I think the problem here is with Google's Multi Sign In, which makes it look like all accounts that are loged in are related, when in fact they are not, it just gives you an "easy" way of switching between accounts across Google services.
Both Molly and Amy (in the OT) have gotten confused and assumed that the accounts had been merged indefinitely (who can blame them? This is as much PEBKAC as horrible UI) so they attempted to "unmerge" them, ending up deleting one of the accounts.
The way to "unmerge" them is to log out of Google. Then, next time somebody logs in, there will only be one account.
This UI is horrible, I had a similar uncomfortable moment trying to log one account but not the other, even though I knew that they had not gotten merged, it sure seemed like it. The intention was good, the execution lacking (my guess is that there were lots of technical reasons this couldn't be done cleaner).
As soon as Chrome introduced Multiple Users, I started using that and it's much better, with less mental overhead to check which account is loged in (I use a black theme for one account, a white theme for the other). For other people/accounts, I just use Incognito mode. For most end users, this is still too much overhead for them, but in that case the only solution I could see is autologout, which has its own problems.
The multi sign-in UI is one of the worst bits of UI fail I've ever encountered. I had to struggle with it for three long years (my university used a Google-based e-mail, plus I had my personal gmail). Why the hell can't I just see multiple inboxes on the left hand side, like every e-mail app for oh the last 15 years or so.
I do this at home. Chrome is for me and Firefox is for my wife and kids. It's partly for historical reasons though. Originally we all used Firefox, but when I switched to Chrome they didn't. The benefits to them, versus having to learn a different UI, wasn't there.
They are web pages with some heroic contortions to maintain a facade of a stateful application. Web pages that connect you to useful information (and perhaps even, your useful information) are certainly very useful things. But they've never been anywhere near the power and flexibility of native apps on any platform (at the time) and never will be.
In this particular case, the best email "app" on the web still struggles to match the functionality of 15 year old native applications in the same category.
Multi Sign In is more useful to me though (now that I'm used to the UI). I really value having my first four tabs look like this: http://i.imgur.com/cnSZtTW.png (ignore the favicon inconsistency...it's a known and frustrating bug in Chrome).
With Multiple Users, there's a bit more overhead with seeing you received a new email/chat and switching to the appropriate tab.
I use the multi sign it for the same reason as you but I have to admin the UI is clunky as hell and the level of support greatly differ between Google Product; I often have to manually edit urls by hands.
This is such an annoying bug - it works perfectly on my home computer; but only works for 2 out of 3 on my work machine - I've tried everything and the third one never works - thankfully, it's not a high priority mail box and I don't count on it for work. Glad to know I'm not the only one.
I agree on the Multiple Users being very useful. I have a user for my private browsing, one for company related user accounts and more.
The benefit for me is that this does not only work for for Google related products (gmail/analytics), but also for other products you use. In our case Outlook Web Access, but also for example Trello and GitHub.
The UI is not so bad, it's the behaviour which is awful.
I'm constantly finding myself logged into YouTube with my work account after logging into Google Drive to see a document shared to me by the coworker. Except after clicking on the link in the 'so-and-so shared a…' I just get a regular 401 'You're not allowed to access this content', because I'm logged in as a different account, but not provided an option to change accounts.
I have three google accounts: work, 'Google-related stuff' (gmail, calendar, other google services), and YouTube, and I'm constantly logged into the wrong one. Google seems to assume that everyone has a Google account, and only one, and they're always logged into only that. As soon as you break those assumptions, things start behaving in unfortunate, unpredictable, and inconvenient ways. Even with their new ability to change between profiles, it doesn't work all the time, and when it fails it's overly confusing and arbitrary.
If it actually worked, I wouldn't have a problem with it. But a good portion of the time I am unable to actually access the account I have signed in with. I also randomly see mysterious "firstname.lastname@example.org" accounts on there, as well as other users on our google apps domain that I have never signed in as.
I'd encourage people to think of this less as "Wow, she misinterpreted a series of options and got progressively father from her goal state until it was unrecoverable; sucks to be her" to "This is computers as perceived by people who do not make a living making computers work, and we should anticipate them not always understanding our applications and design them to facilitate understanding when possible and make correction easy when not, to the maximum extent possible."
As someone who's had to support "normal" people on Google products -- as well as other products with similar problems -- for some time, I couldn't agree more.
"There is a way to do this" does not equate with the "average" user 1) Understanding this; 2) Remembering this especially when used infrequently; 3) Allowing themselves to be arsed with it when it's a cumbersome process.
Further, product managers and "designers" keep changing the design. Even and especially designs that were meant to convey e.g. the existence of and validity of secure connections.
Everyone wants the marketplace of "computing for the masses". Well, you need to design and engineer for those masses, as well.
To some extent, this is being "resolved" by "the masses" already being onboarded and managing, through constant exposure, to somewhat keep up.
However, this means of "dealing" with the problem leaves plenty of room for failures, some of which are pretty spectacular for the individuals and/or organizations involved.
"Secure" your documents in our "perpetually" available and backed up online storage... "Whoops", they're gone!
Allow me to correct you, everyone wants to design for smart, advanced users who have the latest browsers that allow us to do cool stuff while we hope that the masses will get with the program / super users will tout our product so well the masses feel they must adopt it.
Obviously that's an overgeneralization but I don't know very many people who actually want to design for the masses. Converting the masses is only something we value because we know it's necessary to make a lot of money, not because we believe reaching the masses by itself is a sign of great design or innovative work. For example most developers and almost all designers I know use macs and design for macs (e.g. web typography that looks fantastic next to Mac OS UI elements and out of place next to windows UI elements) even though many of their users may be using windows.
Not only did this user not merge their account (because that doesn't happen, as many people here have noted), deleting your account is a pain and a decent amount of work that is difficult to do accidentally (see this walkthrough about how explicit the process is: you have to click a checkbox for each product you currently use), and there is an account restore procedure after deletion.
Now, it is possible this user was confused and did all these things, then waited too long to try to restore their account, but there's not much else you can do for a person like this. You don't want a deleted account to be restorable for too long. They ask about Drive documents, but a mainstream and obvious backup for that does exist (not sure what it does if your account is deleted, though). Maybe make multiple sign-in disabled by default so that people won't accidentally do it? That's just going to annoy a different class of users...
Regardless, if people are going to reflexively vote up every bad user story in the google product forums (and why stop there? there are help forums all over the internet!), the front page is going to be...not very interesting.
Except we can only speculate on the kind of UI involved.
- Multi sign-in isn't great, but how did this user get in that flow in the first place? ("Add Account" isn't something most people would find inviting).
- How did this user accidentally delete her account? The process is actually fairly involved, and is difficult to do accidentally.
- How long did this user wait to restore her account? According to the help docs, you have a grace period to restore an account.
- What "representative" did she talk to? As far as I know, there's no chat support for free Google Apps.
Without this information, there's only speculation to be had, which is the entirety of this thread (in fact, most of this conversation has to do with "advanced" uses of multi sign-in, and has nothing to do with this story). There are a million stories like this, and this is a poorly told one. As should be expected! The user was not writing this to serve as the basis for a discussion on confusing UIs and bad user flows.
That was my point. Feel free to point me to the interesting UI discussion in this thread.
Well hindsight is always 20/20, but I don't think it's fair to just say "should have done x" at this point. It happened. It's done. Now where do you go from here?
This is the one thing in Facebook's favor (you can criticize privacy, but it's still a good feature IMO). There's an "undo" for deletes available for a short period.
Also, I have a habit of keeping a secondary email where I forward a copy of all incoming messages. It's a bit of a hassle, but that's another free provider so in the unlikely event one gets nuked, I can quickly grab my things via POP on the secondary (and leave a copy there). So that's 3 places I keep attachments etc... for the future.
You always sacrifice independence and self-sufficiency for a bit of convenience, whether it's accounts or milk. Not quite ready to keep my own cow yet, but I'm counting on my neighbor's one for my daily supply for now.
Here's the thing, Google already does this (https://support.google.com/accounts/answer/32046?hl=en). Also, I think it would be fair to say that the user shouldn't have accidentally deleted their account. Maybe the UI for multiple sign on isn't that great but account deletion is spot on. The page details exactly what account deletion will do and you even have to click a checkbox that says "Required: I understand that deleting this service can't be undone and the data I delete can't be restored." before continuing.
It baffles me to think that there are people out there that manage to do this "by accident" and then manage to wait long enough to be unable to restore their account "by accident".
I don't really understand how this process works. I use multiple accounts from the same machine every day. I'm usually signed into more than one at the same time. But there's no indication that the accounts have been "merged" to any degree, or there being a primary account.
The OP checked the "stay signed in" option when logging in to his or her Google account on another computer and all of the accounts that were logged in were listed in one menu. He thought Google had merged the accounts and ended up deleting his account.
The solution is simple, just click the sign out button and Google signs out all accounts that are configured to "stay signed in." Alternatively, he could have cleared his cookies or waited for them to expire.
Some people have been saying this is because of bad UX on Google's part. Google is kind of in a catch-22 situation here. They want to upgrade how multiple users check their Gmail on one browser but no one wants to learn how use their new system (I got frustrated when they introduced their new UI to compose emails and had to show a tutorial on how to use it.)
That's true, I have two-factor auth enabled, but I still don't like how other computers can easily steal my password. Besides, between my laptop and phone, I haven't had to log in on another computer in a long time.
You have to reenter the password in thirty days but you never need the second factor ever again (at least in some cases, which in security terms might as well be all cases). The important part is in fact permanent. I'm rather skeptical on the security offered.
Edit: I'm still looking for some kind of documentation for it, but I know this firsthand. I set up two factor authentication several months ago and chrome has not asked for anything other than the password since. I can even go into the two factor settings with only my password, which gives me complete control to make unlimited single-use codes, or authenticate a different phone, or turn the whole thing off.
There is no way for you to read the one time passwords. You can only disable them from dashboard or make new ones. The parent comment was about keyloggers, and the don't-require-two-factor-auth checkbox is for browser cookie session only. So there is no way for a keylogger to exploit the checkbox. The attacker can only know your email and password, not your browser's cookie data.
I was not talking about application-specific passwords. I was talking about the ability to make 'backup verification codes' which can be used anywhere a second factor is needed. Once they have your first login they have a permanent all-powerful backdoor to your account unless you go in and hit the button that resets all logins.
But more importantly, your threat model is rather urealistic. Why would you trust an infected and keylogged computer to not be able to steal something as unprotected as cookies? You're right that in some kind of situation with a 'pure' keylogger you're safe, but you could get the same level of safety by doing something silly like log in with an on-screen keyboard. I think such a narrow threat model is misleading.
In addition to this, Gmail puts message's subject in page title. Someone can check History and read your subjects. These can be quite revealing, for example when you're into some kinky kind of sex. I don't fancy censoring the subject each time I write a message.
I generally won't let others use my computers, since there's all kinds of stuff they could do. It's not uncommon (though not especially common) for someone to take offense; it really makes me wonder whether they realize what computers can do, or how much information about you is stamped into one you've been using for a while. My computer and yours are not interchangeable.
I upvoted you and I'm the OP. I couldn't think of a better title that didn't span an entire line.
("Use Incognito Mode when using a friend's machine or risk having your accounts stuck together"? Or maybe "Don't log into a Google account on a friend's machine without using Incognito"? It's a bit too late for me to edit, unfortunately.)
I would move away from Gmail completely but it's great for the search capabilities and Google Drive is really nice for a good enough doc suite.
One of these days when I get enough time I will download all my messages and just use Gmail / Drive as a container for archived info I want to be able to access from anywhere and use the Gmail search capabilities.
To the other suggestions, I would add that you should get your own domain name for your email to go to. That way you can switch the back-end service at any time.
If I know ahead of time that I might have to use a Windows computer that I don't own, I carry around a USB drive with Portable Apps and everything encrypted with TrueCrypt. I have been able to put together a pretty decent dev environment on a USB stick (except that USB sticks are slow.)
That's probably still asking for trouble though. You never know what someone might have installed on their computer. A separate browser as a portable app won't protect you from key loggers.
Once I wanted to delete one of the blogs I had with Tumblr and, in the end, without understanding what was happening, I deleted my account instead. I'm usually very good understanding workflows so I got really surprised by that outcome. It was also not possible to recover any data. I kept a diary there so it really sucked.
To everyone who says that using Incognito mode or a Guest account will fix the problem: yeah, most of us already know that. The problem is, most of us (HN readers) are not the average Google user. The average Google user is more like your granny. When she borrows Uncle John's tablet, she expects it to work just as if she had borrowed his lawn mower. Lawn mowers mow lawns just fine, regardless of who owns it. Why shouldn't tablets do the same, asks the average user.
In addition, the problem that OP describes is only a symptom of a much larger paradigm shift that (a) has been happening for a while, and (b) is in the interest of many Internet services to impose upon users, too. The idea is that a computing device only has a single user at a time. Instead of logging in and out all the time, you just stay logged in indefinitely, so that identification of a device suffices to identify the owner and everything you do on your device can be attributed to you. Logout means nothing if they can still track you with extremely-difficult-to-delete "evercookies".
The problem is, even today, most devices are only single-user 99% of the time. Ordinary people borrow one another's laptops, tablets, and phones all the time. Because devices get lost, stolen, damaged, or out of battery all the time. Because when your best friend buys a shiny new iPad X, she lets you borrow it for a couple of hours. Desktop OS's have Guest accounts, but they are often not enabled by default, and even when enabled, it's a hassle to switch accounts. So when a service is designed on the assumption that a device only has one user at a time, it works 99% of the time, but it fails in an ugly way the other 1% of the time.
When a cousin borrows your brand-spanking-new Android-based LTE-enabled DSLR (I don't know if such devices exist, but why not?) to take pictures on her trip to Hawaii, you shouldn't have to worry about having inappropriate photos of her automatically uploaded to your Dropbox and stay there even after she deletes them from the camera. Ditto for your Gmail app, any other app that identifies your device with you, and any web app for PCs that work under similar assumptions. Something is suboptimal here, though I'm not sure how it might be fixed without great inconvenience.
Newer Android tablets (with Android versions 4.2 or later) have what IMO is a pretty decent solution for the multi-user device. Of course like all things Google recently, the UI is "clean" which basically means "fuck you user... I'm an artist.. here's a plain white surface for you. Read a manual if you actually want to turn this thing on".
Ah perils of storing important documents on a free service. It's good only as long as it lasts. And since you are not a customer for the service, expecting them to do do anything to bring it back is too much to ask for.
With most paid services a user could also inadvertently delete their data irretrievably.
So I'm not sure you're drawing the correct conclusion here. It's more about whether there is a flaw in the specific UI around this functionality or insufficient warnings around irreversible actions. Without knowing what the user did it's a difficult call.
Google telling her that the files were gone and that there was nothing they could do translates to "why should we bother getting your files back for you?" (Obviously they can do it, but it would take a highly salaried person some time, so, no.)
But it would be even worse PR for Google to offer data recovery for money, because that would be admitting that it's possible, but that unless you pay you're not getting your files back. Much better story to claim that the files are just "gone".
I would never let alone log in under one of my logins on any machine, or log in under someone else's login, on a system which supports multiple logins. I mean, even on the shared home theater box, I have separate logins. Too many keys, dotfiles, etc.
This is precisely why there is a guest account on my computer that other people can use. It's fully sand-boxed in the sense they can't access accounts I'm logged into. It should really be enabled by default on all OSes.