I wish they'd let me recover my original -- I lost my TOTP generator, and the codes I'd written down in a paper notebook were rejected. I even hunted down the electronic copy in case there was a transcription error -- seemed like some failure in their systems was causing me to lose access despite having followed proper procedures.
Lost a decade and a half of correspondence dating back to my teenage years. I had imported my phone number I'd had since I was 16 into voice, and it doubled as my Signal number. I even had a Gsuite subscription so I could use their (admittedly decently) UI to power my firstname @ lastname dot com email address.
I will never use their services again, I was really digusted by this failure.
I had something kinda similar happen to my hotmail account. While I didn't lose access to it, I lost more than a decade of correspondence dating back to my teenage years. The reason was that Microsoft at some point required you to "login" once every 30 days. It seems they only counted logins through their web interface or something like that, so even though I was receiving emails daily, I didn't trigger a "login" in their system. They then deleted all my emails, but I could still login.
This happened to me ten years ago. A while later they did the same thing with my Minecraft login that I had purchased before the EULA was in place; I’ve avoided their services like the plague since then.
I still think about my lost address that I obtained when Gmail was invite only. My family still occasionally CCs it and it drives me nuts, I would pay money to at least have it shutdown so they don’t think I received an email. I had email forwarding to another address when stolen and immediately after it was stolen it had the weirdest messages, I tried multiple ways reaching out to google and it still bugs me I was unsuccessful. I’d love the their of my account to at least have it shutdown
Maybe you should send it enough mail to fill it up and the it would reject emails? Send a bunch of emails with large attachments and avoid getting marked as spam.
I got mine when it was invite only too, I had it a very long time.
I use protonmail now -- I think the "free" model enables providers to shrug and go "hey you don't pay us" (if there is support at all -- I've never been able to speak to a human about this issue)
>I think the "free" model enables providers to shrug and go "hey you don't pay us" (if there is support at all -- I've never been able to speak to a human about this issue)
I also have paid services a lot of money where customer service was nonexistent until I did a credit card chargeback or raised an issue with government regulators.
I'm trying to figure out exactly what I want to push my state legislature to encode into law with regards to customer service minimums that would cover anyone doing business in the state, free or paid.
I'm in the camp that paying makes you a customer. Inversely using a free service makes you a user, not a customer.
And as you correctly note, there I'd no "user service" department.
You can of course push for any law you like, but I expect laws protecting "users" to be toothless. Basically the TOS will boil down to "we can do anything we like" - which I guess is more or less what they say now.
I find it helpful to think of users as distinct from customers because it let's you understand the provider company motivations.
For example, Google's customer's are advertisers. Hence they cull services not conducive to advertising.
Most startups see VCs as the customer. Their business model is to sell shares to VCs in round after round. Seen in that light their attitude to users is rational and users only exist as props to VC sales.
VCs (and founders) are chasing an exit, which is usually acquisition or aquihire. Your use of the service will thus rarely survive the exit.
These are not things to be outraged about. They are all completely rational and predictable outcomes. When you use a service, these are factors you should evaluate.
> I'm in the camp that paying makes you a customer. Inversely using a free service makes you a user, not a customer.
I agree, but what do you do when a large player like Google kills the competition by making their service available for free? I used to pay for email hosting with good customer support. That company went out of business when free GMail wrecked their business model. I moved to another hosting service, which almost immediately went out of business for the same reason.
Something similar happened with YouTube. It's chock full of ads and/or subscriptions now because they subsidized it long enough to ensure competitors couldn't gain a foothold.
Thats not exactly a new question. Netscape would also like an answer.
Obviously the short answer, for you personally, is "nothing". You cannot affect either the closing business or Google.
The somewhat longer answer is that there are certainly other mail services that currently exist. So there are still options. And yes, those services will need to differentiate their offering.
[Some will no doubt mention the option to self-host. I did that myself for about 15 years. It's a lot of extra work to do that though.]
Obviously some services (like YouTube) are double-sided. Consumers go there because producers are there and vice versa. But, as you point out, even there you have choices - free with ads, or subscription. (Not that you'll get any "customer support" from Google.)
your paid email address would now always end up in people's spam folder by default, because the big 2 don't trust any email not originating from the big 2
I had this issue with my alternative account. Despite my main account being associated (not by recovery, I think this predates that feature), and most messages being forwaded to my main I was never able to successfully recover the credentials.
I had the same issue with my Hotmail address. I know the address and password, but Microsoft won’t let me login. And they ask ridiculous things like, what emails are in the inbox. I haven’t used this address for 20 years, I just want to access the Hotmail address from when I was a teenager.
Yes, but you are unlikely to have your PUK code (its on the card you got your sim with) if you have also lost the sim.
Its a much more losable bit of plastic, and without it (or a contract) why would an operator give you the PUK code for a number they can’t prove you used to have access to? It would be impossible to tell if you are trying to steal someones number.
> I will never use their services again, I was really digusted by this failure
Isn’t this inherent to not choosing an (EDIT: external) account-recovery method?
The flip side to allowing account recovery at Google’s discretion is lessened security for everyone. (Obviously not black and white. And I agree Google should have flexibility for old accounts. But it’s an odd thing to reject a major provider over.)
You can have all the right details and recovery methods but if at some point they request you to provide the code they sent to the phone you don't have for the last 10 years......... That's it.
> if at some point they request you to provide the code they sent to the phone you don't have for the last 10 years
AFAIK once 2FA is up, you can remove your phone number from GMail.
I know it takes time to set up a recovery account (in case the account is inactive for x months), to remove a phone number, etc. but if one's GMail is important it could be worth doing both now if it hasn't already been done.
You will eventually be forced to re-add it at some point.
The point is (it's not my account) that unless you religiously update the phone number in all your accounts you will at some point lose access to some of them despite being able to prove with all the other details it's you who created and used them.
Just because.
Because phone number is a very valuable identifier for the ad company.
They did have a method to recover their account that they tried, though - they said that they used the account recovery codes, but that they were rejected. (Those would be the codes that Google gives you when you initially set up 2FA.)
When I first got the account, my cell phone was a recovery method. Later in life I imported the cell into google voice... thus when the recovery codes failed, there was no other option.
I had email address X (gmail) that I hadn't logged into for a long time. One day I tried to log in to it. Correct password, but Google, for some reason, simply decided there's something suspicious about my login and blocked it. X had Y as the "recovery email", and I had access to Y, and I indeed received an email from Google sent to Y that it blocked a suspicious login to X. However, THERE WAS NO WAY TO USE Y TO GAIN ACCESS TO X. Google simply did not offer that option for X, and I had no idea why.
Google doesn't allow you to recover a Google account using only your recovery email address. Despite its name, the recovery email address is not used to recover Google accounts AFAICT, it's only used to receive notifications about security-related events.
I am fearful of losing my first.last@gmail.com and last.com access presently. Any Google Wallet/Payment folks that might help me..? Please see email in profile if so. Would really appreciate it.
Story is I started a new job. I tried to add a corporate address for a corporate card to Google Wallet. This tripped some security indicator requiring me to upload government-issued ID.
I did so twice without it working despite first/last/address match. I have tried also submitting an employment verification letter with the corporate address. Haven't heard back on the last attempt.
I have also written but I have low hope that'll work. (Update: Nope, "Billing and Collections" isn't "Payments" but at least they wrote back).
Because of the incomplete verification, all Google service payments are rejected right now. I am presently frantically emptying my Google One storage to get back under the free tier before my paid One subscription runs out. Literally, because I cannot submit a $2 payment I am right now removing attachments from 20 years of correspondence.
This stinks. I just need a human to review what I submitted given the above context. There should be some middle ground between rejecting a new credit card address and de facto locking down someone's entire collection of Google services via manufacturing an inability to pay.
> I will never use their services again, I was really digusted by this failure
Was there ever really an agreement that they'd be storing your cherished memories for decades? I still treat email the same way I've done since the 90s. Your email provider is just a cache but you download and backup the messages yourself.
Hopefully this has been a wake up call for you. If you care about data then you need a copy that you control and have a good backup plan.
1. You have to own that domain forever, until or at least until you're 100% confident that an email intended for you will never be sent to that domain ever again. Even then, there are security risks with giving up the domain.
2. You give up some privacy. You can use mailbox aliases but it doesn't really matter if all the mailboxes are tied to a domain registered to your name and address.
1. A little money solves this. You can register for 10 years at a time. Any decent registrar will blow up your email near your domain’s renewal date regardless of renewal status.
2. Whois privacy solves this. Free from any decent registrar.
Doesn't completely solve the problem. You now have to pay per (unaffiliated) alias since each requires an independent domain. You also become extremely vulnerable to data breaches because rather than learning that foo@provider is john.doe@provider with IP xxx you instead learn that foo@domain is John Doe, phone number, street address, credit card, etc.
This issue goes far beyond email alone. The ICANN domain system effectively rents a string out to you on a temporarily basis and mandates that an Impressum be attached to it. It's a deeply flawed scheme when viewed from the context of both historical hacker culture as well as the fundamental values of a free and open society.
You can usually setup several domains. Some domains are very cheap to register, so you can register some inconspicuous, universal, email provider-sounding domain and add aliases at will.
For (1) you can prepay i think up to 10 years? And every year you just prepay 1 year again and you will have 10 years to remember that you forgot to pay a domain registration bill.
If you use a password manager like Keepass, you should still be able to log into your other accounts if you lost access and at least with financial institutions you can call, ask that no changes be made with without coming into the branch and showing ID.
Yes, but many companies will also drag their feet, refuse for "security reasons", or you'll just never be able to reach them in the first place because their only support is an AI concierge that tells you the same thing over and over.
As an example Anthropic and OpenAI don't let you change your email address.
If you use a password manager like Keepass, you can put your TOTP into it as well. With both a password and a keyfile it's still two factors, technically.
Realizing this is why I bought my own domain name and pointed the mx records at Gmail. This way I can change it to different mails servers if needed, even self hosted. One useful thing you can do is configure Gmail to forward mail to unknown address to a known one. So I can create addresses like Facebook@ultrasane.com or Amazon@ultrasane.com, etc
I'm mystified why technically competent people keep their email in the cloud. Do they never find themselves unable to refer to an email because they are not connected to the web? Isn't obvious that you risk losing everything if the provider goes bankrupt, there is a glitch in their system, or they change the rules?
I use Thunderbird on my laptop precisely so that I have a copy of all my email. I can consult it while offline, I can switch providers, change my mail address, without losing anything and without having to rearrange anything.
Works for google (should!) but man there are some platforms that don’t expose the Totp code, or let you redisplay it! Sometimes they make you remove the old one before you can make a new one, too.
I stopped using webauthn for this reason, plus the fact requires a ton of intrusive browser features and access. This surely will enrage most readers, which itself reveals an interesting conditioning that has taken place.
Print or print to pdf works but feel terrible leaving pdf and printed QR codes around when I have an actual handful of HSM/security dongles in that very same desk drawer :(
Whoa, I noticed something similar. I was updating my password or something a few years back and decided to test the backup codes too. They didn't work. I don't know what went wrong but that got me worried a bit.
Try contacting their support. They did help me regain access to my late 90s angelfire account, even though the original email address I had used was long dead.
> I will never use their services again, I was really digusted by this failure.
Without such measure anyone with your password could "reset" your 2FA.
The solution to "I may lose my 2FA" is not to make GMail a 1FA: it is to configure beforehand your GMail so that if your account is inactive for 6 months, access to your account is given to a person of your choice. It's so that a death spouse (for example) can eventually access the account.
Lost a decade and a half of correspondence dating back to my teenage years. I had imported my phone number I'd had since I was 16 into voice, and it doubled as my Signal number. I even had a Gsuite subscription so I could use their (admittedly decently) UI to power my firstname @ lastname dot com email address.
I will never use their services again, I was really digusted by this failure.