play account. Instead, they say that "H [had] all permissions removed except on one game which we were still using H.'s consultation on - The app was unpublished later on". So H was still associated with the company's developer account as part of the unpublished game.
And so what?
Did H violate any rules on that specific game?
If you have an employee doing stupid things on their own personal account on their own personal time, should your company’s Google Play developer account also be terminated?
This is one of the many reasons I personally stay as far as possible from anything to do with Google.
What’s next? Loosing access to all our company’s emails and personal photos because someone former employee’s twice-removed cousin decided to try their hands at phishing?
Sounds like a joke, but if even Google employees' families can permanently lose access to their Google account without any recourse[^1], who’s safe?
Yes? That kind of makes sense if they are still working on something for the company right? Just because they have a side job as a fraud doesn’t make their day job any less legal.
Yes good point. A better analogy would be that an employee you had a few years ago who left the company, started using their personal account for money laundering a few years later, and the bank confiscated/closed the business account, plus their parent's account because dad co-signed on a minor bank account for the person 20 years ago.
This is a bad take - the person who violated ToS hadn't worked at the OP's company for 3 years!
In addition, it hardly seems relevant that a ToS violation from an employee's personal account should result in effectively destroying a business.
Something really has to change with how Google handles this kind of thing. At the very least they need to have a working appeals process handled by people.
That’s exactly my point though. If they hadn’t worked there in 3 years, why were they still associated with the developer account in the first place?
There’s a couple of ways (that are best practices for any company) to avoid this problem:
- Have separate Google accounts for work / personal use
- Remove old employees from the developer account when terminated
I think that's actually the issue. There was no current association with the companies account anymore.
Having separate google accounts for work and personal use does not actually solve this, since google has an algorithm to figure out if the accounts are used by the same person.[0][1]
OP never said that "there was no current association with the companies account". In fact, they say explicitly that there was an association, because H still had permissions on an (unpublished) game that was part of their Play Store account.
I may have misinterpreted the explanation given in the post. It sounded to me like a developer they'd employed violated the TOS on their personal Google dev account. Google then recognised a connection between the dev and another Google account belonging to a company and opted to suspend that as well.
To use your example, that would be like an employee getting their bank account frozen for something they'd done in their personal life, and then the company having their bank frozen too for depositing money into the employee's account.
I’d liken the latter to having a company credit card account. Regardless, in the bank case there’s a high chance adjacent / connected accounts would be frozen (at least for a time) because money laundering tends to happen in rings.
> I’d liken the latter to having a company credit card account.
No, having had a company credit card account 3 years ago. Unless I’m misunderstanding something, the employee had no more relationship to the company for some time.
But would each employee working at a company found to be money laundering have their personal accounts shut down?
Google goes out of their way to associate people's accounts and identities. Even if you have work and personal Google Accounts, you should assume that Google knows they're the same person. For example, Google wants you to login to their Youtube App on Roku. If you choose not to but have it open at the same time someone opens Youtube on their phone, the two communicate and you'll get prompted to login. Even if you choose not to login, the two apps share information and cross pollinate watch histories and suggestions.
Google also makes it difficult/costly to properly lock down their development tools. You can't for example lock down your developer console or cloud account to accounts with specific domains. You also can't take ownership of your domain outside of a Workplaces Subscription in the same way you can with Apple's ABM tool.
At the same time Google requires you to consolidate all of your company assets into one basket. You can't have different developer consoles so an employee or contractor working on Project X might have access to aspects of Project Y because the console permissions aren't granular enough. So there's no plausible deniability for Project Y when a Bad Actor working on Project X is identified.
You can't even insulate projects on Google's tools as there is a 1:1 relationship between their Play Console, Cloud Console, and a singular Cloud Project. So again absolutely no plausible deniability.
What you end up with is a situation where if a user does something Google doesn't like, Google decides how large of a net to cast over that user's network graph when bringing down the ban hammer.
The main difference is that with your bank, in case you get locked out, you can call them or even go to a physical office where they'll attend you, and you, maybe, are able to fix this false positive case, even if from detection point of view is a justified one.
For Google, good luck if you get in contact with a person.
Maybe we work with different banks, but in my experience it’s more of a “1 strike you’re out” type of thing if they detect illegal activity and to me that feels like what happened here. I get what you’re saying though.
Fraud is hard. If you don’t crack down enough, you get in trouble with the government, many legitimate account users, and companies working with you. If you crack down too hard, you might mess up people’s lives who did nothing wrong. Even with an appeals process- its rare to get everything right. I think the reason we had about it with big tech so much is because their userbase is so large, so even with a low false positive rate, you’ll see high numbers of people getting flagged.
Unless your bank account balance is at least $50,000, I doubt the bank will do anything about it besides have a manager tell you "I'm sorry there's nothing we can do" which is little better than an automated email.
You're right. In less regulated countries, they may be more lenient. But in countries with strong anti-fraud and anti-moneylaundering regulations, banks often will take the most risk-adverse course, which is to terminate accounts for very little reason and at the slightest hint of bad behavior.
I'm not against government regulation of these sorts of decisions, but to pretend that the regulations we currently have are consumer-focused in every aspect is just completely burying your head in the sand. Read https://bam.kalzumeus.com/archive/moving-money-international..., and especially the "Tiniest bit of personal opinion" section for a clearer explanation of the problems with the way banking regulation currently works.
In more regulated countries, the state limits what banks can do to their customers. In the EU that means a legal right to a basic bank account, among other things, so "terminating accounts for very little reason" is not going to happen.
“ we’re required but governments across the world to be on the lookout for people doing “fraudy” things and terminate their accounts ASAP.”
And that is the difference. Google is not the Govmnt and there is no legislation supporting them (except their probably murky and possibly ilegal TOS -ilegal because of lack of human oversight).
In this scenario you would have access to due process. There are very specific rules when banks make decisions about credit worthiness, and for the part involving authorities you’d have access to a well developed legal system where you have rights.
Credit worthiness, yes, though that’s typically at approval time and not later on.
Risk bans or bans for suspicious / illegal activity? Totally different story (see the stories of Stripe / PayPal / etc shutting down accounts). The government (at least in the US) will punish banks pretty hard if they don’t crack down on fraud hard, so banks tend to lean more towards over enforcement.
Stripe and Paypal are not banks, last I saw. Which is exactly the reason they have to be so careful. They don’t have to adhere to the same rules as banks, but they don’t have the same protections either.
if you had a bank account shared between your developers, and someone who left the company started using it for money laundering, the entire account would be shut down and you would not be getting that money back
This is more like giving someone a credit card associated with your business account, them leaving, and three years later your business account is closed because they committed a fraud using their personal bank account.
I feel this user’s pain. Obviously we don’t know of food action was warranted in this case. Sometimes it isn’t and there being no recourse is unacceptable. Knowing someone at the company, having a sufficient Twitter audience or relying on posts like this getting attention should not be how this is resolved.
Side note: I absolutely won’t use my Gmail account for any other Google service. It’s just too great a risk and it’s ridiculous that a developer ToS violation can also kill your Gmail access.
I see a fundamental mistake these companies make with automation: optimizing for the wrong metric.
The metric they seem to use is the number of cases handled by automated systems. What they should use is the number of cases their workers can deal with.
The difference is that the second one doesn’t reward false positives. There are some cases that need human review. You should even be able to pay for expedited review (ideally refunding you if the decision is made in error).
A good example of this is Tiktok’s reporting system. Like many such systems it’s clear that it just takes actions based on the number of reports. There is no penalty for fake reports. So people brigade creators they don’t like (typically politics and science) and those affected have to go appeals processes. It’s ridiculous.
Put another way: automation shouldn’t replace people. It should augment their effectiveness.
Imagine someone working in support. When an activity gets flagged it gets assigned to someone. An automated system might take action (eg shadow banking).
Given the automation that worked might process 5000 cases a day.
If the automation can resolve more cases that figure might go up to 8000.
But if there’s an appeal that takes manual review and resolution that might wear up a lot of time stick that the rate drops to 3000.
This means two things:
1. There is an impact on the metric from false positives; and
2. Having human review is still part of the system ultimately. It rather it can always be escalated to such.
Now you might say the worker might be motivated to take the least time consuming action possible even if wrong but an appeal might be escalated above then and further time spent rectifying their mistake still counts against them.
2045: "The DOJ algorithm has mistakenly declared me a felon. I've been trying to appeal to a human judge, while serving time in prison, but have been getting only automated responses so far."
I am struggling to remember the name of this sci-fi book I had read about twenty-five years ago. Someone encounters a civilization where things are going pretty darned well for the humans, and there are these spider-aliens who make sure that the trains are running on time. It's just that a small portion of the population is abducted by the spider-aliens, for a long period of agonizing torture before being consumed. Everyone knows and accepts this. Nobody knows who is going to get snatched and tormented and eaten. But otherwise things are just great!
Omelas aside, I think of this every time I read about someone's work or life or memories or whatever just getting zapped by Google, for a reason that is probably contained in a 500kb EULA, but one you will never find. It's free! You can do all of this stuff! It's great! Except for when your stuff gets randomly eaten.
How long until working for Google has the same stigma as working for Facebook? Doing it for the money while la-la-la plugging your ears about what you're creating. It already seems like the aspirational aspect of wanting to join Google has mostly been replaced by the greedy desire for FAANG money.
One possible preventive measure could be to have separate developer accounts for each product and keep everything air-gapped between those accounts.
I was banned from AdSense for a never disclosed reason. I guess I still am - never tried again, in part because the alternative I used after that paid better.
It's I guess tangentially related, but in terms of de-googling, I've been using docker mailserver https://github.com/docker-mailserver/docker-mailserver for a few years now and it is great. Combined with bluemail, thunderbird clients, backblaze for backup, and solar panels, it runs in my house and is basically free. For resiliency I do pay for a backup MX, which is about $5/year per domain.
It took a few hours to set up, supports many users (family and friends) and maybe 1h every 3 months to update and check all is good.
> Develop for iOS. Apple has humans who answer phones and create support tickets and escalate issues and follow up and respond.
Is this true? Because if it is, my next phone will be an iPhone and I will completely move into the Apple ecosystem and develop for publishing in the App Store instead of Google Play Store.
Even though I don't do anything bad, these kind of news do have me absolutely scared that it's simply not worth it. It's beyond ridiculous how Google is treating developers. At least be precise in the cause of the termination, explain exactly what has happened.
We had a fun merry go round with Apples humans just copy-pasting policy answers and refusing to actually understand the issue as well.
They're not quite as bad as Google in this respect, but tying Apple chain over your neck for slightly less abusive system is a pretty Stockholm syndrome thing to do as well.
You can't fix this by paying corporations more money.
You can ask Apple people to escalate to second tier support and beyond that if warranted they will even pull in engineering (not to talk to you directly but to resolve the issues behind the scenes). And with Apple you are talking to humans who also happen to be good communicators in my experience.
If you’re having trouble with Apple, it’s probably you.
That escalation only happens with a chosen few companies (which I've been part of as well, but please understand, this is not the usual experience for most).
This experience is also available with Google - "you just need to know someone" or be a company they care about right now.
Apple does have human review. It's come up many times on HN during discussions of stupid rules.
We see few posts about Apple banning people with zero recourse and never reversing or reviewing the decision. Given how many people here are critical of Apple, the low volume of posts is extremely telling.
Google is on the front page regularly for this behavior.
iPhone user, not a developer - it's my understanding the review process and support are, generally, with humans. To the point that some app developers have run into human mistakes rather than automation mistakes.
Apple is nowhere close to perfect, though. They probably have even more problems with control over the app store and what you can put on it. To make it worse, unlike android, sideloading is not only not supported, it can be a violation of terms.
I saw the comments about developing for iOS instead and shook my head, to be honest. It's just as difficult to deal with, possibly even more frustrating when you make a simple app update and it gets rejected because something that was already in the app now violates app store policies, or you do something with your app that <big company> does, but you're not allowed to. And their explanations can be just as useless.
But, at least you can get support. Which is why I switched to Apple for many of my devices and services. Probably the main exception is I don't use macOS devices (macbooks, etc).
These stories are always one sided and gloss over the minor policy violation parts.
When we get the full story it's usually less black and white. Quick skim over the thread and it sounds like they let an ex-employee have access to one of their accounts and he committed multiple violations? Was he spamming? Was he uploading malicious content to the store?
Also, don't build on others platforms if you want to control your destiny. You can't have it both ways.
It is not black and white, as I mentioned in the post, the former employee had violations in his own developer account. But in case of our company? None!
Our company account is assumed to be "associated" with wrongdoing of my former employee. This is the black side.
It's not for you, it's for the next tech entrepreneur who may stumble on this thread.
It's a warning that if your livelihood or something is really important to you, you should not build it inside google or apples walled garden. Or if you do, know that for any reason they choose they can kick you off. Unfair as that is.
Welcome to capitalism. Go host your own stuff if you don't like their rules.
We used to live in a magical world, where your fate was governmened by fire spirits, by demons and by thunder gods. We tamed nature and learned a scientific worldview. What these algorithms are doing is turning back the clock. Undoing the science. It's bringing us a new world of superstitution, where you better don't anger the machine elves.
In my current org, all developers, whether they're F/T or contractors, have a company account created for them and never get permissions on any other account. This is a good reminder on why I should adopt that practice I ever build a company of my own, no matter how small.
Or they will use your IP, say it was from the same device, or different IP same geo location...be afraid...be very afraid.
"...Youtube Account Suspended" - "...All i do is watch videos and subscribe to my favorite youtube channels while sitting on the toilet!... I have no idea what to do."
Suppose you were to make an f-droid like client without a source code requirement. A way for people to host their own proprietary applications, and a client app that can manage repositories the way f-droid does. How would you:
- make applications/repositories discoverable without running a service,
- allow developers to handle billing for paid apps themselves, again, no service,
- have client side malware protection without playing a cat and mouse game,
- prevent discoverability of pirate repositories without running a service?
If these problems can be solved (or others I didn't think of, maybe you did?) you can basically get rid of monopoly curation of available applications on android (or anywhere for that matter).
Car repair shop used to treat customers like shit and hold them hostage. It ended up with the government stepping in and requiring them to adhere to a certain protocols (like showing parts changed).
I think that Google has done enough damage. Government has to step in and smack hard in a teeth with a heavy fine and a requirement to introduce notices before doing any action (especially where money are involved) and mandatory appeal process with the human involved and obligation to answer direct questions (like giving detailed reason).
If you work at Google in this area (and I bet some of you will), then please, escalate this and please, fix your systems - as this is clearly something which destroys peoples lifes.
Is anything stopping app developers from forming a (non-workers) union to collectively bargain and advocate for its members? This seems like something where if every app developer paid dues to a central body, with the insurance that each dispute had the resources and leverage of that body, then maybe they would take more care in the first place.
So should one stay away from GCP as google can associate their personal account and profession account, and if the system detect some action which triggers it in personal account it may block all accounts and so there could be a severe data loss and other reputational losses of the company ?
i's kinda said when your livelihood is decided by dumb AI that can't tell the difference between a joke and a war declaration or some poor reviewer/customer support who needs to decode so much shit in 35 seconds and decide if you broke non-transparent terms.
I hate Google Play. I have been insulted in public chats by Google staff insinuating that I tried to go around Google Play rules when fact is that I have tried to solve the demands Google Play puts in the first place when they removed the apps.
Build on top of Google or Apple (or Microsoft or Amazon, you never know when they'll adopt this anti-user stuff too) only once you are big enough that they need you more than you need them.
The need for alternatives to the PlayStore (and even AppStore) is real. Developers should start publishing to those alternatives to mitigate against these risks (even if they don't bring too much traffic/revenue at the moment).
Not sure why people thing Google does not have a help function. I think it is obvious at this point that reddit and hacker news are Google's help desks but people do need to vote up the relevant tickets to get priority attention.
Isn’t that kind of the trade off of small entities doing business with a tech conglomerate? There’s not much government authorization with developing smart phone apps.
Same happened with me once. And till date couldnt find out the association and what wrong we did or the association who they say we are associated with!
To all the people who think this is some sort of accident that will get corrected. It is and it isn't. This particular manifestation of ban by association might be a corrected if it gets enough pushback. The general idea, however, is something Alphabet and the rest of Big Tech clearly like, because there are more and more cases of this sort.
Moreover, you likely supported this when it manifested a bit differently. Most of HN seems to firmly believe in guilt-by-association as a way to control behavior, speech and thought. You get all preachy and act horrified when it goes "too far" (i.e. when it looks like something that might happen to you personally), but in general it's a concept endorsed or at least tolerated by the majority here. Well, you know what they say about Karma.
Generalizations about the community like that are basically spurious unless you have real data. People on all sides of every issue feel that HN is dominated by the view they happen to dislike. It's a mechanism of perception:
A Google Developer account costs all of $25, one time. You really should scale your expectations of service based on that number. You will not be partying with Larry Page in Fiji for $25.
No matter how cheap that is, I should not have to worry about losing my personal Gmail because one of my former co-workers broke one of Google's rules at a different job.
The discussion of "ethics" in ML tend to revolve around race and sex in order for large organizations to pretend they have some moral high ground when their models are being used to ruin peoples lives and enable billion dollar companies to not hire and manage non technical employees to make human decisions involving human problems. These people _are_ evil and their code and models are being used for destructive purposes, and so we are forced to read about their "ethics" applied to some obscure race, sex or "toxicity" problems as a way to cope with themselves. Banning someone on youtube for being racist is objectively less good than banning a team of people from pursuing their livelihoods, but focusing on the prior is a great way to distract from the fact that with a revenue over $50,000,000,000 they can't hire a small fleet of people to handle customer and partner relations. If it makes you feel better though, you don't have to see opinions on the internet that google data scientists deem toxic as often.
Where are you seeing that previous emails were sent?
The screenshotted notice indicates it may be due to actions by the individual developer on their own account, for which the company would not necessarily have been notified.
I think it is due to account level access. They tried claiming they hadn't been associated with them for 3 years but then admit that the developer had access to their account as recent as Dec 2021. Let's say this developer did something really dirty like stole user data and then Google finds out this developer still has app store permissions through this other company account.
I think Google handles these situations terribly from a PR perspective, because the moment someone posts negative publicity would be the perfect time to Google PR to show their hand and say no they are misleading the public.
There is probably a good reason they don't do that though. I could see how a company isn't really responsible for what another developer did that they may have not known about, but I don't think we are getting the full story here.
I don't think the issue is that a bad contractor worked for the company but that they prob had admin permissions and were likely doing nefarious things with some APIs with those credentials.
Things like this don't ruin a company though. The company should immediately file an injunction and claim against both the developer and Google. They should have done that immediately. I think they have no clue or simply don't have the money to pay an attorney so there isn't much they can do. Heck an employee could steal all their money and unless they are willing to file a lawsuit there isn't much that anyone can do.
What previous email? It seems you did not read the post, the first email we received was "your account has been terminated" (from a noreply address) with the screenshot in the post, we sent an appeal afterwards and that was their response which you see.
This is beyond the pale. Google should not have the power to decide who you are and are not allowed to hire. It both goes against the basic concept of a limited-liability corporation, and harms worker rights.