No, ladies and gentlement, that has nothing to do with that.
The post is about a "disposable" Google account created two hours prior and all it did was break Google TOS. This is totally predictable protection from account abuse. Pretty much any major consumer company will ban brand-new accounts that immediately proceed to break TOS.
I don't know what Google does with a longstanding account that breaks TOS in this way, but this is not that. Also you should be using Google Takeout to backup your account data regularly anyways -- that's what it's there for.
Let's not make excuses for Google here. A few months ago I created a Gmail account for a new business - since I hadn't registered the domain yet, I planned on using the Gmail account for a while then switching over to the real email. Over the next few days I signed up for a bunch of other stuff with the account: Instagram, Facebook, Twitter. I also registered the real, verifiable business address on Google Maps and requested a postcard verification to that address (which never arrived).
That's literally all I did with the account over a span of two or three days. Then I took a long weekend hiking trip. Came back, the account is permanently locked. No way to contact support. Just a tiny comment box where I could plead my case, which I never got a response to.
I was able to get back control of the FB, IG, Twitter accounts quite easily. It took me weeks of wrangling with Google support to get back control of the Google Maps location, and I was never able to unlock the original account. I had to do this whole messy process (as directed by them) of registering the business on Maps a second time then declaring the old one as a duplicate, then waiting two weeks for Google to process (ignore) that so I could escalate it to real human, then they fixed it but mangled the name which took another week or two to fix.
So yeah, don't use Gmail for anything you care about is my advice.
I can see why my actions on that account could falsely trigger the account to lock, that's not the issue. The issue is that there was literally no way to ever unlock the account once the false trigger happened. All they had to do was require a phone call with a real human in this case. But no, it's Google.
I will say from experience with google maps, that if you say the right combination of lawyer, legal, etc etc…not directed at them, but about another entity accidentally in control of your maps location.
They will call you from an overseas number between 8-11pm your local time, or 4am.
If you answer, they can magically fix it in moments.
If you don’t — you may get a call another time… or never… in which case, good luck.
(In short, it’s insanely hard to get anything going wrong with Google fixed. And I am so sorry you had to go through that. I’m terrified of having something like my drive deleted(shared files). But I do pay for space… so perhaps paying makes it less likely?)
Fortunately it was resolved before we actually opened to the public (barely). But at one point I was like, fuck. Google Maps is the main driver of customers to our type of business here, from my research. What if this couldn't be resolved at all and we were stuck unable to control our business on Maps? It would be a huge problem.
Specifically, I don't know. But Aurora is an open source client that uses google play APIs to download and install apks. It's used by users who want to install apps from google play without having any google play services (and their unreasonably terrible privacy implications). The account is required I assume to authenticate to whatever network requests they're using.
I cannot imagine this being allowed in their TOS. The app is a reverse engineer of their APIs.
> I don't know what Google does with a longstanding account that breaks TOS in this way
Pretty much nothing. I've had my main account for... 15 years or so? I moved away from Google several years ago [0], and use the account almost exclusively for the Aurora store now. It's been fine, and has been for somewhere between months and years.
[0] If I'm wrong, or Google becomes more aggressive, then nothing major is lost. I've gone through Takeout, stopped adding photos/email/passwords/etc years ago, and completely migrated away. No need to tell me "But what if the account gets banned?", because nothing of value will be lost.
No. It's one of the reasons Takeout is more performative than useful. A giant pile of JSON files for proprietary Google services you can't import anywhere isn't useful unless you're a developer who can write automation to import them to somewhere else.
It's certainly 100% useful for me, not "performative" at all, but that's because I use it all for standard stuff -- e-mail/contacts/calendar, files/Docs/Sheets/Slides/photos. None of that is proprietary to Google (e-mails are mbox, Docs files are converted to Word, etc.).
Sure if you want to download your Maps location history or YouTube comment history as JSON it's there too, but I don't think too many people care about importing that stuff elsewhere. Competing services are obviously free to build their own importer if they want.
But all the normally "important" content we think about like e-mails and documents and photos, it's all there just zipped up. Nothing trapped inside proprietary JSON or anything like that. And it's just peace of mind knowing that I've always got a local backup of everything.
Well, for example, what mail services will allow you to upload an MBOX file? (I'll give you one... Fastmail added support for it about six years after I left Gmail, but that wasn't until like last year.) You can't carry that export method over to most mail services, which if they support importing, require IMAP (and hence access to your current account in good standing).
Offering Takeout doesn't actually make it very easy to migrate to a competitor, is my point. Sure, you can get the data out, but very little will actually ingest Takeout in any useful way. And heck, I think last time I used Takeout, it preferred to issue things in .tar.gz archives, and good lunch to any non-HN user on figuring out what to do with those.
Well I do regular backups and they do ZIP nowadays.
And it's not Googles responsibility to make it easy for you to import to other services.
They use open formats and standards in their export. It's up to you and the other providers to mess with it. A lot of them can import directly from Gmail over API.
Mbox can easily be converted to maildir. Which can be used by thunderbird, not much, sup, etc.
I know people hate on Google but in this case it's not on them to make it easy. The fact that you can export it into open standards is all they have to do.
Finally, this is probably their way of creating a dark pattern. Especially for email. Export into an old, less used nowadays format.
You can import your mbox emails into lots of email serves via a desktop client. Depending on the client you might have to import into a second location, select all and then drag over to your live account. IMAP will sync up your imported email.
This is why I will never pay for YouTube Premium. Imagine having a recurring charge that you can’t terminate because your account was deleted for some unrelated service, and you have no phone number or office to contact.
Limit your interactions with Google to only the services you most need, and you will probably be safe. It’s too dangerous to go all-in on Google, because you could lose your entire digital footprint from an AI bot with no recourse other than HN and Twitter.
Banks don’t always let you cancel a credit card charge if you’ve authorized it but then can’t get ahold of the charging entity. It happened to me. I couldn’t get my credit card company (Wells Fargo in this case) to stop a recurring charge but they did let me cancel my credit card account and move my banking accounts away to another bank.
Ah, I'm not an American and that's very wild to me. I have never had trouble getting my bank to honour an order to stop payments, although it takes a few business days to process
The charge is tied to the continued existence of your gmail, gdocs, third party login with google account, gcp, and anything else you trusted google with.
In the scenario given your account has been deleted - if you still have access to other Google services, then you can just use the web interface to cancel the problematic subscription?
I don't know how US collections works since I don't live there, but none of the financial systems I've ever interacted with give merchants any entitlement to future money for a service they are no longer providing
This happened to me. The only way to contact customer service is after you log in, so the only thing you can do to cancel is to cancel your credit card or report the charge as fraud... which says a lot about the service.
It's an unproved hypothetical situation. What would be your recourse if your uncle started reporting false debts to your name whilst you were travelling around Italy?
In the past I have contacted YouTube Red support in the past when I didn't cancel my subscription after I moved counties and they easily refunded a few months of charges. Unsure how that would play out if your account was cancelled. I would probably just contact my bank to get the charges blocked + reversed.
Call your credit card company. They can block a merchant, perform a chargeback, and/or issue a new credit card number. I don’t know the rules for a debit card, but you’ll at least be able to get a new debit card number.
You can always block your card. Takes a few days to get a new one and might be a bit of a hassle to update PayPal and other services where you have it stored. Not ideal but I don't think anyone should lose sleep over it.
I don't know if this advice is for yhe only, or it's for companies that won't go after you for small fees.
Otherwise there's always recourses for a company to recover the fees that were due and couldn't charge through your credit card. You'd then have to dispute a court order to recover it from your employer for instance. You can of course battle it then, but it's a lot more hassle than to have the charge disputed in the first place (the dispute goes back to the company, who has to prove their point)
> You'd then have to dispute a court order to recover it from your employer
That's not how any of this works. A company doesn't just send someone over to the courthouse to speak to the manager and get a court order to garnish some random person's wages over $20 in declined subscription charges. Lol.
I actually experienced this first hand on a random invoice that got lost after moving to another town.
As a company you file an official claim that goes through a court, usually the other party won't show up, and you're awarded a judgement in your favor. That judgment allows you to request recovery of the funds in many ways, including asking the person employer to pay you first before paying them, repossessing their godds, houses whatever the court allows you to do of there's no other option.
For people baffled by all of this, many countries will have stronger laws to protect lenders and service providers than just telling them "tough luck" when you refuse to pay for received goods/services.
It very much is. I haven't personally been affected by Google charging any account after being suspended, but I have been affected by Facebook suspending my account while not pausing running ads on Instagram and Facebook, leading to charges still being made after I had no way of turning them off.
Not that I would be surprised but are there any real examples of this? I've considered setting up separate accounts for things such as email to reduce the risk of losing it in a random ban.
There's been many stories of entire companies being banned from Google services due to their affiliation with a freelancer who broke Google's rules years ago for a different client.
Those are accounts that are explicitly linked, though. We're talking about burner accounts, i.e. accounts where you try as hard as possible to create no link between them and your "regular" account.
There's been many stories of entire companies being banned from Google services due to their affiliation with a freelancer who used the company account to brake Google's rules years ago for a different client.
An alternative to Google Play Store for Android users who want to access the normal app ecosystem without running Google Play Services or other Google binaries on their phones. It violates Google's TOS.
It doesn't. There is an option to log in anonymously, which uses one of several dozen "dummy" accounts operated by Aurora maintainers to sign in. As of late these dummy accounts have been getting rate limited, leading to anonymous aurora sessions not working as expected.
A commonly suggested workaround is creating your own personal dummy account used for nothing but signing into Aurora. Google first rate limiting Aurora's dummy accounts and then beginning to instaban personal dummy accounts is significant because it represents an escalation in their efforts to force all Android users into proprietary walled gardens (Play store).
I have no idea, but I guess it doesn't really matter. If you start sending massive amounts of spam through gmail, does it matter if you did it after logging into the site with your user/password or through oauth api access or through smtp?
Well, as an app store, it pretty much has complete access to your degoogled phone, but (until recently) it defaulted to a pool of shared google burner accounts that were only used to download software.
That's one part where I actually think it works the way it should: for instance chinese makers probably don't keep any single trace of Google stuff in their builds, and they sell pretty big volumes.
It may help to just use Obtainium to download/track from APKPure and APKMirror. It’s open source and can also get binaries straight from sources like GitHub and GitLab—or even F-Droid, IzzyOnDroid, Mullvad, Signal, Steam, Telegram, VLC, Neutron.
I've always been skeptical of those APK sites. I'm not sure if this exists, but it would be useful if someone were keeping track of sha256 hashes of the official APK downloads from Google Play. I'd feel a lot safer if I could verify the files weren't tampered with.
I haven't had a google acount for a few years now and I have needed apps for my work. I have been able to find them on APKpure and run them on my phone without google play services. some of them will warn you that they may not run correctly but they always have for me with the exception of Workday which loads but won't let me sign in without play services.
APKMirror was created by the same person who started the Android Police blog, which gives it more credibility.
> What is the connection between APKMirror and Android Police?
> In 2010, Artem Russakovskii started an Android blog called Android Police as well as its parent company Illogical Robot LLC. AP quickly grew into one of the leading Android sites on the web, and in 2014, Artem founded APKMirror as a sister property to help host the large amount of APKs AndroidPolice frequently referenced in its news coverage.
> In mid-2021, Android Police was acquired by Valnet Inc. APKMirror remained independent and is still run by Artem Russakovskii and Illogical Robot LLC.
I've grabbed them in the past for decompiling games and never encountered anything odd. The ads on the website are horrendous though, which I figured was their main source of revenue.
For those who don't want to host their own email, but want need a non-Google (and non-Hotmail ahem) account for password recovery and problems like getting perma-banned from Google: what should we use? Happy to pay a small amount.
I’ve been using Fastmail and it’s fantastic. Their customer support is top quality if you need help, but I basically never think about it. I use Fastmail and it just works with no effort, so I love it.
Zoho has a great free tier email hosting with custom domain and the cheapest paying tier I’ve found. Been using it for years without a problem. The first paying tier allows for IMAP/POP, while the free tier only allows webmail access.
Fastmail is great (I use them), but there are a dozen other options for simple use cases.
Apple might be good for root ID management for non-experts, since you can generally walk into a store and ask a knowledgeable human for help in person.
I’m not sure how often they incorrectly permaban users or initiate uncancellable credit card transactions though. I haven’t heard of any cases where that happened (unlike google).
I'll also agree with fastmail. In addition to great support (which I only needed once in many years), their interface is also much much faster than "how about 5gb of badly written JS"-gmail (yes, a bit of hyperbole, but Gmail is slow compared to fastmail)
Personally i am really happy with mailbox.org
German provider that tries to be a gsuite replacement.
I cannot know challenges that come from non eu payments, but it is a prepaid model.
I used originally migrated to paid protonmail personal, for a while. Then i upgraded to enterprise to try out/demo out my usecase. Big mistake. I couldnt undo it. Finally waa able to.migrate to fastmail.
Proton drawbacks:
- NO autofwd emails
- expensive
- customer support is below avg
Fastmaul drawbacks:
- NO multidimensional hierarchy (NO folders+ labels allowed)
Been using Fastmail for almost 20 years I think. One of the best companies on the Internet. I never have to stress about my account with them and their support has always been great to me.
I managed to log into the mail account I had when I set up gmail.
Their AI arbitrarily decided that still wasn't good enough and that was the end of the gmail account I had since I was 13 (yes, I got one of the early invites.) I'm absolutely never doing anything important on a Google service ever again. It doesn't matter if you set stuff like that up.
Android APK security model is pretty apt for using mirrors - what you need is a trusted directory of known-good mapping of appid to signing developer key fingerprint to cover for trust on first use when installing - plus handling key revocation.
Mirrors publish the fingerprints, but it's unclear what verification they applied. Looking at history won't cover revocation, but it's already something. Certificate transparency logs could handle apks instead of domains too.
I understand the appeal of Aurora and similar - you let Google handle search, malware takedown and download traffic, but then you're also up to be cut off at no notice.
I'm not sure. Check app signatures? But I've got signture spoofing allowed, and also what canonical record can you reference ebaides google play? It's a conundrum for sure.
You know whom I don't have to fight tooth and nail with? Apple. Yeah, shit, but not openly hostile against me.
It feels like breaking up with an abusive ex when I discarded all things google.so much hostility and drama.
My iPhone is good enough to use the 3 apps I want without any drama. With Google they always do some shady shit and I was like "oh well, this is the best I can do".
Can't wait till i stop using smartphones entirely.
What mechanism would you find acceptable? I open Google Photos on my iPhone which sends my pictures up into the cloud and then they are easily retrievable via a link that devices on the Internet can go to.
Apple seems to have entered a phase where they are mostly just quietly decent. They have some bad things like iCloud and some good things like their hardware (mostly), but agree that they are not hostile to their users and don’t seem to be breaking their stuff too badly.
Hopefully they won’t go more into advertising. Anything the advertising industry touches turns into toxic garbage. Ad revenue is poisonous to any other focus for a business.
Last time I checked you can't install apps on their devices from other sources. You don't have to fight them tooth and nail because they've already declawed and muzzled you. There's no point to.
Most linuxes (minus Ubuntu) are already user friendly.
The only time I had to fight with my Linux computer was de-SNAP-ing it cause it would do forced updates and unstoppable growls. And fuck emulating Windows.
I have no idea but at least I have good hardware/software for now. My opinion is, vendor locked in architectures like android or iOS are like the proprietary Unixes of the 80s and 90s and need to die.
