Hacker News new | past | comments | ask | show | jobs | submit login
[dupe] A Dad Took Photos of His Kid for the Doctor. Google Flagged Him as a Criminal (archive.org)
228 points by carbolymer on Nov 25, 2022 | hide | past | favorite | 188 comments



Original thread 3 months ago: https://news.ycombinator.com/item?id=32538805


Please don't post archive.org links when the original URL works or there's a good alternate source available.

https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...


It's to avoid pay walls....


Post the actual URI, then put archive URI in comment. If it helps people (with paywalls or hug of death or whatever) people will often upvote it and it will achieve a reasonably prominent position among the comments.


But what if they modify the article after you post a link to it?


People notice that. Archive links remove important info from the post, this is a pretty well-settled HN thing with lots of moderator commentary if you want an infinite supply of reasoning.


Frankly, I also think it's not right to put load on archive.org's servers when not necessary.

Also, if people use archive.org explicitly to avoid paywalls, sites are just going to block archive.org, and then we won't have an Archive (to check whether the article gets updated, for instance).


> People notice that.

How many? Like 1 percent of people?

> Archive links remove important info from the post

What type of information?


How many? Like 1 percent of people?

You're asking me for stats about a statistically non-existent problem you made up. How many article get changed after they get posted and this isn't brought up in the comments?

Also, sometimes articles get changed because authors respond to HN feedback. Interaction between authors and the community is one of the valuable things about the forum. There's no added value to discussing some frozen snapshot of a web page - its a web forum for talking about web links rather than some revision control system.

What type of information?

The domain, for one thing.


> You're asking me for stats about a statistically non-existent problem you made up.

You are the one that said that people actually notice that... I was trying to find out where you got that from.

> The domain, for one thing.

you can get the domain name from the archived page...

Are you an HN admin trying to defend strange policies?


You are the one that said that people actually notice that... I was trying to find out where you got that from.

No, you said 'what if the page changes' which is not really a thing and when it's a thing, it's a totally normal thing. It's a non-problem that I got from your comment.

you can get the domain name from the archived page...

You can also get the archived page from the archived page, if you prefer the archived page.

Are you an HN admin trying to defend strange policies?

https://www.youtube.com/watch?v=pNnIbFFzpD8&t=9s


> you can get the domain name from the archived page...

Posting an archive link breaks the feature which lets you view submissions by site: https://news.ycombinator.com/from?site=nytimes.com


skissane is correct—archive links are welcome in the thread, but it's important that the submission be the original source.

"Please submit the original source. If a post reports on something found on another site, submit the latter."

https://news.ycombinator.com/newsguidelines.html


This story broke the camels back for us when it first appeared here and got us to migrate our email to protonmail and a domain we bought.


I wish we had a portable email address format, like phone numbers are, instead of being inherently tied to a provider.


Owning a domain is close enough.


You don’t own a phone number either. Ever tried to move between countries?


This is so messed up, esp once 2fa or gov forms get involved.

Literally every form nowadays requires a phone number


This. There should be anti-monopoly regulation that would state that e-mail addresses belong to users, just like the phone numbers or domain names.


I own my domain and therefore my email address will belong to me as long as I can pay the property tax (ICANN) and management company (Fastmail).


They can ban you for no reason, just like google.


If you have your own domain, Fastmail banning you is a minor speed bump at worst. You can just point your domain at a different email provider.

You can similarly transfer domains between registrars if one of them doesn't like you. And in practice, your domain registrar not liking you is pretty rare; I've only heard of it happening with famously evil alt-right websites and they generally manage to find a registrar that will take their business.


> You can similarly transfer domains between registrars if one of them doesn't like you.

That's sadly not true. There are various examples of individuals loosing their domains as registrar's refuse to release them. The transfer only works if both registers play ball, so it's essentially a very similar situation.


Yep. I’ve seen this happen.

A registrar revoked the domain, we tried to transfer.

The registrar required email verification of who we are, but for obvious reasons email wasn’t working.

Fun times.


Buy a domain name, now you have a portable email address.


Though I often have questions about how that works in terms of managing your domain. I feel like I shouldn't have the account I manage my domains with tied to an email address at the domain that's under management. If my email provider disappears, I'm potentially locked out of the account I need to log into in order to change the MX records, right?


It's hard to avoi nd this chicken and egg situation.

I use fastmail and they allow you "alias" addresses. So even though my primary email is on my custom dimain e.g. myname@mydomain.com, Fastmail also gives me an alsia of myname@fastmail.com. That's the email I used to log in (to AWS) and manage my MX records.

If either Fastmail or AWS were to go rogue/broke, I like to think I would eventually be able to restore access to my domain even without email? Hope never to find out.


You should just make an account with another provider for that purpose.


Usually it’s just username/account number and password plus TOTP 2FA. Depending on country (?) they also have your postal address on file and can send you a reset password by letter. And you can specify an alternative email address like your work address, or a free email account that you only use for that purpose. Or you acquire two domains at different registrars where you can mutually use an email address at the other domain.


until your domain registrar starts playing stupid reindeer games too


So just work with a decent domain registrar. Or if you have extra money, just pay the fee to become a registrar yourself.


>So just work with a decent domain registrar.

People would have said that about Googs at the beginning (being a decent company)

>Or if you have extra money, just pay the fee to become a registrar yourself.

yeah, cause just registering a domain and admining your own mail service isn't enough fun already, let's just make spinning up a new registrar part of the deal too? <eyeroll>


>yeah, cause just registering a domain and admining your own mail service isn't enough fun already, let's just make spinning up a new registrar part of the deal too? <eyeroll>

A little paperwork and you get a nice cli tool to admin your domains, customer support directly from the registry. It's not a terrible option.


> migrate our email to protonmail

Any tips? It’s been on my lowest priority todo list to migrate off of gmail for several years, and I think the biggest reason I haven’t yet is that I know nothing about alternatives. I haven’t had to think at all about email for 15-20 years or so, and I’d like to keep it that way as much as possible after any switch. How close does protonmail get to that ideal?


Protonmail has an import from gmail feature that worked well. Not that I practice inbox zero, so the amount of mail I had to transfer was very little. My wife's inbox is a disaster, sometimes I go in there to trim things down, but I have little advice there. Try to practice good email hygiene.


Me too, and I have been a sysadmin and developer for almaot 30 years and know exactly what to do and even I still haven't gotten around to it. But every ordinary not-even-in-IT person is supposed to navigate all that? It's preposterous.


I use Fastmail and love it.

The key is not to forward your email from gmail and just start fresh. Slowly migrate all comms and eventually you’ll never look at that email again.


Get your own dns record first.


Yeah, this and someone I know getting burned for the same thing (we assume -- there was no concrete confirmation one way or the other) on another cloud provider. Putting "all your eggs in one basket" is just asking for disaster, as has been demonstrated over and over, unfortunately.


It's been three months, and AFAIK, Google still hasn't given him his account back yet.


Forget that - Google states to the media they had reviewed the situation and had decided to uphold his ban.

Good luck convincing them to admit their “appeal” system, and their media review, were mistakes. Google is too arrogant for that.


Wasn't there something like the guy searching for CP before the photo was uploaded, or something along those lines?


No.

> “I determined that the incident did not meet the elements of a crime and that no crime occurred,” Mr. Hillard wrote in his report. The police had access to all the information Google had on Mark and decided it did not constitute child abuse or exploitation.


> It contained a letter informing him that he had been investigated as well as copies of the search warrants served on Google and his internet service provider. An investigator, whose contact information was provided, had asked for everything in Mark’s Google account: his internet searches, his location history, his messages and any document, photo and video he’d stored with the company.

> *The search, related to “child exploitation videos,” had taken place in February, within a week of his taking the photos of his son.*

So maybe no crime occurred, but google doesn't want that kind of user. I assume you can just type "child exploitation videos" into Google without breaking the law, but google may terminate your account.


You man the search into his account by the San Fransisco PD? Who later cleared him of any wrongdoing? Note that Google, after hearing from the police, stood by their choice as well.


Right. Google never said you get to keep your account unless you do something illegal. Which is why the terms of service are there.

I just want to know the context of that search that he made. It could very well be disqualifying, or it could be totally benign.


I strongly suspect we're talking past each other. The man under investigation didn't make "a search" that Google deemed unsavoury. The police department conducted a search of his account, looking for any additional examples of child pornography or abuse. You're confusing who actually performed the search (SFPD, not Mark), as well as what the search was for (searching through Mark's Google account photos, documents, and more, not Mark making a Google search).


> Google never said you get to keep your account unless you do something illegal.

The point is that Google should have to say that, just like your water and electricity companies can't arbitrarily decide to stop serving you.


Innocent until proven guilty, except when it comes to men being wrongfully accused of child porn


It might be worth remembering we only have one side of the story here. How do we know we can thoroughly trust the Dad any more than we can thoroughly trust Google? Perhaps there are more pictures Dad took the article doesn't know about? Perhaps Google can't verify it was indeed Dad's child in the images?

Perhaps there is more to the story than what the article lets on...perhaps not. We will never really know.


The police investigated and verified that Google's accusations were completely false.

Also:

> we only have one side of the story here

In real court, if you don't show up to tell your side of the story, you're considered to be in the wrong by default. Why should the court of public opinion be any different, when Google has had the chance to tell their side but chose not to?


Frankly, the "court of public opinion" is the only court where facts don't matter, only opinion. This is a clear legal issue, and you will never hear the actual outcome.


We have one side of the story because the other side (huge corporation) didn’t give any information and decided to keep ban. No transparency there.

Ps. This “we will never really know” is triggered me. This phrase used by Russian propaganda when they got caught in crimes every damn time.


> We have one side of the story because the other side (huge corporation) didn’t give any information and decided to keep ban. No transparency there.

I'm not sure why we expect Google to provide transparency for CSAM bans/investigations. That would be highly irregular, and not just for Google.

The Dad has legal path(s) to take if he feels he was truly wronged. Paths that would ultimately cost nothing if he prevailed. Paths that would likely force Google to undo their decision if Dad's statements are in fact the truth and Google has no other data/evidence.

Dad chose not do do any of that though... why? I'm confident there are lawyers out there that would even represent Dad for free.

> This phrase used by Russian propaganda when they got caught in crimes every damn time.

What?


> The Dad has legal path(s) to take if he feels he was truly wronged. Paths that would ultimately cost nothing if he prevailed. Paths that would likely force Google to undo their decision if Dad's statements are in fact the truth and Google has no other data/evidence.

San Francisco Police Department:

> “I determined that the incident did not meet the elements of a crime and that no crime occurred,” Mr. Hillard wrote in his report. The police had access to all the information Google had on Mark and decided it did not constitute child abuse or exploitation.

What more do you want from him Alupis? He was exonerated but you are suggesting he did not "do any of that" (false) to clear his name. Why would you say this given the article already rules it out?


He should use the legal system for what it was designed for - to settle a disagreement as per the ToS for his paid Google One account. The article even says this is an option - but he chose not to pursue it.


Because pursuing it would cost money and time for a service from a company that I'm sure he doesn't want to do any more business with. He's unlikely to get any damages and Google's lawyers will ensure that it takes way too much time.

"If they were innocent, why didn't they sue" is an opinion that is really naive of how our legal system works.


The article is a little clumsy here... they seem to indicate it would have been a lawsuit, but the dollar amount quoted would be more in line with arbitration.

In both cases there's 3 possible outcomes:

1) Google, after reviewing weak and/or zero evidence, backs down and restores the account upon receipt of notice of intent to pursue legal action.

2) Arbitration happens and Google is ordered to back down, restore the account and pay Dad's representation fees.

3) Arbitration happens and Dad loses, which yes would be quite costly.

Only #3 is a gamble, and it seems like Dad has a lot of confidence #3 isn't even a remote possibility. So why would you not pursue legal action?

Given how much attention Dad has received over this, it would be surprising if free representation wasn't throwing themselves at him by now too. Regardless, this is indeed how the legal system works for disputes. He should use it if he really is innocent.


> So why would you not pursue legal action?

Hassle.

Some people would prefer to just have a clean break from any abusive relationship rather than continue to engage in conflict, even if the odds are good they'd win.

You also don't know what else is going on in his life and how much bandwidth he has left. One terminally sick relative is all it'll take for the average person to not want to deal with extra bullshit in their life.

And most people don't have their own personal legal department and may not even know a single lawyer, so they don't have any idea of who to trust. If a dozen lawyers called me up and offered their services the first headache I'm having is that I don't know if any of them are trustworthy, and now I need to waste my time vetting them.


The guy has gone through multiple police investigations - one of which appears to have been voluntary - plus this investigative article piece here. I'd say, from appearances, he's not shied away from attempting to fight this. He even stated in the article it was the money that made him choose not to pursue the legal path (although as previously pointed out, the costs would be free if he prevailed and there's free representation that would jump at the chance to fight cases like this).

So, I don't think hassle can accurately describe this particular case.


He went through multiple police investigations to clear his name of criminal wrongdoing, which has much higher stakes.

If he sues he's likely getting a pittance from whatever the court values his Google account to be worth. In reality this is never going to be a multi-million dollar award.

And I don't know what it is that you imagine he's done wrong which isn't criminal but which would allow Google to defend themselves. If it is anything I think it is more likely that he got legal advice that based on Google's TOS and the things that he agreed to (like we all do every time a legal notice pops up) that his chances of recovering any damages at all were a crapshoot.


We don't need to speculate - the article discusses his legal options. He explicitly chose not to pursue it for what he claims was the cost.

There is no multi-million dollar award - this isn't a TV Show or something.

Arbitration would determine, after examining all facts presented by both parties, if his account should be re-instated. Further, if his account is ordered to be re-instated, he would be awarded "reasonable attorney's fees", which would cover the cost of any legal representation he hired to argue his case.

So yes, he needed to pursue the legal path here, but chose not to. The quoted dollar amount in the article is peanuts, and like previously stated over and over, if he's so certain of his innocence and has all this supporting evidence, arbitration would ultimately cost nothing. ie. there's no reason to not pursue the legal path here.


> if he's so certain of his innocence and has all this supporting evidence

The claim is that he is a child pornographer and has taken sexually explicit photos of children for prurient purposes. There is no evidence of this and if Google had it they should report the evidence.

You instead keep repeating things like "if he's so certain of his innocence and has all this supporting evidence...", implying that since he is not suing Google that there must be something to this.

Your shtick here reminds me of Musk's accusations of pedophilia against Vernon Unsworth.


Really? What kind of paths? Gmail isn't a paid service - you can't force Google to continue providing you with Gmail access if they don't want to, I can't believe any court would agree to such a thing. They reserve the right to terminate your access for any reason,and since you don't have a business relationship with them in this case I wonder what could you possibly claim in front of the judge to make them reverse this decision by law.


This isn't about a free GMail account...

From the article there appears to be an arbitration path (based on the dollar amount quoted in the article, but they talk about it like it would be a lawsuit) - but Dad explicitly chose not to take it for some reason.

It would be very surprising if the ToS for Google Accounts didn't include an arbitration agreement.

Also, Dad had a paid Google One account - filled with apparently lots of data. He definitely has a legal path here and chose not to take it. Why?


Why do you continue to insinuate this man may be a pedophile when he has been completely exonerated?


He was not exonerated, that is not what this word means. The rest of your statement appears to be a straw man, because I have not once stated he is in fact a pedophile.


You continue to insinuate it.


Are there any known examples of people using arbitrage to successfully recover their Google accounts?


Arbitration is not public - so we would never know. That is not unique to Google either, it's just how it works.

My guess would be it happens far more often that you might realize, given Google's scale and breadth of services offered (paid and unpaid).

People have disputes all the time with big companies, and arbitration is how they are normally resolved. Arbitration is designed to 1) usually minimize the public risk to the company in the event of a loss, and 2) make the proceedings far more affordable for all parties involved.

Arbitration carries all the same weight and enforcement of a real lawsuit, but takes less time and is less costly.


>> Dad chose not do do any of that though... why?

It says in the article that would have cost 7k.


This is not unknowable.

Police reviewed the case with full access to all documents and videos.

A reputable news organization contacted Google for comment.

There was all the opportunity to present "other side of story" by Google if any. And I actually think everybody in article goes out of their WAY to present the other side - they repeatedly call google's work important but difficult and offer several plausible non malevolent reasons for the behaviour.

I agree life is complex and we rarely get all the details, but even I don't agree with a completely defeatist "life is unknowable" attitude.


SFPD investigated the other photos, too, and determined there was no crime.


This is always true, and a fundamental reason why free societies adopted the notion of open courts: to ensure that all sides of the story are known and innocent people don't suffer based on ifs and maybes.


The Dad appears to have chosen not to sue Google for some reason. The dollar amount quoted in the article is peanuts for what these things normally cost, making it sound more like an arbitration thing.

Typically if you win arbitration or court, the losing party pays the lawyers anyway - so why did he not pursue this?


Google seemed to review the images and determine they were for the reason he explained, but the video of his wife naked in the bed with his son seemed to be what was still considered an issue. Perhaps they were asleep while he filmed the video?


How can we trust the dad?

I think if someone was doing something criminal and their access was blocked, they will juat quietly walk away. But talking to the press? That would be a new level.


That would require Google to at least tacitly Admit that they made a mistake.


Or that one guy who can restore accounts to get to it.

There’s no apparent customer service system so I suspect the whole process is informal to some extent.


Does getting your google account blocked prevent you from using GCP? There are so many stories of people losing access to google accounts that it seems way too risky to use GCP when this sort of thing can happen.


Potentially yes, if you use a personal account for GCP. Don’t do it.

If you have to use GCP, use a burner account… because Google is absolutely asinine right now.

I would not trust Google if they were a hired employee to turn on my sprinklers in the morning.

Edit: For this reason, I am actually all in favor of having GCP, AWS, Azure, etc declared utilities. Unless there is a crime, we have a right to an account. Your electricity company can’t cut you off whenever they feel like.


Anecdotal, but I know somebody who got their personal Google account blocked and then the company they work for GCP account blocked just because their names "looked" the same as somebody else's on the sanction list, even though it was a different person. I'm not sure they ever got the personal one back.


You’d have to be insane to put important infrastructure on a google platform.


Google aggressively links accounts together. If you ever hire someone who was banned by big G, kiss everything goodbye.


Microsoft does it too: forces everyone to sign up to Microsoft account and defaults to syncing/saving to OneDrive. If you hit OneDrive content filters, you lose everything, including Excel spreadsheets and Xbox games.


He means something more aggressive than a whole platform lockout for the account. What Google does is you have entirely different accounts, one gets indicted for something, they try to find other accounts you have/are linked to and nuke those too. eg. your company has a Google dev account, hires someone, and that someone misbehaves on a personal account. Your company account is at a very real risk of getting nuked with Google's famous customer nonservice afterwards.


Doesn't Google famously link accounts that have ever had anything to do with each other, and ban them as a group? I recall some businesses getting their play store accounts banned because some dev did sketchy stuff separately, or the other way around.


If so, treat everything that Google offers as ephemeral. They deserve no additional respect.


> If you have to use GCP, use a burner account

Does that actually help? Don't they collect enough of your data to be able to correlate accounts?


You're going to have to start using your GCP like it's a freedom fighting session. Never used from the same public wifi. Don't use a public wifi within xDistance from your house. Only interact with GCP from a freshly spun up VM/Tails boot/etc. If no available wifi access, only use a mobile hotspot that is prepaid in cash where the burner was bought by someone else (so their shiny mugs are on the security camera), buy that burner in a different town, and all the other paranoid things to safe in a hostile world. Just to use Google


I just use Whonix in a QubesOS VM routed via Tor.


That works? I would expect Google to ban accounts just for using Tor.


You will get lots of captchas during login but otherwise it works fine. I begrudgingly use some Google services every day, but at least via Tor.


Perhaps, but better safe than sorry. If you had a small business and relied on Google Workspace, the damage for one mistake like this could be incalculable.

Imagine losing your contacts, your photos, your emails with clients, your cloud setup… because you had the humanity to take care of your child.

It is impossible to underestimate Google now.


This is starting to sound daunting. I’ve recently got few strikes for posting few pics of my kids at the beach on Instagram (Close Friends audience). Even if when my accounts were originally seperate from Facebook, they are connected. Loosing access to FB messenger would be PITA.

Much worse - losing access to iCloud/iPhone would be disastrous


GCP is so awful to deal with directly their sales people ghost you after you submit your LLC info to raise limits. Then the sales person you were working with initially gets sacked, and weeks later a new one comes on board and tries to pick up where you left off again.


I don't know why people use gcp, I would like to hear some opinions.

The way I see it, if you don't mind price, you go with AWS (most polished). If you mind price gcp isn't really much cheaper, so you go with something actually cheap like OCI.


Usually, it’s because someone bought into GAE, and needed some flexibility for extensions to that app.

Cynically, fairly typical vendor lock-in.


afaik there is no alternative to BigQuery on AWS? All alternatives are less managed and require more administration. But I never looked too closely.


Snowflake. It does not work internally the same way as BigQuery but is substantially equivalent in user-visible functionality.


kubernetes is nicely integrated in GCP


OCI as in Oracle Cloud Infrastructure?


Yep, it's the deep-pocketed enterprise's Hetzner or DO.

The sales slogan is something like, "All the costs of AWS, all the automation of a bare metal box!"

Ironically, more suitable to manually point-and-click or phone-call managed "lift and shift" than the infra-as-code clouds.


Oci is much, much cheaper than aws. Data transfer for example is 10x cheaper.


Azure doesn't exist, apparently.


Azure I'm not too knowledgeable in terms of polish, but pricing wise it's similar to aws and gcp.


not if you're trying to use compute in Germany:

https://news.ycombinator.com/item?id=33743567


How does this work with Android mobile devices that are linked to that account?

From a non-technologist perspective, is a linked Android device becomes neutered?


You can use android phones without a Google account right


But you'd lose all content you paid for.

Apps, games, movies, books, youtube paid things, etc.


Hmm true, apart from apps those are all available outside of android so I didn't really consider it.

But that's why I back up my media in the first place, Google can't steal my epub of the book I bought, nor can audible steal the m4a of the audiobook I bought.


Not yet.


Not easily, especially if you aren't tech-minded.


imagine what happens if you use google's domain registrar services.

even if you were to run a domain name zonefile that pointed its MX at something non-google and had zero A records or CNAMEs pointing at things hosted on GCP, you'd still risk being unable to login or admin your domain.


This is why I pay extra for domains on gandi and avoid google owned TLDs. I also won't touch namecheap anymore for the same concerns just too much downside risk even if the chance is small.

It wouldn't take much for Google to turn this around, that's the really screwed up part. All the would have to do to regain trust is come out and admit their system did something wrong and provide recourse for resolution in these cases. Instead they just double down and hope people forget.


Shit, this gave me pause.

My dog has crypto* and my vet asked me to send him pics at various states of arousal so I have numerous pics of dog junk on my phone.

* Cryptorchidism is the medical term that refers to the failure of one or both testicles (testes) to descend into the scrotum.


Thanks for the footnote, it’s quite confusing otherwise. :)


I just figured his dog had its own bitcoin wallet.


Yeah, everyone and their dog has crypto these days (possibly Dogecoin), but then it gets weird with the arousal.


> Google flagged him

> Mark’s wife grabbed her husband’s phone and texted a few high-quality close-ups of their son’s groin area to her iPhone

> Gmail account ... Mark ... came to rely heavily on Google ... appointments ... on Google Calendar... smartphone camera backed up his photos ... to the Google cloud. ... Google Fi.

The photos should never have been made visible to third parties, certainly not large nosy corporations which analyze you and your behavior and "flag" people (and also share info with the NSA or other US government agencies, as per the Snowden revelations). We must educate people around us not to just use these gratis software services naively. Of course, the defaults of what's installed and configured on the gadgets we buy is something that many will stick with despite our best efforts - but remember that all of this would never have happened if Mark had not _actively_ allowed it: If he had simply never had a Google account, or never entered its credentials into his, phone, this whole situation would have been averted.

So, tell your friends, tell your family members, tell yourselves:

* Putting something "on the cloud" means giving a third party, whom you can't trust, a copy of it.

* When you send someone an email, it's like you've sent a copy to the company which runs his email service. If its @gmail.com - imagine your email is placed on large placards in Google's lobby.

* Minimize the use of services by large multi-pronged companies like Google, to avoid surveillance.

... and all of above for Apple, their iTunes cloud, email and other services. Finally,

* Prefer privacy-respecting communications applications like Signal for sending messages.


It was removed but there was a discussion about a similar account over on the Photos reddit this week. https://old.reddit.com/r/googlephotos/comments/yzz03x/it_loo...


This is such a weird story. Is google really using computer vision to detect CSAM? How could that possibly work? This seems like a tremendous technical challenge.

Usually photoDNA has been deployed for this, but that almost certainly wouldn't be triggered by the dad uploading his own photos that hadn't been previously marked as CSAM in the photoDNA database.


Everyone's using AI, and widely. I sell stuff online and sync a product feed to Facebook. Products often get banned based on image analysis. Sometimes it is reasonably close, eg darts getting classified as dangerous weapons, other times sneakers get that classification.

If I appeal, it usually gets overturned, but sometimes sneakers get confirmed as weapons after review. There seems to be no image history; when a previously whitelisted product gets imported again (with a minor change in description or something), it may get classified as weapon again.

Needless to say, my ad spend is now zero and I expect my account to get banned any moment.

Fuzzy AI-based image analysis is OK for things like extracting roof shapes from aerial images, but seems totally inadequate for moderation, because it lacks nuance and context.


> Mark did not remember this video and no longer had access to it, but he said it sounded like a private moment he would have been inspired to capture, not realizing it would ever be viewed or judged by anyone else.

Recontextualisation is one hell of a drug.


Honestly? My son is two years old and sleeps in the same bed as us. All three of us also don't like being too warm so during the summer months he would sometimes only wear his diapers and we would only wear underpants. It's not clear from the description what the video shows exactly but apparently the police didn't consider it a problem. If I had captured a moment of my son doing something cute while we're still in bed, that would have fit the description.


Yeah I wouldn’t be surprised if they were asleep in the video and that’s what Google still had issue with. Perhaps not but if so, it would explain things a bit better.


+1 for the archive link


Thanks for the reminder.

Wife and I take a lot of photos of our newborn, including in the bath. We think nothing of it, but probably worth figuring out a digital plan.


Same. I make an effort to choose angles that aren't too "revealing" but this got very difficult with video rather than photos. It's extremely disturbing to have to consider what a US company might consider "pornographic" when recording an entirely non-sexual interaction with your own child but here we are.

If the idea of an AI flagging an innocent moment wasn't bad enough, I can't stomach the idea of having to appeal this by literally having a stranger review a private moment in order to determine if it was sexual abuse. This just seems like an unjustifiable invasion of privacy.


Use a film camera and develop the film yourself.


Digital camera would be fine too. Some photo printers can print direct from an SD card without any PC or network connection.


Apple's Photos app tried to tell me that my child was my lover in their photo event labeling, which really pissed me off a lot.


I think i had something like that. If you do “review more photos” too much and your pretty similar to your partner - you will get this.


So, basically if I have disabled cloud backups in google photos, this shouldn't affect me right?


Do not send them via plaintext email, or a proprietary chat system. Also be aware that other corpo apps on your phone may harvest and back them up too or scan them in place. US cell carriers require extensive root access malware like OMA-DM toolkits that can be triggered to spy on anything on your phone at any time.

As long as you use proprietary software on your devices you will never be safe from this type of thing.


For now they don't scan the contents of your phone, yes. If that changes, potentially no.


Aside from the fact that Google likes to randomly lock longtime users out of their accounts too sometimes, yes. Those cases happen unprompted.


what happened to the guy was awful but in general, don't ever store medical correspondence on Google cloud or send it over email or messengers. Here in the EU and I would be surprised if it's different in the US there's dedicated apps for telemedicine which are regulated like medical devices, so there's confidentiality, no storage or scanning of vieo or audio, and so on. Sucks but you can't really treat any other services as secure or private.


right but most people take pictures with their phones nowadays, which might automatically backup up to google photos.


And the supermajority of users of this set of systems and features are entirely technically unaware of how to micromanage it.

To them, they have a phone that backs up to the cloud.


I figure it's probably not typical but I disable every single piece of tracking possible and disallow any external cloud storage on every device I have. I just don't actually have a need to give Google thousands of my photographs and access to every piece of my personal history. The benefit would be marginal and the cost is unlikely but potentially catastrophic. (And seemingly more likely every year). Every new device I get I go through every setting and turn off all the new bullshit they've put in to steal my privacy, because they do constantly add to the attack surface.


Sounds like there almost needs to be an incognito mode for cameras.


There is. The Android camera app has a button on the top-right corner that lets you quickly switch between saving to "photo storage" or "locked folder". If you pick "locked folder", it saves it to a special folder that isn't backed up to the cloud and requires a screen lock to open.


that does sound like a useful feature for uses like this, but I've never heard of it (and many phones probably come with different camera apps provided by the manufacturer... I have no idea if the Camera app on my Motorola phone is the stock one or not...).


I don’t trust anyone with health data, honestly. Two examples from the UK:

Babylon data breach for UK GPs:

https://news.ycombinator.com/item?id=23471347

Palantir getting its teeth into the NHS:

https://www.bbc.co.uk/news/technology-56183785

Next time I need a doctors appointment I’ll do my best to make it in-person.


It sounds like a secure platform was likely used to send it to the doctor but the photos were taken on a phone and auto backed up to Google Photos and also texted to his wife’s iPhone.


Old News


Outrageous and unacceptable.


Then don't accept it. Null route Google in your hosts file and move on with your life.


Stratechery covered this … they pointed out the really f*ed: part: Google is refusing to reinstate the account.

Protecting children is important. AI is imperfect.

But there is no reason the keep the account suspended once it’s clear there was no wrongdoing.

This man is innocent of doing anything wrong. Google had suspended him, and removed access to all his online account data. And refuses to reinstate.

We balance out liberties with responsibilities all the time. We allow the state power to protect children, and corporations have the right to assist them.

There are careful balancing acts being done.

But there is no balancing act here. There is no justification for Googles action.


IIRC there was a follow up which was arguably worse.

Google implied that the account was suspended because of real CSAM concerns unrelated to the photos sent to the doctor/police officer (other photos in their account? they wouldn't go into details about their decision) and that the officer closing the case doesn't mean their judgement here is wrong.

If that's the case I can understand why they're obstinate about their decision (which otherwise would seem like a dumb mistake they should just reverse), but the problem is none of this happens in a place where users have any ability to get reinstated or have any sort of control over their digital life - there's no real path any individual has out of this even after going to the press. There's no due process, no way to defend yourself, no way to get them to show how they made their decision. As I understand it you have no rights beyond the ToS.

The user also losing all related account access (two factor, email, etc.) is particularly bad. This is also categorically different from Apple's approach which compared hashes of CSAM with what's in the NCMEC database which would not have caused this mistake (here Google is using computer vision to discover and flag novel images).


> There's no due process, no way to defend yourself, no way to get them to show how they made their decision. As I understand it you have no rights beyond the ToS.

This is where legislation is required. Mass-scale social media/cloud providers/etc are effectively public utilities, and you should be able to challenge their decisions in court - the current situation is as bad as if the electricity company could disconnect you for non-specific reasons and you had no reasonable prospects of a successful legal challenge to their decision.

(Such regulation should be limited to providers above a certain size-maybe a cutoff like 10 million MAU or 500 million annual revenue-so small players aren’t burdened by it.)


That's spin. The real reason is discussed near the end of the article.

They don't want to get into the business of deciding what is and isn't sexual imagery. Instead, it's easier to just ban people and forget about it.

It's the same type of behaviour and attitude that lead to damoore being fired. No room for ambiguity or nuance at Google. Everything can be decided by an algorithm.


If the reason stated at the end of the article is the reason I can also understand their decision.

If my SO was surreptitiously taking nude pictures (videos?) of me and our kid while we were sleeping (and uploading them to the cloud!), I’d be pissed (and this is the most benign interpretation).

That said, there should still be due process.

Ultimately, I think it’s an issue with the local max of computing we’re trapped in. We need tools that can free us from dependence on a handful of centralized companies that have this kind of discretionary power over our lives.


I dunno, cloud or no cloud there is an expectation of privacy. What they've done amounts to a warrantless fishing expedition and it should concern everyone.

The problem is, the alternative is this stuff runs rampant on their service, not something I'd want either.

So I understand their position, but their approach here is lacking.


Zero transparency and zero due process is a massively underrated feature of big tech censorship/policing.

It's one thing to debate the benefits that society gets for removing/flagging content, but the costs are immediately 10x higher when the false positives have zero recourse.

Even 'legitimate' cases often can't speak to a human to find out why or how they were flagged (unless they have influence). The public can't find out what motives/reasoning or who was behind certain content being removed. So it feeds into conspiracies and builds resentment.


Morally speaking, once a company becomes big enough they should owe a minimal standard of customer service to society.

I'd hope to see this covered under anti-trust laws (not a lawyer though, don't know the laws or their applicability). There's only one Google, and Google had quite the monopoly on being Google. They're big enough to be either regulated or broken up.


I wonder what images they used to train an AI to recognize a child penis.


There is no reason for Google to not be lying about it.


I faced a somewhat similar predicament earlier this year.

I still have no idea how, but my 2FA enabled Facebook account (with a unique and secure password) was compromised while I was sleeping. Shortly after, the attacker started using my Business Manager account to run ads for fake products on their scam stores.

Here's the catch: my personal Facebook account was permanently banned right away, but my Business Manager account wasn't.

How? According to other folks who had the same done to them around that time, the attackers would upload CSAM content on your timeline so that you get immediately banned/locked out.

Well, that means I could no longer retrieve/change my business manager account, which gave the attacker free reign to run ads for about a month. To some degree this means that Facebooks CSAM system gives the attackers a way to compromise Business Manager accounts more efficiently.

I submitted a ban appeal, but didn't hear back. I read online that if you have an Oculus, reaching out via their support is the only real option, so I did just that.

I wrote down a detailed account of the timeline of events, along with screenshots etc., and sent it to an Oculus support agent. In fact, they thanked me during the interaction or providing 'the most detailed' report they'd seen.

The evidence was pretty clear: at 5am or so, someone had logged in to my account via a foreign IP, change my email to a Chinese address and added a hardware 2FA key. The ads they were running to scam stores were often in Chinese, too. Not exactly a difficult case to crack.

They assured me I'd hear back within 7 days, but a month or so later I received an automated email from Facebook stating that the time for my appeal had expired, so the account would stay permanently banned.

That was mildly infuriating, given I never heard back from anyone.

What did losing my Facebook account mean to me?

As much as I'd been considering moving off social media, it briefly ruined my life.

* I'd had my account since I was 13 years old in 2008. I had a few thousand connections on there, many fleeting and superficial, but at least a few hundred with folks around the world that I care about and have no way of reaching now.

* 90% of communication here in NZ transpires via Facebook Messenger, so I was immediately cut off from my community and friends. What's worse, many have since told me that they were worried I'd blocked them.

* My income from the time came from selling trading cards in FB groups while I was closing an investment round. I lost the ability to do so, and had to move out of my apartment to live outside of the city with my in-laws.

* My father passed away a few years ago, and I had countless photos of him on my account, as well as our message history. This honestly hurt more than anything else.

All in all, this experience has left me a deep scar. I guess I needed to learn a lesson around not relying on one platform so heavily, and to some extent not backing things up such as the photos, but I really wish Facebook could have just done the reasonable thing and let me back in.

Finally, I have no idea if I was reported to the police/LE in any capacity regarding whatever was posted on my account to have me banned. Am I on some kind of list now?

A boring, technocratic dystopia.

edit: on the off chance anyone from Meta reads this and thinks they can help, I would be over the moon to get even a chance of having my account restored. I was told to speak to an Australian law firm who charge $3,500 to hound Facebook to get accounts restored in situations like mine, but unfortunately that's just not within my means.


> Protecting children is important.

Google protecting children is not important.

> This man is innocent of doing anything wrong

He is not entirely without fault: He negligently enabled surveillance of his personal files, including allowing Google to make copies of his son's genitalia / his son's private personal medicall information. He's not exactly innocent - but of course, his misdeed is not vis-a-vis the state or Google, but vis-a-vis his son, his wife and himself.

> We allow the state power to protect children

You don't allow the state anything. The state allows itself and you pretend we control the state because we get to make some choices via elections every once in a while.


> But there is no reason the keep the account suspended once it’s clear there was no wrongdoing.

For you, Google is your everything. For Google, you're an tiny ant. If a tiny ant steps out of line, they kill it. They don't feel bad about the ant; they don't feel anything. It's a free service and it's not worth the cost to literally do anything.


This is what software as law looks like. The software actually found one or more pictures of a nude child and banned the account - the software worked exactly as intended. As humans we can see the issue here, the software cannot see or understand the issue. Google is not about to start carving exceptions out of its government mandated or coerced scanning feature, it can only follow the rule that any nudity involving children is bad.


Expect that the software did not work as intended. It’s intended to identify child sexual abuse material and this was not that.


This is one group that Google works with: https://www.missingkids.org/theissues/csam

Their definition and yours are not exactly the same. If you read what they have to say, you'll see that the issues are more broad than whatever you personally call abuse, and those issues include exploitation and distribution of images that victims find harmful. Are you a victim of abuse or exploitation? Who are you to determine what a victim finds abusive or exploitative?

I'm not saying I agree with this situation, just that I can see how it happened and why Google won't do anything in this case.


I didn't give a definition for what constitutes abuse.

My point is that the software is not working as intended. The intent is to stop child abuse, but the software they build does not identify child abuse it identifies what it believes to be naked (semi-naked?) minors. Those are two different things.

A photo you take of your kid for the doctor to see in order to treat them is not CSAM. Neither is a photo of your naked baby.

But those same photos if stolen from you or taken by others for different (less wholesome) reasons would be. But, and most importantly, that context is not to be found in the photo itself.


This is the part that should receive a Congressional inquiry. I would love to see Congress drag Sundar Pichai (and no one else) before them and scream “What the hell is wrong with you?” in his face.

We have courts for a reason. They found no wrongdoing. Google is objectively deciding they know better than an elected court on what happened.

This whole situation is absurd and evil.


Remember Google can ban any account at any time for any reason including because they just do not like you.

No Google software, devices, or data on their systems belongs to you. Sue them and they will remind you of this fact in detail.

If you want to own your digital life you will have to commit to being a pariah in your social circle that is ridiculed constantly for using open source tools.


> If you want to own your digital life you will have to commit to being a pariah in your social circle that is ridiculed constantly for using open source tools.

I think your friends are just a little too obsessed with social media. The only response I ever hear to "I don't have a facebook/twitter/whatever" is "yeah, that makes sense, I think about deleting mine all the time."


> Sundar Pichai (and no one else)

I'd go a little broader than that. I'd also want to see them drag in whoever made the decision to not reinstate the account, plus everyone who knew what happened and could have overridden the decision but chose not to do so.


> everyone who knew what happened and could have overridden the decision

that will never happen, unless documents & emails get discovered and all the cc'ed people get subpoena'ed and deposed. And even that won't catch everybody. Congressional committees don't have time for that.

Big corporations are adept at diffusing real responsibility among a faceless mass of people.


I'm not normally one to indulge conspiracy theories.

... But given the situation and high profile nature of this incident?

If that account's still locked, it's locked under sealed FBI warrant.

Google has had situations where they work hand-in-give with law enforcement to resolve something, and when they do, they're radio-silent on the situation. Sometimes for years, given the scope.


>Protecting children is important. AI is imperfect.

is protecting children more important than a software engineer with no backup's mistakes and first world inconveniences? yes.

the AI did its job flawlessly - detected a naked toddler. as did the human verifier. bravo. should it have been detected and flagged? yes.

should we be surprised at the chosen free cloud provider's attitude or dismissal? no.


CSAM stands for Child Sexual Abuse Material. It was not CSAM, quite the opposite actually.


thanks. so CSAs have no interest in pictures of naked toddlers..


Maybe naked toddlers should not be flagged? You can see naked toddlers bathing in lakes and such. They are naked, cause overwhelming majority if people dont see toddlers as sexual and they themselves are not ashamed of body yet.

Naked pre-teen? Sure flag absolutely. Toddler? No.


They're not looking for "normal people", hence why a naked toddler is flagged.


These stories of people being banned by google without recourse are so common, it's amazing that anyone here is still using google for anything important. First of all, get off of gmail. If you do nothing else, get off of gmail. I'm very happy with fastmail, they provide email, calendar, contacts, notes, and some cloud storage for a monthly fee.

I've also come to love nextcloud, I started using it to replace google photos, but there are tons of other great features too. I use it for photos, notes, calendar, contacts, news, and some collaboration stuff. It's open source, you can self-host, or get a hosted account somewhere.

While you're degoogling, start using duckduckgo for search. It's a better experience than google these days, and if you really want to send a query over to google, just add !g to the end of the search.

Get off of Chrome too. I would prefer that you use firefox, but chromium works fine too.

Getting off of google voice took a bit more work. I ported my number to Telnyx, wrote a SMS-to-XMPP bridge, and set up Asterisk to route voice calls. I'm happy with that solution but it won't be practical for most, so maybe someone else can comment on google voice alternatives.


>I would prefer that you use firefox, but chromium works fine too.

The rest of your comment seems fair, and equally very interesting, and I'll follow up with fastmail and nextcloud - thanks, but just the particular "I would prefer that you....", seemed jarringly out of place, and made me somewhat happier I use [a heavily customised] Brave [with a very edited hosts file], for no other good reason than ff just doesn't do it for me, as much as I've tried, and tried to like it.


That's fair, I just think it's a shame that Firefox's market share has grown so low. It's still my favorite. I also believe that Blink hegemony is bad for open web standards. Use what you want, but not chrome.


This is the one that causes me to finally commit an entire weekend to getting off Google.

Because I have the exact same kinds of photos on my phone, auto-backed up to Google Photos, intended for his physician.


NextCloud on a VPS works very well for me. The AIO setup does all the work for you: https://github.com/nextcloud/all-in-one


That Google snoops and watches your video, photos and emails should not be a surprise to anyone in 2022. If your entire online identity is tied to a string that ends in @gmail.com they own you.


> After setting up a Gmail account in the mid-aughts, Mark, who is in his 40s, came to rely heavily on Google. He synced appointments with his wife on Google Calendar. His Android smartphone camera backed up his photos and videos to the Google cloud. He even had a phone plan with Google Fi.

His first mistake. He (and a whole bunch of others) forgot the principle of least privilege. The moment you start letting a company like google domesticate your usage patterns, you're essentially their bitch from that point onward. Better to keep all of their stuff compartmentalized


Sadly I think everyone in the 00’s incorrectly assumed these companies having custody of our data didn’t equal them monitoring the data.

The time has long passed since we should have left Google services if we care at all about privacy.


x


Google doesn't give a damn if you leave unless you are a ad spend whale. If you're not spending at least a million a month on ads you are just a drop in the ocean for Google.


Google will not lose any significant number of users no matter how shitty they are, because most people have no idea how to leave.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: