I'm seeing a lot of criticism here in the comments, but what's the alternative for free accounts? If you're not using it, how long is Google (a for-profit company) supposed to hold onto your data for free? 100 years? 50 years? 15 years?
2 years seems pretty reasonable to me for something provided by a for-profit corporation. And as other reporting has noted, they're not deleting YouTube videos (makes sense, since while nobody else views your e-mails, public videos are public).
People here are saying, what about if you go to jail for more than 2 years, or you're in poor health for multi-year stretches? Then pay for a cheap Google One subscription, export your data with Takeout, or have a trusted friend log in once a year. These are lots of options.
If this were a government-provided service then it would be one thing. But it's not, it's a for-profit company that gives you free products in exchange for ads. There are lots of options for keeping an account active. I see no reason why we should expect a company to keep providing storage for dormant accounts beyond 2 years though.
Photobucket (remember them!) kept hundreds and hundreds of photos in my account with them despite complete inactivity for over a decade.
I simply forgot the account existed, and remembered one day to find a ton of amazing decade old photos.
There’s something to be said for doing things that earn your company respect from consumers. Had photobucket deleted my decade old photos because I didn’t log in frequently enough, I’d be pissed and wouldn’t use them in the future. If a small photo storage company can afford to keep customer photos for decade+ with no login, I hope Google can store some text emails for at least 5 years.
Re: the jail/health issue, making sure Google doesn’t delete my account would (literally) be the last thing on my todo list if I were on my way to prison or a coma.
> Photobucket (remember them!) kept hundreds and hundreds of photos in my account
Photobucket doesn't even offer free service anymore. Isn't this proving the opposite of your point? They couldn't afford to do what you're asking, so they stopped.
It’s hard to say from outside the org whether they did it because the costs were too high rather than because someone just wanted to so it to make even more money per new user
See, I read this situation as entirely differently.
Google is not being unreasonable in understanding that they can't afford to store all data from everyone indefinitely. They are not being unreasonable that it is a potential security risk.
Where they are being unreasonable is that they have basically gotten everyone addicted to their "free" product, and then, a decade after promoting the idea that no one should run their own services, they should just use free offers in the cloud: they are now admitting the downsides to this arrangement.
That Google account that your dead friend had that you keep on your buddy list because it gives you memories? Gone. That Facebook account with your dead family members photos and timeline? Gone. The Twitter account with all the tweets from you child who died too soon? Gone.
The lesson should be that if you're hoping for someone else to be the steward of all your digital histories, you're in for a bad time.
If you're on someone else's servers, you're bound by their rules, because much like going to their building, you are on their private property.
The thing is, they spent over a decade making sure that people trusted that their data would always be there, and that storing it in someone else's private property indefinitely, somehow, wasn't a problem.
It was always a problem. If you want to keep your data indefinitely, you have to know how to store it yourself on your own storage mediums that you keep in your own home and on your own computers/servers.
So, Google is currently doing nothing wrong, based on the realities of security and cost of data storage. The wrong they did was convincing users for over a decade that this wouldn't happen, knowing full well that eventually it would.
> That Google account that your dead friend had that you keep on your buddy list because it gives you memories? Gone. That Facebook account with your dead family members photos and timeline? Gone. The Twitter account with all the tweets from you child who died too soon? Gone.
And unless you're the account owner, good luck archiving any of that. I believe Facebook is extremely hostile to scraping, and I don't think Twitter is very easy, either.
Nothing you described sounds mentally healthy at all. For Facebook and google you can download a dump of the data if you provide a death certificate and are next of kin.
I found out yesterday that my Google Voice number was no longer mine. No inactivity warning email like I had received in the past, no notice at all, I just tried to Zelle some money to myself (testing the service with $1, thankfully) and was surprised to find out the number wasn't mine anymore. I wanted to contact Google to ask if there was any hope of getting it back, but I couldn't find a way to reach them. The Voice app lists a developer email, apps-help@google.com , which returns this message: "You have emailed an address that is no longer being monitored."
I understand it's a free service, that I'm not a paying customer, that I was wasting a resource by not actively using the service.
It's distressing to be given something by someone with power, to use the thing and in small ways rely on it and enjoy it, then suddenly it's taken away. I hope every inactive person gets their notices before they lose their data. I didn't for my Voice number and now I'm trying to sort out all the services I have tied to it.
Again, I understand Google has all the power. I had no leverage and shouldn't have had any expectations for how I'd be treated. However the amount of goodwill I have towards Google is rapidly approaching zero. I've read a thousand messages here saying variations of, "don't rely on Google, you will get hosed eventually". This (deleting inactive accounts with no option to opt out) is the kind of treatment that annoys people, eventually hurts them, and turns them off of a service.
You should get inactive email alerts. I got them regularly from March 2019 until Oct 2022 (I got rid of the number finally). The email has the subject of:
> Your Google Voice number (xxx) xxx-xxxx will expire in 30 days
I used to get emails from them: 2013-08-11 "Your Google Voice number --- has expired", 2021-04-11 "Your Google Voice number --- will expire in 30 days", 2021-11-06 "Your Google Voice number --- will expire in 30 days", 2021-11-30 "Your Google Voice number --- will expire in 7 days"
Nothing about expiring numbers since then. The last contact I had was: "2022-12-14 Notice: Verify your Google Voice forwarding phone --- in the next 30 days"
That's my guess as well. Sometimes Google emails end up in spam, even on GMail. Since spam is purged after 30 days, if it ended up there, there would be no trace of it at this point.
>I see no reason why we should expect a company to keep providing storage for dormant accounts beyond 2 years though.
Remember when Google said they would hold on to everything that their users did on their site forever? People were concerned about the privacy implications, etc. and how a part of their lives that maybe they didn't want anyone to know about would be out there, probably for sale, forever.
Well as far as I'm concerned Google made their bed and now they get to lie in it. Don't piss down my neck and tell me it's raining. They promised (or threatened, or noted) that they would hold onto it forever and that storage costs were manageable, etc. They need to be held to it.
In my case that means they get to archive all my junk mail (a few hundred emails with account info for places I might never visit again) since that is the sole purpose of my gmail account and I haven't intentionally used google search in years since DuckDuckGo showed up as an option.
This is actually funny to me. Life caught up with them and forever ended up being a much more normal, physically quantifiable time period that fit nicely in less than a human lifetime. But still, they should be forced to live up to their promises, or threats, etc.
it's probably a wishful interpretation from the initial coverage,
https://slashdot.org/story/04/04/01/0038200/googles-gmail-to...
"hey want to offer their searching capabilities so that users can search through their entire set of e-mail, I guess forever. "
https://googlepress.blogspot.com/2004/04/google-gets-message...
"Storage: Google believes people should be able to hold onto their mail forever. That’s why Gmail comes with 1,000 megabytes (1 gigabyte) of free storage – more than 100 times what most other free webmail services offer."
(at the time, I thought it meant forever, silly me)
Right. What I remember from the time was that Gmail's big thing was it had so much free storage that you could archive emails instead of deleting them. Previously people generally would delete most emails to save space, and Gmail changed that.
There was nothing about saving all your emails forever no matter what even if you stopped using the product. It was never presented as a lifetime backup archive to be accessed decades later. Just tons more quota than competitors was all.
And now the GMail storage limit for free users is 15 GB, 15x what it launched with. I think it's rather naïve to expect that any free service will give you unlimited space or unlimited time. A 2-year inactivity period sounds reasonable to me. Literally all you need to do is log in once in 2 years to not have your account deleted. I often disagree with Google's handling of things, but this isn't one such instance.
And set up Google Inactive Account Manager* so that in case you unexpectedly pass away, somebody you trust gets access to your account after a set period. I've set mine to 3 months because I'm online so much, but you may find 6 or 12 months to work better for you.
> at the time, I thought it meant forever, silly me
Nothing is forever. Any time any company is promising something that is "unlimited" or "forever", they're lying. They have to be, because the economics of holding true to infinities preclude them.
Whatever the sense of entitlement behind it, it would be nice to have the public reminded of this walkback, so that Google's future statements and promises can be interpreted with appropriate degree of skepticism.
Let it be known that I have no particular love for Google (nor any corporation of significant enough size for that matter).
That being said I can not say I understand what is being conveyed in the original comment nor by yours.
Google at some point promised free storage of stuff, and for some reason these comments try to make it sound criminal that they are now backtracking on that, even if it is in the case of accounts that have not so much as twitched in two years.
If we were talking about a promise they had made to keep all your data (for which you pay them to keep) completely out of their ad business, and then years down the line that promise would get reversed, well then this line of reasoning would make sense.
They are a corporation giving free stuff. More shouldn't be needed for your spider sense to tingle.
> If this were a government-provided service then it would be one thing. But it's not, it's a for-profit company that gives you free products in exchange for ads.
It is so big it is nearly a monopoly and it is part of our lives which is almost impossible to avoid. It should be regulated a lot more like a government and not treated like some kind of startup business.
> it's a for-profit company that gives you free products in exchange for ads
Exactly. If I stop using their free services, do I stop seeing their ads though? Because that’s kind of required to make this argument work.
Or it’s just Google gets to delete my data because they have all the power in this relationship? I get to keep being fed ads, make Google money, lose my data, and cost Google less at the same time. There’s only one side of the relationship that benefits off any of this.
Yeah, I think if you stop using their free service you do seeing their ads. I'm pretty sure you are talking about using a Google service... Which you wouldn't use unless it benefits you. So no there isn't only one side that benefits
This is probably a real hot take, but some services should indeed be public utilities and be run by a non-profit. That way we can avoid the constant debates about deplatforming and all that.
The issue is with the expectation they’ve set. “Store your important data with us, and we'll keep it safe” was the message many people got, even if they never actually promised to do that.
I didn't say they should, I simply pointed out that the "money [which] has to come from somewhere" is coming from somewhere, they place we all thought it came from - our data.
Yeah this seems wrong, from the link it appears they definitely WILL delete YouTube videos:
> Starting later this year, if a Google Account has not been used or signed into for at least 2 years, we may delete the account and its contents – including content within Google Workspace (Gmail, Docs, Drive, Meet, Calendar), YouTube and Google Photos.
This needs to be frontpage of HN for MUCH longer, this is honestly catastrophic. So much knowledge will be lost, imagine if public libraries started throwing books away if authors didn't publish any new books for 2 years.
This is insane from my perspective (though I see how it makes sense from Google's)
This needs to be talked about MUCH more, though even as I'm writing these words I doubt the utility of even discussing it - nobody except Google has the ability to even store all of this. Data hoarders are backing up Imgur prior to their purge... but Google is about to rip YouTube a new one. This looks insurmountable.
> what about if you go to jail for more than 2 years, or you're in poor health for multi-year stretches? Then pay for a cheap Google One subscription, export your data with Takeout, or have a trusted friend log in once a year.
At least for the first case, that assumes a lot of leeway in the justice system of a given country. Not everyone gets the SBF/Elizabeth Holmes treatment.
To say nothing of other risks, and the layering of other provider's kafka-esque policies. As an example, I have a few service accounts tied to a barely used gmail address. -Primarily- because those services [0] don't have a good/any way to move accounts between e-mails or merge accounts between two separate emails.
[0] - One of which is Sony, not exactly a bit player
> If you're not using it, how long is Google (a for-profit company)
I vaguely remember Google promise not to delete your account in the era when they said they do no evil. That was before smartphone era and probably before their IPO.
It’s not only keeping the old emails, if your email address becomes available for registration an attacker can also register it and receive password reset emails etcetera.
This is disappointing, albiet not that surprising. It's a good reminder to not rely on Google for long term storage of anything you care about. It's not uncommon for inidivduals in poor health to go through multi-year stretches of very limited activity, especially for elderly individuals. In the future, people in that situation, or their relatives, might be surprised to find a Google account they thought was secure no longer exists.
Prison email, if available at all, is usually through some super locked down per pay message custom site (www.corrlinks.com seems to be a big player). You're definitely not getting access to regular Gmail if you're doing hard time.
They can give their password to a trusted friend/family member, and have them log in once every few months to keep the account active. Yes, it’s a pain, what if they forget, etc, but it means a 2+ year sentence does not necessarily entail losing one’s account.
Could someone start a subscription paid service for the incarcerated - “we keep your accounts alive while you are inside”? More broadly, could provide other “manage your affairs for you while you are incarcerated” services. I suppose many incarcerated people would have no income or assets to pay for it, but some would, or their family might be willing to pay for it.
You make it sound like the only possible motivation a person might have to start such a business would be to exploit the incarcerated.
What if the founder is a former inmate, and says “I wish there was something like that available when I was on the inside?”
Even if the business is officially classified as “for-profit”, there’s a big difference between a business seeking a living wage for its founders and employees versus one trying to make as much money as possible. In fact, it could even be owned by a charity - sometimes charities start 100% owned for-profit businesses, not because they want immense returns, but simply because sometimes the legal constraints on a charity can be too limiting, but a for-profit subsidiary isn’t subject to them
I have no interest in starting such a business myself, anyway.
> You make it sound like the only possible motivation a person might have to start such a business would be to exploit the incarcerated.
Initial motivations are irrelevant. At some point, the motivations of a business reduce to "make money", and anyone or anything that gets in the way of that doesn't matter, including your ethics and initial motivations.
There are lots of innocuous reasons why that happens. For example, you believe your business is doing good, right? So your business has to survive to keep doing good. And you need to make money to survive. So surely it's okay if you make it easy to pay for your service while you're in jail, perhaps by making deals with prisons to allow them to sign up in prison. Hm, that didn't work, prisons aren't doing it. Perhaps you can give prisons a cut of the sales for the service. And voila, now you're profiting from slave labor because the prisons just automatically deduct it from prisoner's pay, which is already below minimum wage, for work they can't opt out of. Of course you don't know that, so you hire 10 employees with your sudden influx of money and start expanding sales to more prison systems. And then you find out that your income stream is... not perfect, but now you've got a responsibility to your employees. McDonalds and JCrew do it, you're not doing anything worse than anyone else. And it's not exactly slavery--they're paid $1/hour (nevermind that a tampon in the commissary is $20). You're practically paying them, just with a service rather than money, right? And your business is doing good, so you have to do this, even if it's not perfect, so your business can survive and continue to do good!
The thing end-stage capitalist circles can't or won't understand is that if it's not this compromise, it's some other compromise or set of compromises. In any individual situation, doing good and making money might be compatible or incompatible, but there's only so many of those situations where you can choose good over money before your competitor knocks you out of the market.
"When you sit down in the studio to make money, God leaves the room." -Quincy Jones
What about the corporate structure of the Guardian newspaper in the UK - a for-profit business 100% owned by a not-for-profit? The not-for-profit isn’t allowed to pay dividends, so 100% of the profits are either reinvested in the business, invested in the not-for-profit’s endowment, or donated to charity
This has some overlap with the structures used by OpenAI and Mozilla, but unlike OpenAI, the Guardian doesn’t have any “capped profits”, 100% of profits go to the not-for-profit owner. There are employee salaries to pay, and likely also some debt interest, but those are an expense not a profit distribution
I'm struggling to see what problem you think this solves, or why this is a response to what I posted.
Ask yourself: are you trying to imagine a way of helping inmates retain access to their Google services, or are you trying to shoehorn a business into the much more obvious solutions to that problem?
If you don’t make something people want, you fail. If you don’t make the unit then the overall economics work, you also fail. If you fail, no one else is helped.
This is a dumb business to create, not because it’s technically hard, or because it wouldn’t help some people, but because Google is one policy email away from making your business obsolete. If you get traction, they’re fairly likely to do that for the PR.
You can effect change in May 2023 if you start now on the business. When will you be able to effect change if the only strategy is “fix the whole system”? It won’t be this year and probably not this decade.
Which strategy gives a better outcome for someone incarcerated today?
(The above phrasing moves the conversation into a different topic from the message chain. That’s ok, but I want us to be clear about what we’re claiming.)
> If you want to do something unambiguously good, do it, don’t start a business.
Oh? And what is unambiguously good? This seems like a rhetorical question, but it isn’t. Try to answer it.
## Ethics
It can be quite hard to know what is unambiguously good, depending on your ethics.
- If you are a consequentialist, you’d have to pick a time frame, and even then you won’t really know until that time comes.
- Other moral philosophies might focus only on intentions, but these are not plausible, because good intentions are easily derailed by ignorance.
- I don’t have a clear answer for myself, so I can be confident that some particular idea of “unambiguous good” will not hold water for N > 1.
## Opportunity Cost
Next topic… even if we agree on an act being “unambiguously good”, that isn’t enough. Even the most “obvious” selfless acts might not be the best considering the other options available. To phrase it as a question: considering your opportunity cost, is a small scale good action really worth it?
## Life has Tradeoffs
The phrase “don’t let perfect be the enemy of the good” is apropos here.
If you want to solve a particular disease with high likelihood, you could well find it demands collaboration with flawed pharmaceutical companies.
Is it worth it? Weigh it.
But to dismiss such an idea solely because it is “impure” —- without some meaningful metric that trades off pros and cons —- is foolish and unmoored from
reality.
Hello over-the-top idealist, meet entropy. Time to talk about acceptance. Do what you can with what is available. Are you trying to make change or are you more interested in trying to look like a saint?
## Organizational Structure
Practically, if your desired good thing is attainable without using a for-profit business structure, great, consider that. It can work.
Personal actions matter. By all means, give smiles, encouragement, constructive criticism, love, advice, and so on.
Beware: not all kindness (such as advice) will be taken as you intended! (Whoops. Maybe not unambiguously good anymore.)
Community organizing matters. Volunteers can go a long way. (But they aren’t perfect!)
When you want to scale up your impact, you have to accept real world tradeoffs. Not all are clear at the outset.
For-profit or not, you want a plan. Often that plan demands longevity and thus some kind of sustainability. Even if you are happy to spend your capital without an eye towards building an endowment, you’ll want to think about effectiveness.
Even if you are a charity, you might face some trade-offs about what donors you want to let in your tent. Very little money comes without any kind of expectation. The expectations might be clear and totally fair such as: transparency as to how your organization spends the money. Other expectations might less savory: donors wanting to prop up their image.
## A Footgun Named Naïveté
All in all, the comment above strikes me as naive to the point of undermining one’s own goals.
## Efficiency, Corruption, Impact
It is my view that:
- maximizing impact is hard to do without trading off some efficiency
- reducing corruption is non-linear. Rooting out the big offenders is essential to keeping an organization’s mission intact. From there, fighting corruption will be beneficial but often with diminishing returns.
- At some point, trust and acceptance of human weakness may actually be more cost effective than fighting the lingering forms of corruption; e.g. personal networks having some influence over a process that is supposed to be completely blind
- In many cases, people breaking the rules based on good information and intentions isn’t corruption at all. Sometimes the system is flawed and people work around it. Figuring out which is which costs time and resources.
It's a large nation-wide industry, so I imagine at some point during the business's growth, the founder may be bought out, or the oversight of corporate management lets profit drive the decisions in its various departments.
They have email, internet, social media and video chat in jail. It costs a lot of money but they have the ability to access the internet. The library has free or reduced cost internet but the tablet in the cell is the big bucks.
Hell, the local police will probably happily login to your email whilst you're in jail, just sign away your 4th and 5th while you're at it ...
It's one more thing you have to know to think about - though if the system counts automated logins as logins, then maybe fetchmail has a purpose again.
How about we stop monetizing people’s misery and start treating them like humans? People get drunk on money and start trying to monetize every single interaction in life.
People make mistakes, go down the wrong path and go to jail if their wrongs are bad enough. That doesn’t mean they should have even more of a mine stripped road back to society.
This is already common for most business models. When you chuck your stuff in a storage locker and then vanish for 2 years without paying, you know what they do? They cut the lock off and sell your stuff to some stranger.
I wish I could get into my old Google account. I unexpectedly went to jail for 10 years and when I got out I couldn't log into my account because my 2FA (phone) was gone. I had 10 years of email in there. Would love to find another way to authenticate myself.
Looks now like it is all going to be hosed anyway.
(1) sign up for Google Workspace subscription and then log a support ticket saying you want to migrate your old account to Workspace
(2) hire a lawyer and get them to write a letter to Google asking nicely. If that doesn’t work, you could have the lawyer escalate to threatening a lawsuit, filing a lawsuit, subpoenaing the account contents, asking for a court order that Google give you access to the account, etc - even if it turns out the law is on Google’s side not yours, they may decide to fold just to make the issue go away
(3) contact a journalist. Since you are a former prisoner, you’d need to find one with appropriate sympathies (pro-criminal justice reform, etc). If they make enough bad PR for Google, they may give you back your account in response. Probably depends also on what your conviction was, since some offenders the public finds it easier to sympathise with than others
None of those methods is guaranteed to work, but they all have potential. It really depends on how much you want that account back, and how much time and money are you willing to spend on it
Let me start with number one and see what happens. The frustrating thing is I swear I set a recovery email. I actually still get all the email that arrive in the account as it has a forward rule to another email address I have access to.
You may be able to use this fact to your advantage if you can get someone to pay attention. Ask them to send a confirmation code to the old email and then produce it
"Unexpectedly" in this context might be referring to the actual event in which they traveled from their home to their cell, in which case the unexpected nature could easily prevent them from securing the Google account.
I hardly think it matters anyway. Take out "unexpectedly" and their complaint is exactly the same. Suggesting that someone who went to jail shoulda/coulda/woulda taken steps to avoid being locked out of their Google account is not practically different from victim-blaming.
That’s horrific, and the actual sentence was 6 months+ time served or you ended up winning at trial? Is it bec only US citizens are protected by the constitution’s promise of a speedy trial?
This is very common in the US justice system. There's a general institutional apathy or sometimes even vindictiveness that causes random delays to get to trial. If you don't have the money for bond, don't have someone to pay, or a bondsman wont cover you, you just stay in jail.
Every year multiple people die in prison from preventable causes without ever being sentenced.
This is why bail reform is important. A well-off person can pay-away the bond and prepare to defend themselves. A poor person will be stuck, lose their job, home, important documents, pets, etc all before being found guilty. If they're found not-guilty, its simply their fault for being poor or being in the wrong place at the wrong time and there's zero recourse for these people having their life basically lit ablaze. Please don't take the anti-bail reform propaganda at face value, for every terrible outlier case, there are hundreds of people who don't have their life grenaded over a small charge.
Making people desperate is an easy way to increase crime.
I feel like people forget Hotmail et al. circa 2001 when 60 days passed and you lost everything. Sometimes you could keep your account and just the data was wiped out. This was ABSOLUTELY THE NORM on the internet. Google overturned it single-handedly.
In Texas my automatic payment for my storage garage where I have $10,000s of my designer clothing collection didn't go through because my bank removed overdraft payments and I missed the email. They made very little attempt to contact me, pathetically little in my opinion, and when I finally caught it barely 30 some days later they said my possessions were all days away from going to auction. It really disgusted me. My whole life is stored there since going nomadic.
They don't have a prepay option otherwise I'd gladly pay annually or biannually to play it safe. Based on the US culture, I believe it is their actual goal to take possession of all my things. My only copy of school yearbooks and college degrees are also there. I really doubt any other country is as hostile and would love to move it all to my storage in Thai or France if not for customs and import taxes complications.
I didn't use my Hong Kong subway card for 9 years and the balance was still there, in America at almost 0 cost to them to keep it active, the NY subway system 100% would have stolen my money. I fundamentally HATE whan the culture tolerates as normal. Google ain't bad at all.
> in America at almost 0 cost to them to keep it active, the NY subway system 100% would have stolen my money.
MetroCards expire every 12 months, but every MVM in the city (and every subway station has 2-50 of them) will take an expired one and exchange it for an active one for free. My understanding of the expiry window is that it's meant to correspond roughly to how long a MetroCard survives in a wallet, not to steal your money.
(None of this will matter in a few years anyways, the replacement system integrates with existing contactless payment systems.)
Very interesting, so perhaps a poor example. I'm used to aggressive policies in the US to take you balance or similarly clean themselves of any financial obligation to you, but off the top of my head I don't have examples handy. Guess I'll document them in the future to see if I have a legitimate argument comparing countries here
> I didn't use my Hong Kong subway card for 9 years and the balance was still there … the NY subway system 100% would have stolen my money
FWIW, most Octopus cards do expire eventually. If you don’t use it for three years, it’ll be deactivated and they’ll deduct a $15-per-year admin fee until either your balance is gone or you reactivate the card.
The only way to avoid this is to have a special concession card (seniors, kids, etc) or to buy an Octopus outright[1], which most people don’t do. The tourist Octopus, notably, can only be bought outright.
Storage units are a strange business. Most of them are just ways to hold property long term while extracting value from it, the same as if you just grew hay on your farmland.
Auctioning off unpaid units is both a liability thing (there is a clear process for the eviction so units can be turned over) and a bonus revenue source. Literally every storage place has it buried in their terms somewhere.
When I had a unit in Paris I was really impressed with their efforts to contact me for small things, I feel they'd have tried every last resort if I was at risk of losing my things but I can't be sure. (Like for freaks sake at least one notification to my postal address I think should be a professional minimum for these types of businesses. It would have worked since I have mail scanning at my postal address)
Mail scanning? Are you implying that you have automated mail scanning, or do you mean there's someone there that will scan it for you. I am really intrigued. I don't do well with physical mail.
It's the most wonderful thing ever, I left the US and did a change of address to a Travelingmailbox.com address. They only scan the envelopes and on demand open and scan the contents. Sometimes I get credit cards and pay the nominal fee to get them physically forwarded.
Oddly enough, when I get checks I just blow them up on my screen, sign in Paint with my mouse, and take a photo in my bank app of my screen to deposit. It actually freaking works
I’m telling you that only shady storage places optimize for auctioning evicted units. It requires extra staffing so it’s something you have to commit to.
Decent places allow you to prepay, have multiple payment options, etc because they also don’t want to deal with auctioning.
I'm actually with a chain who tends to get extraordinary reviews, has 3 layers of security and A/c for all the units. . . really really depressed about their process with late payment. If not for this one shit tier aspect they're 5-stars
Honestly after the FBI cleaned out all those safety deposit boxes in California and didn't even have to explain themselves in any meaningful way, I wouldn't even consider one for the normal purposes. Maybe I can get one in Singapore.....
If you're concerned about a scenario in which the government can do what it likes and doesn't need to explain itself in any meaningful way, I'm not sure Singapore is the place you're looking for...
However expected these policies are, they're always a massive pain in the ass for people who continue to maintain accounts for the dead, and that use case never seems to be considered, except maybe to push those maintainers to just delete everything.
For example, one Gmail account I maintain for my deceased partner has another older Gmail account delegated to it. I have the credentials for the newer account, but not the older account. That delegated access is the only way I can get at about 10 years of their life; since I can't login to the account, I can't run a Google Takeout on it, I can't pull it via IMAP, etc.
(I'm sure it turned some heads when I logged back into their Twitter account, which became their de facto public online memorial after death, to prevent Twitter from deleting it as inactive.)
All of my efforts to recover actual capital-A Google Account access to the delegated account have been either declined or ignored by Google because I'm not the account owner — which, obviously, because I'm not dead. I've offered them death certificates and small-estate proof, but they don't want it or seem to care. Since I can't login to the account, I can't prove activity on it, so this means one day in December that'll just be it. 10 years of correspondence, wedding planning, travel plans, memories straight down the shitter. (Google already "lost" all of the photos in that account that were more than 10 years old; cf. other complaints: https://www.reddit.com/r/GMail/comments/jgr0j9/help_missing_....)
Judging from the contents I think it consumes about 150MB of storage. I'd pay quite a lot to get that account dumped onto a $10 thumb drive so I can back it up. I'd already printed out a binder full of it, which is comical considering it's fucking _email_.
Anyway — figure out your digital estates while you're awake and alive because it gets way harder — for everyone, much less you — once you're incapacitated or dead.
This ... is not what is going on. When I worked at $bigcorp serving billions in traffic, what happened is that botnets would create accounts and leave them dormant for weeks/months/years (thousands of them), then start doing their bot thing. Account age says a lot when it comes to trust (usually) and spam detection. That's more than likely what they're seeing, not 'compromised' accounts.
All this does is tell the spammers exactly how long they are going to be allowed to have 'sleeper accounts' for, the problem won't magically go away.
I am reasonably confident that Google are more aware of what's going on with dormant accounts on their platform than you are. I previously worked at Google in Security and while it wasn't in user protection, I know they have quite a few signals for determining compromise. It's pretty trivial to see that an account that was in legitimate use for 5 years and then dormant for 5 vs one that was created and left dormant for 10.
Yes, on Google and on other platforms, account age is a valuable reputation signal but it isn't the only one.
Yes, we saw the same thing. But when spot-checking the activity we realized it was super-low-effort legitimate activity. IOW, it could have been sweat shops or scripted bots going through some motions.
You still have to supervise the models and ensure they're working as designed and general quality control. Though with the number of 'Google disabled my account for no reason' posts, I assume they're not doing that, especially when I read comments like this, I assume its a part of maintenance that people don't consider when it comes to AI.
I am sure Google of all companies has enough insight into account behavior to conclude this is the case for them. It's not like they can't verify it either: if the account previously had legitimate activity and is now compromised, it's not really a sleeper account.
Bots, antidetect browsers, and residential proxies exist specifically to imitate the activity and circumvent fraud prevention systems like Google's. Most accounts get caught, but many slip under the certainty threshold. This is a cat and mouse game, and sometimes mouse wins by blending into the crowd.
With LLMs it suddenly became much easier. I suspect that the timing of this decision might be not random.
Are you suggesting that they're too incompetent to tell the difference between bulk account creation and hijacking, or that they're just lying about the reasons for why this change is happening? The former idea is pretty arrogant, the latter is unmotivated.
Especially given you're talking of "thousands" of accounts, I suspect whatever problems mattered to you the most were not the same as those of Google's account system.
This could also just be a simplification for the purposes of this announcement.
They mention this being mostly about security and preventing the use of hacked accounts, and they mention these dormant accounts that were only created and then went immediately dormant. It makes sense to me that they are in fact talking about this issue, just not explaining all the detail.
That's possible, but the storage costs of unused accounts is probably significant. Given billions of users, they probably have several hundred million of them.
Previous company I worked for had to create a process to clean up unused developer accounts. The fact that they were free to sign up meant we eventually got quite an impressive amount of them.
Meh, you move that data to cold storage and if they ever come back, it just takes longer to log in. They are already physically migrating data to closer data centers for you, so it isn’t any more complex than what they’re already doing.
I wouldn't discredit it so quickly. I have seen lots of old accounts being taken over on eBay lately for scam auctions. It seems to become more and more common. So this could very well happen with Google accounts as well. It makes them more credible for whatever scammy thing they are being used for.
I can't imagine a more bruteforce approach to a known pattern, then.
If the only indicator you have for spam potential is [created an acccount] + [was inactive for some period], I can't imagine the other myriad spam vectors aren't getting hammered 24/7.
> Starting later this year, if a Google Account has not been used or signed into for at least 2 years, we may delete the account and its contents
This is great news! I have a couple of Google accounts that I couldn't delete because I lost the login credentials. I appreciate that Google will go ahead and do that for me.
Honestly, I wish more online services would do this.
My password manager has accumulated hundreds of accounts, many for services I haven't used for years. Probably half of them are "one off" accounts that I had to create because the stupid web site makes you create an account to do some basic thing (that shouldn't require an account). So here all these accounts are, sitting out there probably with my real name and maybe a few other bits of PII in them, just waiting to get p0wned. At one point I started going through them one by one logging in to look for a "Delete Account" button but surprisingly most of them offer no way to do so, or hide it well.
Even HN doesn't let you delete your account. I understand they will if you E-mail them, but even then, I don't think they will delete your content.
The web needs to be more ephemeral. It by default retains too much "forever and just because".
I think it will as the data backlogs become larger and the expense greater. Imagine how much Google is spending to store user data on accounts that will never log in again. All the people who have died and had gigabytes of content stored. Eventually it becomes unsustainable to keep everything.
Dead people will never become paying users, they also won't care when you delete their data. There is no point to spend untold fortunes hosting their data forever.
Google wins by limiting account hijacking, cutting hosting costs, and the only people who care are some complainers on Hacker News who will stop caring the moment they get distracted by the next Framework laptop cup holder attachment.
> To reduce this risk, we are updating our inactivity policy for Google Accounts to 2 years across our products. Starting later this year, if a Google Account has not been used or signed into for at least 2 years, we may delete the account and its contents – including content within Google Workspace (Gmail, Docs, Drive, Meet, Calendar), YouTube and Google Photos.
Note the may. It is not a guarantee that they will delete!
That seems to be merely legalese to prevent people from relying on the deletion period and then suing Google when it ends up not deleting something for one reason or another.
I have a google account I haven't been able to log into for some time, because even though I know the password, it flagged "suspicious activity" at some point and has required me to verify with a phone number I no longer have, from when I lived in the U.S. (I now live in Canada, but it did let me log in from Canada when I first moved here)
I was hoping that some day, someone would register that phone number and I'd be able to convince them to give me an authentication code, but it sounds like now the account will be deleted before this happens.
This really sucks because I think that email was used to register with a bitcoin exchange that I may have some (formerly) tiny balance on. So effectively google has locked me out of an account that could have financial consequences, with no way for me to recover it.
If the number isn’t in service why not try signing up with some pbx and getting that number shouldn’t cost more than $30. If you truly believe you have some btc locked away there that’s a small price to pay to get it back.
I always figured I'd get access one day, and being unable to sell before then (if I even had BTC there) wouldn't necessarily be a bad thing.
But also, can you register a specific U.S. number as a person in another country? Seems like a lot of hassle and possibly more expensive than $30, if it's even possible.
You can def get a US number, finding someone who will give you a specific one is maybe a little harder but not out of the realm of possibility. Sounds like you don’t really care though.
Not even elaborate. Try selling something in FB market place or craigslist. You will get many interested parties who just need to send you a quick verification code for reasons.
What they are really doing is signing up for stuff using your phone number.
If someone ever asked me to send them a 2fa I would send them the wrong one until they get mad and stop asking me to do it.
Also, my name is google-able and some "white pages" style sites still list my old phone number, so I could verify my identity in other ways.
You'd be surprised what people will do if you talk them into it, lots of people wouldn't hesitate to give their own credentials up, they're not going to take issue giving a 2fa code for something they're not in the process of signing into.
This isn't a silicon valley area code or any other area where people are tech-savvy, I'd wager there's a 99% chance that whoever registers the number could be persuaded. I can literally have my family with the same (rare) last name meet them face to face.
I understand the risks of inactive accounts, but as I have pointed out here before these binary policies do not address the all-too-common situation where someone is forgetful and/or incapacitated prior to their death. These people have more important things to think about than their email and their photos,and the transition from alive to dead (to be blunt) can easily take more than two years. By the time that the estate and the executor has control of the account it can easily be too late to save precious memories.
I have a very old youtube account which I can't recover, in fact there's 2 of them.
They have content on them that I will never be able to reproduce, but I watch it from time to time for nostalgia.
This post means that Alphabet will delete old legacy content on a huge scale.
The world will be poorer for their culture. It will lose the ability to watch very old youtube videos.
There's an argument that this should be done with domain names as well. Right now, anyone can buy an expired domain, set up a wildcard email address, and read any email that's still being sent to addresses in that domain.
Conversely, if you take the advice of some to set up a personal domain for your email, you are basically committing to a lifetime obligation. If you later change your mind and let that domain expire, any future owners of that domain will receive any email that was sent to your old addresses.
Domains are like real estate. You may end up with a nuce prime real estate in cheap & do nothing. You bought a good domain long ago and not using it. You may buy a domain/property, raize everything & start from scratch. If you abandon a plot/property, domain, and not pay the dues (taxes) or registration fees, anybody can come & claim it through defined procedures.
Same way I may buy a home & get mail. Tomorrow if I sell that home I need to do change my address with senders, and make sure to put forwarding (maybe keep the old domain for few weeks/ this year)
No standard way to inform the sender of a new address, AFAIK.
You can set up a forward to your new email, and keep the old address active and forwarding messages until you're satisfied you've updated (or canceled) all the uses of your old address.
Then maybe start bouncing messages for a period of time before you finally shut down your domain.
Am I the only one who (mostly) likes this new policy? I actively try to delete my online accounts—and it's _hard_ (or impossible for some companies).
I definitely have some Google accounts from like 10 years ago that I lost access to. I'm glad to know they'll be deleted.
That being said, 2 years does seem a little short.
But, I do like the idea of my data expiring. It seems creepy as hell that someone could go back 10 years and dig up a bunch of information about you that you forgot existed: blog posts, comments, photos, videos, emails, home addresses, phone numbers, credit cards.
Data breaches happen. Data brokers find your stuff. Stalkers exist.
Also note google have a trusted contact option for inactive accounts.
I haven't seen this mentioned in the thread and worth doing for some peeps. I set this up so after 6 months of no activity my sister and wife get access to my accounts.
This is as good a time as any to remind people to get their estate planning sorted.
I recently turned <significant milestone>, and had a death in the family who was nearly 100 and had their estate in order which made things a lot less complicated their executor and kin.
We now have Enduring Power of Attorney and Enduring Guardian delegated to each other plus two other well trusted people, one local and one distal, jointly and severally; and set up our wills.
So our lives now have a trusted back-up operator and a redant pair of back-up operators. N+3.
Don't wait till it's too late.
This is not legal advice. I am not a lawyer, and I am especially not your lawyer.
If compromised accounts is the problem, then google could change the authorization on them, and require proof to get back into them.
Of course that would require some kind of functional consumer-oriented support line where a human working at google could receive identifying information, check that against Google's internal records and public databases (your old phone numbers, addresses, etc) and check against the contents of the account and the old logs in order to determine that the person was who they said they were.
That would also solve the problem of so many people in the comments who have old google accounts that they've lost the 2FA/passwords to who are locked out of their accounts, they'd now have a process to go through in order to prove who they are and that they owned the account and get it back.
But that would cost Google a lot more money than just even hanging onto the storage, so they're gonna nuke it and make it all go away.
Big Tech really needs to be regulated more like a government agency.
> Of course that would require some kind of functional consumer-oriented support line where a human working at google could receive identifying information, check that against Google's internal records and public databases (your old phone numbers, addresses, etc) and check against the contents of the account and the old logs in order to determine that the person was who they said they were.
This is a highly unreliable, easily gamed non-solution to the problem. If people are determined enough to compromise your accounts, it's easy enough for them to find your old phone numbers, addresses, etc. Websites like https://www.fastpeoplesearch.com/ exist, and it provides generally accurate information on people.
Humans are always the weakest link. If you allow a random person to convince a Google employee that are the owner of the account, they are going to be tricked.
People on HN are always very quick to come to the conclusion that Big Tech not doing something is because of cost, whereas the reality is that the thing HN commenter proposes but Big Tech is not doing is flawed in the first place.
No, I'm suggesting that you need to prove who you are using a high level of authentication (ideally things like passports). That identification can then be used to associate you with addresses, e-mails, phone numbers, etc using sources like credit agencies and probably Google's own existing information, which can then be associated with the logs on the account. And this should be used for accounts with significant amounts of inactivity so it isn't a process that could be used for actively used accounts. I'm not suggesting that Google employees just trust someone who just says they lived somewhere and had some phone number.
This can be bad for many cases, but also good for people who lost access to their accounts and finally that embarrassing YouTube videos and Blogger posts posted with they real names from 2005 when they were 15 year olds will be erased from the internet.
Only at the moment, YouTube was included as part of the content they're going to delete from accounts as per the VP announcement.
People should use this as a warning to save content they want to keep from YouTube that's particularly old and the account seems abandoned. Just in case Google isn't so lenient with the generous solution; unlinking YouTube accounts but keeping the video up.
I already download any video I find valuable with yt-dlp. So many videos just randomly disappear or are difficult to find again because Google keeps mixing more and more irrelevant suggestions and shorts into search results.
Disk space is cheap, and it can be nice to scroll through the folder now and then and rediscover some great content.
Most comments will disappear. A disappointment: contrary to the meme, I found them informative and insightful in a broad variety of contexts. And going with them should be the last vestiges of the site's social networking era, unceremoniously, in the way of annotations, video replies, and homepages.
I'll be rolling on the floor laughing the day that Google deletes all the old videos, though. The amount of internet entrusted to Alphabet is just hilarious.
Interesting two weeks. RIP pushshift. Your torrents live on. Congratulations, imgur – photobucket, tinypic, and imageshack would be proud.
This is announcing a change in the policy of which accounts are eligible for deletion. It doesn't mean that every eligible account will be deleted immediately, or even ever. The post says that they're starting with accounts that were only created but literally not used at all.
In this article[0], it says that YouTube accounts with videos won't be deleted:
> At the moment, Google is not planning to delete accounts with YouTube videos. (That would be tricky as some old abandoned clips might have historical relevance.)
No it doesn't because public videos are designed for public usage. They have comments, are part of recommendations, playlists, and so forth.
Deleting private content and deleting public content are two entirely different things. There's zero reason why the former would imply the latter, and many reasons why it wouldn't.
PSA: If you haven't engaged ArchiveTeam to back these up, feel free to. They have the tooling necessary to rapidly rip entire channels (and define a collection for them) for upload to the Internet Archive. Can't count on Youtube to persist or provide open-ish access forever.
I seem to have lost my old YouTube account. I used a username (not email) to login, and then I used that same email for a different account, and now YouTube doesn't let you log in with usernames anymore, so it's in limbo. Now it looks like they'll delete all my videos and there's nothing I can do about it.
You can still use a username to login at https://www.youtube.com/gaia_link which will let you link the channel to a Google account if you still have the password.
The most notorious problem with deleting accounts is the accounts that are used as third-party login. Google can lock me out of my account and I will also be locked out of the other services that don't belong to Google.
There needs to be legislation for this kind of thing.
Another problem: emails on my old account need to be transferred over. That's the only reason why I need the old account. But there is no simple way to do this. And two accounts cannot be merged either. I have been using a ninja technique that adds something like a Hotmail address as a sign in. Takes out the email data. And then deletes the email account. And then creates a new one. And then reuploads the emails. Annoying as hell. The Hotmail address is the only way my login method remains.
I wonder, does using a delegated calendar also count as activity, or do I now actively have to sign in into that account from time to time?
At least some time ago there used to be some wonkiness regarding replies to calendar invitations if somebody sent an invitation to my private mail and I would then accept or decline that invitation via my calendar on my regular Google account, which is linked to a google-specific mail address. So ultimately I ended up creating a secondary Google account for my private mail address and then delegated full calendar access from there to my main account, which is also the one signed-in on my phone.
> Before deleting an account, we will send multiple notifications over the months leading up to deletion, to both the account email address and the recovery email (if one has been provided).
It was originally 9 months. Here is an email my dad received on June 23, 2005. I replaced personal info with XXX.
===
Hi there,
We've noticed that you haven't used your Gmail account, XXX@gmail.com, for quite some time. In order to make Gmail better for our users, we've added a lot of things in the last few months and we hope you'll want to start using your account again. Here are just some of the latest additions:
- Free POP access: Take your messages with you. Download them, read them offline, access them using Outlook, your Blackberry or any other device that supports.
- More free storage (today and tomorrow): Stop worrying about storage. Your account now has over 2000 megabytes of free storage and our plan is to continue growing your storage by giving you more space as we are able.
- 12 more languages: The Gmail interface is now available in UK English, Dutch, French, German, Italian, Japanese, Korean, Portuguese, Spanish, Russian, and simplified and traditional Chinese. If you don't see the language you want on this list, look for it in the future because we're going to keep adding more.
- Rich text formatting: Express yourself with fonts, bullets, highlighting and over 60 colors of the rainbow.
- And lots more, including support for more browsers, an improved Contacts list, and an easier way to send photos.
We're still working hard every day to build you the best email service around. But to keep Gmail great for our users, we may have to close inactive accounts after 9 months. So, we hope you'll give us another chance. To log in to your Gmail account, just visit: http://gmail.google.com.
Thanks,
The Gmail Team
==
We sent you this message because we wanted to warn you of your account's inactivity and remind you of our dormant account policies. For more details, please visit our Help Center:
*Protect your Gmail password and your personal information*
Google takes your privacy and security very seriously. For your protection, Google will never ask you for your personal information, such as bank accounts numbers, credit card numbers, pin numbers, passwords, or Social Security numbers in an email. For more information on how to protect your Gmail password and your personal information, visit our Help page here:
http://gmail.google.com/support/bin/answer.py?answer=8253
We sent you this message because as part of signing up for a Gmail account, you agreed to be periodically asked for your comments and suggestions to improve Gmail. If you do not wish to provide such feedback in the future, you may opt-out of receiving Gmail market research messages by visiting:
XXX
(If clicking the URLs in this message does not work, copy and paste them into the address bar of your browser)
related question: given plummeting prices per GB for raw storage, I'd have expected the cost of hosting storage to drop per GB as well, and yet we haven't seen a commensurate drop, even given competitive pressure. What gives?
Yes, I know there's many other costs but I'm talking about * PER GB * and just for storage not access. A disk drive roughly takes the same amount of space/power/cooling regardless of capacity, so if you install 2x larger drives then cost ** PER GB ** should fall in half. And yet, we haven't seen that among cloud providers.
This should mean that inactive accounts quickly drive to near-zero cost, since they're nothing but storage capacity. Photo hosting should drive to zero. etc etc etc
No, storage costs aren't plummeting. They've been largely stagnant the past 3-4 years. I don't think the reduction in the number of drives for the same amount of storage is as significant as the cost of the drives themselves.
I wish they would let me sign in to my account with my old last name, but even though I know the password and have had it for a decade, that's apparently just unacceptable.
The company trajectory and the fact that there doesn't seem to be any support for this sort of thing is why I'm ultimately un-googling my current accounts, documents, etc.
Edit: The kicker is that I get security notifications about the failed login attempt at the recovery email, so I know they could send recovery information to that address. I trusted them to use the "recovery email" for account recovery when issues like this occur and now that basic trust is gone. It's been said over and over, but this is all another reason not to build your online identity around Google.
That said, this policy change makes me really concerned about how difficult it is to run your own email solution that people trust. Today's email ecosystem feels very focused on Gmail and those accounts just became more ephemeral.
This seems pretty reasonable. Google is a for-profit company, hosting your shit, for free, indefinitely, isn't their prerogative. They should offer some one-time fee or small reoccurring charge to keep your stuff in hibernation mode or something. Like literally $1.
Youtube is a defacto time travel machine when it comes to culture as video. You can watch videos from 2004 and earlier.
It's the only platform that could allow itself to act against copyright laws.
It's part of the cultural heritage of humanity.
Okay, what does that have to do with Google not maintaining history of the videos you watched? You can still bookmark links, download videos for offline use?
> if an account hasn’t been used for an extended period of time, it is more likely to be compromised. This is because forgotten or unattended accounts often rely on old or re-used passwords that may have been compromised, haven't had two factor authentication set up, and receive fewer security checks by the user. Our internal analysis shows abandoned accounts are at least 10x less likely than active accounts to have 2-step-verification set up.
Ah yes, because as we all know, the best way to prevent a robbery is to preemptively burn down the whole building. Good luck stealing from me once all my belongings have been turned to ash!
---
To be a bit more charitable, it may true that in some cases, getting hacked is worse than just having your account deleted. I'd posit this is the case for a small minority of users, especially when the overall chance of being hacked is still far from 100%.
By the way, what about accounts that do have two-factor authentication enabled? Are those exempted?
If Google wants to delete inactive accounts, that's their prerogative, but don't hide behind some security argument.
2 years seems pretty reasonable to me for something provided by a for-profit corporation. And as other reporting has noted, they're not deleting YouTube videos (makes sense, since while nobody else views your e-mails, public videos are public).
People here are saying, what about if you go to jail for more than 2 years, or you're in poor health for multi-year stretches? Then pay for a cheap Google One subscription, export your data with Takeout, or have a trusted friend log in once a year. These are lots of options.
If this were a government-provided service then it would be one thing. But it's not, it's a for-profit company that gives you free products in exchange for ads. There are lots of options for keeping an account active. I see no reason why we should expect a company to keep providing storage for dormant accounts beyond 2 years though.