I think what's even more horrifying that isn't mentioned in the article is how many services use email as a form of user authentication.
If you lose access to your gmail account, you also lose access to changing your password on any service that makes you do so through an email link - I know of some services that don't even let you change your account email without clicking on an email authentication link.
So not only is there the always-lingering possibility of losing your google account to automated shutdowns, you can also lose access to services that you use that use authentication through email, quite an uneasy thought.
Unfortunately though, it's poor practice to let a user change their email address without first sending a confirmation email. If you don't confirm the action before making the change then bad people can lock out the true owner of an account simply by being logged-in.
Accounts can only be some of identity's credentials. You are not your email address (and you should never be considered so), but your email provider can optionally act as one of trusted third parties who can assert your identity. Not the other round.
Also, you can't really own a domain name — you can only rent it from your domain registrar, in almost a same manner you rent your email account. And the idea of paying for keeping my own identity somehow frightens me.
Well, if possible, I'd really prefer to actually posess my identity (like I possess my GPG keypair) and be the authoritative source of it, not lease it.
I really don't want others to define who I am, and prefer them to merely assert my own definition of myself.
Unfortunately, modern trends of the Web is to make things work in exactly the opposite way.
(Original comment was edited from one-liner to a more verbose explaination.)
The problem is that by all measures, Google is the most reputable provider... of course there are some problematic stories from time to time, but they probably happen also with paid providers, just that you don't hear from them so often because there are less people using paid providers! :)
You can always point your MX records at another server, if you have your own domain + gmail. Still sucks (and doesn't serve everybody), but it's an option if the worst happens to your account.
I make it a point to have my emails on my own domain. I use Google Apps and then use my own IMAP backup app (http://thehorcrux.com/). In case something goes wrong, I intend to move providers and restore the emails back.
There are also a few command line tools like http://gmvault.org/ if you love tinkering.
The most interesting part was the reason he believes the account was suspended. He was working on a spreadsheet containing usernames and passwords. If that's really the case, it means some automated system scans not only your email, but documents you work on, for things like password lists, and right away assumes you're up to no good, killing your account. Scary.
There's also the question of whether the original poster was telling the truth, or even told the whole story. If for example, the spreadsheet had a form for the entry of usernames and passwords, and someone came across it (maybe because it was e-mailed out to lots of people), and reported it as an attempted account phishing form, that would certainly explain an account getting suspended for an TOS violation --- and as far as I know, someone who is trying to use their Google account for phishing doesn't get escalating warnings... and I think most people would agree with this.
Should still get better recourse than tapping people you know and crossing your fingers for six days. Even if it's a paid expedited review, though that obviously is a flawed suggestion.
I know our consulting company for 2 years kept a sheet of logins as do most agencies so I find that hard to believe... However, I do recall getting my Adsense account banned for click fraud - which really sucked but it was true that I had my friends all click my ads and that my site was basically just ripping off pop culture content with naive hopes of getting rich quick - ah the 200's. so no suprise it got banned.
The thing is, if Google actually gave some kind of explanation, there would be no room for speculation. They're the one opening to the craziest speculations are rumors.
In many cases, companies cannot give explanations for such actions. Either because they'd be sharing private information, or because they'd be helping spammers/defrauders/... to figure out detection systems.
That's a good point, but then there is the question of trust. 2 years ago, I would not have believed it. Now, I am not sure. Google has done many things I consider fishy and unethical so I am more likely to believe allegations against them.
But the reality is that people need to start diversifying or risk:
"A few minutes into my Google-less existence, I realized how dependent I had become. I couldn’t finish my work or my taxes, because my notes and expenses were stored in Google Drive, and I didn’t know what else I should work on because my Google calendar had disappeared. I couldn’t publicly gripe about what I was going through, because my Blogger no longer existed. My Picasa albums were gone. I’d lost my contacts and calling plan through Google Voice; otherwise I would have called friends to cry."
Google wants people to trust the nuts of bolts of their lives to their servers, yet they cut off access to everything the moment they suspect that a user has transgressed. I can't be the only one that doesn't think this is reasonable.
At the very least, you should still have access to the Google data export for your account, even if the account has been cancelled for some reason.
Definitely a reason I have always paid for Gmail/Drive before it was that. But the actual reason is quite scary why it triggered the issue:
"My data was intact save for the last thing I’d worked on–a spreadsheet containing a client’s account numbers and passwords. It seems that Google’s engineers determined this single document violated policy and locked down my entire account. My request to get that document back is still pending."
So you can't keep files you need to secure in Drive? Blown away by this. And the access to the entire ecosystem based on one document. This is not good. With that logic if there is a DCMA request or problem with a video on youtube the whole site should just shut down.
If this file is indeed the cause of the account closure... what happens if you're using a Chromebook? Then not only do you loose access to that computer, you are restricted to what kind of content you can create and store on your computer.
It's plausible. I've personally seen phishing done via google docs. And, at one point, Oxford blocked google docs because of phishing. So phishing via docs is probably a common occurrence.
To combat this, I wouldn't be surprised if Google had software that tried to detect this (maybe look for spreadsheets of username/passwords), and shut down the accounts associated with it.
Spreadsheets of usernames and passwords are very common - many companies use this to share access internally (not that that's a good idea, but that's a different topic). I've talked to dozens who haven't had their Google accounts shut down. I'd be truly surprised if this was the only reason for the ToS violation.
I'm more appalled that he's storing his client's account passwords in a spreadsheet. It's ridiculously easy to accidentally share the wrong doc with the wrong people.
Isn't the deal with Google Docs that you can revoke that access a second after you realize you made the mistake? Unlike, say, sending the doc as an attachment?
What would be the best practice way to do this? Everyone could store a list in an unconnected way but it becomes an issue when passwords are changed and new entries are made to the list.
It seems extremely unlikely that you could determine the problem from "the last thing I'd worked on", and it seems even more unlikely that a spreadsheet with (barring any additional information from this story) account numbers and passwords would auto-trigger a shutdown: there would be so many false positives that most people would have had their accounts closed by now.
It would be nice if Google, when they threw you out, let you download a glob of your data. That would make the thing a lot less painful for most people.
> Google told me for the first time that it reserves the right to “terminate your account at any time, for any reason, with or without notice.”
No one reads the ToS / AUP, but this shows why it's a problem. It was not the first time Google told this guy; he was told in the legal documents that he agreed to when he signed up.
Yes, Douglas Adams had it right.
> "But Mr Dent, the plans have been available in the local planning office for the last nine months."
> "Oh yes, well as soon as I heard I went straight round to see them, yesterday afternoon. You hadn't exactly gone out of your way to call attention to them, had you? I mean, like actually telling anybody or anything."
> "But the plans were on display ..."
> "On display? I eventually had to go down to the cellar to find them."
> "That's the display department."
> "With a flashlight."
> "Ah, well the lights had probably gone."
> "So had the stairs."
> "But look, you found the notice didn't you?"
> "Yes," said Arthur, "yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard'."
Back it up on hardware you own. You can buy multiple terabytes at low cost, you can use duplicity/Deja Dup if you want secure remote backups (on a server of your choosing), etc. You can send people files without having to rely on any specific service provider -- there is email, there is rsync, etc. It is cheap and easy to set up a file server and dynamic DNS, assuming you have a broadband connection (surprisingly many people do not, but that is a separate issue).
The problem with these web services is that they allow a single service provider to screw you over on a whim. Why put yourself in that situation? Why leave yourself vulnerable to unscrupulous competitors and governments who might try to copy your files without permission, because some service provider was more concerned about complying with warrants and monetizing your data than about security? Stay in control of your data, and you will not be posting these sorts of stories to HN.
I think there is a much bigger issue here than the theoretical storage solutions. Everything you said is indeed entirely possible for most HN-readers and tech people but I sure can't talk my mother into switching to dynamic DNS and rsync.
The only reason there was a happy ending to this story was that this guy was connected enough to know how to contact someone at Google, what about the other 300million users who barely know what OS they are running? There needs to be some kind of restructuring to protect the public, whether its simple awareness or legislation.
This thing happened to my ex, although it's more likely she did the wipe. She had her home machine and two office machines synched with DB, and her stuff was gone at home and Office One. We went to Office Two, disconnected from the net, turned the machine on and copied her data to USB.
I'm running mine off a Synology DiskStation that sits at home. Mobile clients for Android and iOS. Sync clients for Windows, Mac and Linux (plus source code if you want to write your own): http://owncloud.org/sync-clients/
You could point OwnCloud at the same folder as Dropbox. Both monitor the same folder. Double backup.
Any serious amount of data storage requires a hard drive (as opposed to flash), and hard drives are quite fragile. If you drop one on a hard floor it's probably done. And with time they fail for all kinds of other reasons. They are mechanical devices.
I seem to have had better than average luck with hard drives; it's been about 20 years since I've had one die while I was still using it. In any case, yes, I rely on a great big hard drive for backup, but it sits on the bottom shelf of a large cabinet; it's not falling any distance onto anything.
What's more important is that I know exactly where it is and who has access to it, and I will continue to have access to it as long as I keep on feeding it electricity.
It seems strange that Google wouldn't have a policy of issuing warnings, escalating warnings, etc., before taking the drastic action of suspending an account. Without knowing the exact reason this person's account was suspended, for all we know it could be a complete glitch.
There was no TOS violation, just an algorithm gone wild.
This happens to me all the time but with Google adwords
- Google Adwords tells me not to run more then one domain in an ad group then suspends the ad group... that has only one ad in it. Takes a week for Google to undo their suspension.
- Google Adwords suspends an ad, support says that during the signup process there should be a page that links to competitors with a comparison of prices as features. Sort of like going to a K-Mart but once your at the checkout the checker says "you shudda gone to Wal-Mart sucker!" (to save a dollar). Takes a week for Google to undo their suspension.
etc and so on. If you spend 20k a month or more with Google adwords when Google wants to give you pain they find very unusual ways to do it I presume to mess with your click history to force you to pay more, so Google quarterly profits go up. I presume this happens throughout Google's products.
For an individuals it's overkill buy at work we use something like this :
* We use Google/Gmail only for mail hosting, not for calender or cloud storage.
* Google apps with our domain.
* We have also an account at Yandex.
* DNS service from DynDNS, MX ttls set to 3600 seconds (1 hour, it could be less)
* For virtualization, we have a i7 machine with 2x1 TB disks (Raid-1).
* For webmail, calender, sharing etc we use Zimbra ( open source version ).
* Everyone has an internal email ( x@office.domain.com ) and external gmail account. Zimbra syncs itself with gmail.
* When somebody sends email , depending user, zimbra send it using gmail or relay.
* At 3 a.m. system automatically shut down Zimbra , takes backup on usb 3 hdd (~100Gb, arround 40 mins) and brings up it again( I know, there is a room for improvement, like rsyncing /opt/zimbra directory ). We change usb disks everyday or two and store other disk at somewhere outside the office.
So,
- If Gmail "dumps" us, we can change our MX to Yandex, stuggle couple hours and then continue to work.
- If local server burns, users can continue to work using Gmail while we build & install new one.
We tried rackspace email hosting but it had problems ( some mails doesn't delivered, some incoming mails lost etc ). Fastmail was/is expensive comparing current infrastructure and it could be viable if we have more than 30 persons.
P.S. : I'm not saying this solution is perfect or it's the only way to do, i'm just sharing.
When G+ was announced I realised the implications were I to do anything on the social side that risked the account... loss of access to email, calendar, documents, etc that go back more than a decade.
I made a choice that day and I still stick to it:
I split my Google identity.
My original Gmail account is still in use and I use that for anything social, for any settings and preferences... i.e. the non-essential stuff: Google+, Chrome Sync, Android Play Store, and Google Currents.
A Google Apps account deals with anything that I care to keep and is on my private domain: Gmail, Calendar, Contacts, and Drive.
I then used sync control in Android to turn off everything that each account won't use. And in Manage Domain on the Google Apps I disabled G+ and anything social.
For me it's a risk limitation exercise.
Should Google lock my Gmail, I lose things I don't care about. I keep backups (Gmail offline + Grive) of my Google Apps domain, and should that get locked I can change the DNS, setup my own email and restore the backup via IMAP.
I get to benefit from Google services without a large exposure to risk should something happen.
I think we need a paid email provider, someone who's sole business is to provide email services, and maybe a calendar. Someone who you can host your own domain with and someone who's mission it is to ensure their customers have privacy, security and can rely on their services. Someone who doesn't just guarantee their services for as much as you pay for them but someone who is willing to put their ass on the line to prove that they're a good provider.
Sure, you could just set up your own email server but why go through the hassle? There's a real opportunity here, my mother doesn't know how to set up her own email provider, neither does my aunt. A good email provider will make it really easy to do everything related to email with advanced spam filtering capabilities and will run a very tight ship.
Actually, getting a paid email account is easy. Just about every hosting provider out there also offers an email address.
Web access is usually terrible though. If you're lucky, they provide roundcube, which is ok, but certainly inferior to Gmail. If you use IMAP and some desktop client, this might not be a problem.
The hard part is the calendar and contacts. I don't know of any CalDAV or CardDav provider. Your best bet is probably some hosted Exchange solution, which provides ActiveSync.
Kinda sucks that Google makes type 1 errors occasionally. OTOH, you keep sensitive data from your users in your personal gmail account and you're not paying for support? You crazy.
You should not rely on services you're not paying for and don't own for your daily work. :-/
My point isn't about the nature of the data that was stored, my point was the economic reliability of the tool being used to store it. In other words, you want the provider to have some significant incentive not to screw you if your livelihood depends on it.
It's a calculated risk. Chances of this happening to any given person so far has proven to be almost infinitesimal, so people (rationally) don't care and treat GMail like they treat electricity.
But yes, if this indeed happens to you and you were depending on Google services for your work and life, you're completely screwed.
Sometimes I feel afraid of this happening to me, but I don't know where to move some of my data to, as every other mail/calendar service I know sucks hard in comparison to GMail and Google Calendar.
Enterprise apps accounts are pretty cheap compared to your average business expense. Not speaking as a googler, just a concerned fellow hacker. That might not perfectly insulate you from risk, but I guess (again, without any internal knowledge, I don't work on this stuff) that it cuts it by another factor of ten or more.
Because I believe P(service available to me | I'm paying for it) is higher than P(service available to me | I'm not paying for it) for most services where both are an option. I'm not going to go into all the reasons for that belief. I'm sure you're a creative person and can guess some of them. Suffice it to say that I think there is some reason to believe it. If you don't, by all means run your important business processes off of charity-ware.
It's not as clear cut as the P vs P you make it be, anyway. In many cases you're better of with Google that with some _small_ paying service your paying $20/month to use, merely because Google has more money/people/tech to spend on making the service better, avoiding to fall under, etc.
As for paying a _large_ company to their service, well, if you're like 0.001% of the profits of the service you're paying for, you're not much of a customer with influence, no matter how much you pay. And in most pay-for services you are just that, a small decimal percentage of their business.
Now you could count on your interests aligned with the other customers (so that they could not annoy you without annoying a large percentage of their users) but there lots of cases where that's not the case.
I'm not sure what kind of fallacy it would be that I make decisions based on my rationally derived probability estimates. If there is such a fallacy I would love to hear about it.
>I'm not sure what kind of fallacy it would be that I make decisions based on my rationally derived probability estimates. If there is such a fallacy I would love to hear about it.
The fallacy that those are "rationally derived probability estimates" instead of numbers pulled out of one's arse in the first place.
What gave you the impression that putting random intuition numbers on the P(paid)/P(free) boxes makes it "rationally derived"?
If you didn't do that, what's your methodology, and where are the source numbers of your empirical research one the matter?
>> Are you talking about intuition numbers, or random numbers? They are fundamentally different things.
> Not if your intuition is based on random feelings and thoughts instead of "empirical research".
Actually, "random feelings" and "random numbers" really are different things. A random feeling occurs in the context of a particular individual's possible spectrum of feelings, a small subset of all feelings. But by definition, a specific random number must spring from an infinite set of random numbers to meet the technical meaning of "random".
Whether or not you actually will sue, if you paid for services you have the power to sue (on the contract for services). And Google knows that. That gives you leverage that puts you in a much better position to get someone at Google to pay attention to your account.
If you didn't pay for services, you can't sue. You didn't give any consideration, so there's no contract you can enforce against them. (That's for common law jurisdictions; don't know about elsewhere). They can more or less do what they like. And Google knows that, too.
Seriously, why does ANYONE use anything other than Google Search and Analytics? Why do you willfully choose to expose yourself and your business to what they can do to you? From the article:
"A few minutes into my Google-less existence, I realized how dependent I had become. I couldn’t finish my work or my taxes, because my notes and expenses were stored in Google Drive, and I didn’t know what else I should work on because my Google calendar had disappeared. I couldn’t publicly gripe about what I was going through, because my Blogger no longer existed. My Picasa albums were gone. I’d lost my contacts and calling plan through Google Voice; otherwise I would have called friends to cry."
And that list of losses can be expanded if you use other Google tools.
Personally, I just don't get it. I was using various forms of email before Google even existed. I settled on Outlook and self-hosted email on Linux a long time ago. Oh yes, MS Office for docs, calendars, etc.. Perfect? Nope. But nobody can flip a switch and take it all away overnight.
I simply could not fathom running any of my businesses with this kind of daily risk. Any one of your employees could trigger a Google account shutdown and cost you dearly.
What's the problem here? Are MS license fees too expensive when compared to loosing all of your data overnight?
As for the other non-MS Office services offered by Google, well, there are tons of alternatives, free and paid.
I was lucky enough to learn this lesson about three years ago when a client's account was shut down merely for moving about two hundred domains to a an "AdSense for Domains" service they used to offer. Bam! Three days later their entire account is shutdown, AdWords, AdSense, Gmail, Docs, everything. Wow. New user too.
From that point forward I made a few decisions I have yet to violate:
- Use Google Search if you must
- Use Google Analytics if you must
- Use Google AdWords if you must
- Do not base a business on Google AdSense.
Your entire revenue stream could evaporate overnight.
- Do NOT use ANY OTHER Google service, no matter how enticing or
convenient it might be. Consider what the cost to your business
might be if that new sparkling offering on the table
is pulled away without notice or recourse.
- Do not build a business on a foundation someone else has full control over.
So far, so good. Email, documents, backups and collaboration existed just fine before Google was even an idea in someone's head. Don't be lured into something that can kill your business and cause you personal financial damage.
If I were running an investment firm I would have a clause in my contracts requiring that no business-critical services are to be hosted by Google on any companies we'd invest on. Talk about playing with fire. Invest millions into a venture and Google pulls their data backbone from right under them? Crap! Screw that.
This reminds of a story I've read about (big) companies and electricity: At the start of the 20th century it was typical for companies to produce their own electricity. The concerns where basically the same as they are now with Internet services: Your business depends on another company; what will you do if they close down? Or throw you out? And what about the transmission - I've heard the net is not stable? and so on. So, what did change? Trust. Electric companies invested heavily in various areas:
- Reliability. The electric transmission net was shit at this time. Blackouts each week, sometimes each day were typical
- Cross-transmission i.e. a shared transmission net instead of one net per provider, so you could switch without much hassle if your provider failed you
- Better contracts to guarantee that you will get your electricity and that a company cannot dump you without notice
All of this parts worked together to convince companies that electricity was no longer something you had to do yourself, but something that could be provided by someone else.
As far as I can tell Google tries to be the outsourcing address for various (all?) net related services which have been done "in house" in the past. The problem seems to be that they fail in the areas highlighted above. As long as this doesn't change many companies will be hesitant to trust Google with services they depend on. And maybe posts like the OPs (and robomartins) show that they are correct in their assessment.
Given that there is common law "duty to serve" protection, how is it that many electric utilities are now offering discounts in exchange for installing devices that give them the power to throttle your air conditioner during a heat wave?
Probably nobody's challenged them on it, and moreover if they did there'd be the counter-arguments that it's voluntary and that throttling the A/C enhances their service by preventing brownouts.
Can you suggest a viable alternative to Google Mail? I'm feeling uncomfortable having all my mail in Google's hands but haven't found an alternative yet.
Dovecot + Roundcube hosted on a cheap VPS, with Thunderbird (on the Desktop) and K9Mail (on Android) as client works pretty well for me. Dovecot 2.2 implements several new IMAP extensions, so you can do serverside fulltext search, threading and push of incoming mail, and with some work[1] it should also be possible to sync your contacts and even a calendar with your server (I must admit though that I haven't tried that yet).
The only thing left to be desired is support for tagging in Roundcube. Thunderbird has it, but it would be nice to have it in the web interface, too. There's a ticket for it in the Roundcube tracker[2] but it doesn't seem to receive much attention yet.
Personally I hope that with the recent closures of Google services more people choose to run their own services with free/open source software. With VPSes and modern tools this is cheaper and easier than ever, and if we want the web to remain free and open, it's much better to have some diversity and decentralization, instead of placing everything in the hands of Google and Facebook.
I've had terrible trouble with SpamAssassin in the past; can you share an effective config, and are there pre-built spam/ham databases around so you don't need to go through the entire training process?
Are you checking RBLs on a regular basis, or is an SPF record and a reputable VPS provider enough to keep you off blacklists?
Any other tips for someone wanting to try their hand with a VPS + Dovecot + Postfix setup (assuming a Linux sysadmin background)?
I use the sender/client/HELO restrictions from Postfix to block misconfigured spambots (no FQDN HELO etc.), and a custom rule to block submissions where the sender domain equals to one of my own domains. This alone catches quite some spam, for the rest I use the NixSpam RBL[1], which has a very lenient policy (only IPs actually sending spam are listed, with a TTL of 12 hours, so false positives are pretty rare, while still covering the major botnets).
Usually less than 5-10 spam mails per day survive with this config, which is acceptable for me, I view it as a typical 80:20 solution and don't want to lose potential customer communication anyway.
Regarding outbound mail, in my experience it is sufficient to have a clean IP from a reputable provider with proper reverse lookup to have most sent mail go through. I don't check RBLs regularly but I did once when setting up the server, since sometimes one can get an IP which has been burnt by a spammer before. For a quick check whether everything is configured properly I recommend using the email check of webcheck.me[2], while not covering every single aspect, it gives starters a good overview where they can improve.
If you want to host a blog or personal site in addition to e-mail you should definitely have a look at Froxlor[3]. Froxlor (fork/successor of SysCP) is a lightweight control panel which allows to add domains and mailboxes through a web interface, without taking over your whole /etc (like Plesk or cPanel). Even if you don't use it in the end, the suggested configs contained in Froxlor are a good starting point.
Anti-Spam-SMTP-Proxy (ASSP) (written in Perl) does wonders for me with a minimal tweaking. My own account`s Inbox has less spam than Gmail`s "Spam" folder. And that's considering my e-mail is scattered all over the net (thanks to the WHOIS).
I use Google Mail, just with my own domain (via Google Apps). It's a painless setup and if anything had happened to my Google account I can host the email anywhere else in seconds. But for now I don't have to worry about setting up VPSs, mail daemons and whatnot...
(Of course I have to keep a backup of all the mail, but that's as easy as having some client download it.)
Way to go! At Cozy cloud(https://www.cozycloud.cc/) we are developing an open source personal cloud platform that you can self-host and assign your own domain.
Right now we already offer backup of your email address but we would like to offer a good web-mail alternative.
Have you got suggestion for a Node.js mail client we could cook in?
Same here.
I guess there is no alternative that can match GMail in terms of abailability/reliability, features, spamprotection, 3rd-party support etc.
Would be nice if there was some community-driven, non-profit alternative available for such basic, albeit important things like email though.
While playing around with gmail, I found out that you can send from any smtp server emails to gmail pretending you are someone else's gmail account. There is no way of seeing from gmail that it isn't the trusted sender. The fake email is associated with social details from the real account.
Weird right?
I use Zoho, but for my low-volume personal account.
The main difference with Google is, I think they'd like to take my money :) and have customer support. If the need arises (hopefully some of my plans take off), I'll gladly pay them.
get one of those Seagate GoFlex NAS and just install Arch Linux ARM and setup your domain and mail servers with it. Your data is saved with you portably.
>Seriously, why does ANYONE use anything other than Google Search and Analytics? Why do you willfully choose to expose yourself and your business to what they can do to you?
A. Does anyone have a valid story were the user actually lost everything, for good?
B. Assuming it's possible the risk of catastrophic failure by losing Google can still be lower in a risk assessment than the cost of redundancy or of making each part independent. Especially in a startup where there is already risk everywhere.
People use it because the products sound neat, and there's no friction, and then they keep using them because there's friction to move away.
"Free email, with 1 GB of email storage? Neat". "Nice fast web-browser, nice features? Neat!" etc etc.
People on HN do AB testing for button colours in an effort to reduce friction to the lowest possible. It's not that surprising that people think "it wont happen to me".
See also people who never make backups until they learn the lesson that first time they lose everything.
This reply is becoming generic here, and has a lot of truth in it. It does ignore however Google's part in actively and quite insistently tempting users to adopt its services.
1) A hands-off, hassle-free service that connects to all your Google 'properties' and backs up everything every hour, on the hour, and allows easy importing into a selection of similar replacement services if/when the Googleplex smites me down.
My Mac app, CloudPull, closely resembles that description. It runs in the background on your Mac, backing up Gmail, Google Contacts, Google Calendar, Google Drive, and Google Reader. It performs backups every hour, and keeps snapshots for 90 days.
Any plans for a Linux port? Seriously, I'd love to pay you, but don't do iAnything (and for much the same reasons that I don't trust Google with much of anything these days.)
* Buy a Synology NAS
* Buy a domain name
* Setup a mail server on your NAS (you get Roundcube in 2 clicks)
* Forward emails from gmail to your home email
* Backup to Amazon Glacier (in a few clicks on a Synology)
Now when a problem arise, just stop using GMail and use Roundcube directly.
Probably the author would have been interested in an article which I didn't finally publish ;) ... here are some (not always good ;)) Google alternatives
Search: DuckDuckGo, Bing, Ask, Wolfram Alpha, Yandex, Baidu
Scholar: TODO
Patent:TODO
Image: Bing
Shopping/price compare:
Photos (Picasa): Flickr, SmugMug
YouTube: Vimeo
News: Yahoo, TODO
Mail: Yahoo, Hotmail, Thunderbird, Fastmail
GDrive (storage): Spideroak, Dropbox,
Documents: Microsoft, Zoho, OpenOffice
Calendar: Zoho, Hotmail, AOL Calendar, 1Calendar, Outlook, Thunderbird, 30 boxes
Chrome (Browser): Firefox, Opera, Safari, Chromium with Chromatic
Google+: Facebook, Twitter, Identica, Diaspora, LinkedIn, Foursquare
Maps
routing: OSRM, Bing (=Yahoo), MapQuest, GraphHopper ;)
local search: Yelp, Bing (no API!)
mobile: TomTom
Google Streetmaps/Earth: Bing 3D
News: Netvibes (full of google search ;)), Yahoo, Twitter, breakingnews
Reader: Netvibes, liferea (Linux only)
Alerts: Netvibes
Translation: Microsoft
Analytics: Piwik
AdWords: TODO
Google Books: nothing found!?
Google Sites: Wikispaces, Zoho
Google Talk/Hangout: skype, talkyoo
Blogs: Wordpress, tumblr
Code: GitHub, SourceForge, BitBucket
Groups: SourceForge
Checkout/Wallet: TODO
Google Apps: Amazon
Speech Recognition: Nuance
Google Voice: PhoneBooth
Google TV: Apple TV, Samsung, LG, ...
Chrome OS: it's Lubuntu!
Smartphone (Android): iPhone, Nokia, BlackBerry, Ubuntu
Play Store: Apple Store
music: spotify, itunes
Self-driving car: BMW, Audi, Volvo, Mercedes-Benz, Toyota, Nissan, ...
Parts of those information through lifehacker
ToDos for Google: Offline routing, Own Games, Porn, Ebay, Amazon clone
If you are an Android user, in this situation you also lose access to all the apps that you bought from Google Play. Many developers only release their software through Google's app store, and for paid apps you cannot make backup copies of the APK, at least if your device isn't rooted, which it isn't for most users. If you are an Android dev, please also make your app available through other stores.
You can download some of your Google data using Google Takeout. It’s far from complete, but if you’re still using Google services, it doesn’t hurt to download a backup once in a while.
The problem is that if your account is disabled, it's unlikely you'll be able to acces Gmail, IMAP or otherwise. I think Takeout has an exception so that it works even when your account does not.
It supports Gmail, Google Contacts, Google Calendar, Google Drive (formerly Docs), and Google Reader. By default, the app backs up your accounts every hour and maintains old point-in-time snapshots of your accounts for 90 days. All the data is available in standard file formats.
What a terrible article...
If the data sets do not match then there is no redundancy.
The Unix command line has a wonderful tool called "diff," which compares files line by line.
Or, there's Git, which is even better.
What I'm getting at is that we are the first line of defense when it comes to our data.
I'm sure you've heard the colloquialism, "don't keep all your eggs in one basket?"
Lost count of how many times this was mentioned, but it bears repeating still :
You don't own what you can't control. Even if your name is on it, even if you've given it to everyone, even if you use it on a million other accounts as a means of access and an identity, you don't really own it.
This is why, I still keep a contact@domain for professional work while saving all my personal stuff on Gmail locally via POP.
The nice thing about HN (or the bad thing; depends on your perspective) is that it doesn't need an email. I wish more watering holes were like that. Alas, people are flaky with passwords and need resetting from time to time.
If it was based on the content of a document in the Google Drive, it's probably an automated rule. Clearly such an automated rule is going above and beyond the minimum action by affecting the entire account rather than just the document in question. Given that characteristic, I wonder if it might also shutdown the account of anyone who the document is shared with. Could be quite dangerous if it does. Documents can be added into someone's Google Drive just by having them follow a link.
I would really, sincerely, love to reply with my opinion on this, what seems by the title at least, wonderful article. But unfortunately people do not seem to have decent enough of a hosting provider and/or server to survive the outcome of getting on the front page of HN and hence I am forced to see "Error establishing a database connection".
Back in the old days before VPS, websites would autoscale leading to huge and unprecedented bills. For example, I hosted a website that contained download links. One day the Chinese found out and hot-linking causing my server bill to jump from $5.95 to over $200. I was 12 and this made me sad.
I believe I was not around then. I started when the shared hosting was a really popular thing with fixed bandwidth and even that could of easily survived HN. So, I'm kind of amazed on why some sites can't handle that in 2013.
Google closed his Google Account including Gmail, Google Drive, Google Calender etc. without notice and without explanation. After 6 days he got it back after a google employee he knows personally escalated the case internally.
I could finally access it. Well, ideally all the services should be decentralized (each person/company hosting their own email, social network, cloud storage etc). But if that is not feasible, you can at least try and use a different company for each service. In that case violating the terms of one service would not shut you out of others.
Everything was backed up. My passwords were safely stored. But it was going to take some time to get to them.
I did have my Google password, so I logged in. I was on a different computer, a different OS, a different network. I was asked to enter my Google Authenticator number, and then BAMM I got access to everything.
I realised just how scary the Google 'Save passwords' thing is.
I trust Google, and I know they have smart people working on security.
We've seen similar where someone having their Google account hacked lost access to everything.
This should be part of your back up / disaster planning. I guess there's a niche for a single page check-list of what people should be storing 'just in case'.
If anyone has ever had to deal with an AdSense account suspension, this story will hit close to heart. I find it alarming that Google suspended his account over a spreadsheet which contained login details for a client (I do this for managing my various domain and hosting accounts in Google Docs). While we haven't heard the full story of what happened here, the fact they restored his access proves he didn't do anything that really violated the TOC otherwise his account access would not have been reinstated. Seems to me this is a case of Google doing the wrong thing here, their lack of customer support is frustrating.
I'm wondering if this is the mindset that most people have. The idea of putting you're entire personal dataset (and work dataset?) into a free service has always seemed terrifying to me. Especially one whose entire business model is based on using that data to serve you ads! I keep local copies of everything and backup daily. I don't trust anyone with such a complete picture of my digital life. 'The cloud' is overrated, at least the free, ad supported version is IMHO.
Looks like we may start needing cloud services to backup cloud services. That'd be an interesting service, particularly if it worked seamlessly in the background.
All fine, until all the data ends up stored in the very same Amazon server room, at which point in the event of server fire your "cloud backups" will probably go down along with the original data.
You are misunderstaning how cloud storage works. Amazon/Google data is stored in 3-6 different disks, often in 2 or 3 different datacenters. If that data were lost due to physical failures, you would have much larger worries, like dust from a meteor blocking out the sun.
But honestly, what the fuck are governments doing?
I mean, companies like Google, Facebook, Paypal etc. are de-facto monopolies and should NOT be able to refuse service to anyone, much less ban existing users!
In general, any company pulling such obvious "dick moves" needs punishment.
What's the point of having a government and a law system if it cannot even enforce such basic stuff?
Reading this was like reading a nightmare. I have all my life on my Gmail account. All my plans on my Calendar. Important documents on Driver etc... I'm way too dependent of Google. Same thing if iTunes Match or Dropbox dump me tomorrow.
It wasn't just stuff he backed up on google drive that he lost. You can lose your email account, possibly locking you out of any internet service that uses email as authentication, as well as any important emails. You can lose documents you made on google drive itself that you haven't yet downloaded. He lost his calendar, which I don't even know if you can backup. He also mentioned his blog and phone service and contacts.
The point is it's not just data that is lost and of what is, not everything is easily backed up on local storage.
Please don't keep sensitive client data in a spreadsheet on Google, or DropBox. If you must store it in a cloud, at least encrypt it and store it in a locally-encryptable service like JungleDisk.
Self provide your own email on your own email server.
I think there's a case to be made for self-providing your own dial tone as well, given how simple and cheap that has become, but I can't push that as I haven't even done it myself...
There's a hardware startup opportunity here somewhere: sell a box which does this for an end-user, and makes it really trivial to setup replication mirrors elsewhere.
Probably dies on the platform of "people don't have good broadband".
It's a good idea in general to run a privet cloud. I have been playing with an idea in my had that would make it profitable too, without charging subscription, which is notoriously difficult to do.
Rather then hardware solution, a VPS image solution would be best. A VPS image with core email, web, and file services, and an easy way to add more as needed.
We really need to decentralize the web again before we start connecting to the world wide google or the world wide facebook :)
The recent closure of reader really damaged googles reputation in eyes to the point were I can believe this story completely. It almost feels like they switched their slogan from "do no evil" to "do at least a little evil every day, just for the fuck of it!"
English law student here. This isn't legal advice.
Generally, in common law countries, if you're not paying Google for the services, the legal system won't help you. Since you gave no consideration for the services you got, there's no legal contract, so you can't even enforce their own terms of service against them.
(In theory, an action in tort for negligent provision of services can succeed against a provider you didn't pay - but in practice, that'd fail for a number of reasons in this situation (in England anyway)).
As soon as you're paying for services, the whole thing changes. You've suddenly got the contract law at your back, and with that comes whatever laws govern unfair terms in consumer contracts, and the supply of services to consumers, in your jurisdiction. You're in a vastly better position, legally.
I'm guessing you mean that having adverts shown to you might be good consideration?
I guess it's possible that it might be held to be, but it's by no means a given. (I don't know any English cases on that, but there may be US ones I'm not familiar with. All the cases of website terms I know are ones where the website owner wants to enforce against the user, so don't help, as AFAICS the courts only care whether the party seeking to enforce gave consideration (which they have: the service)).
But even if you succeed in that, it still might not help you. Seems to me that the effect of that would be to make the service a standing offer on Google's part. Analogy: a sign on a shack saying "Come in and take a biscuit if you view the advert on the wall". The consideration isn't in return for a promise to continue to provide services. If the shack owner removed the shack one day, you couldn't sue him for breach of contract.
Wheras if you've paid money for a service and they don't provide it, they're in breach, full stop. (Even if they claim you're in breach, they have to notify you and give you a reasonable time to cure it).
IANAL, and my consideration analysis might be completely wrong. But even if it is, I still strongly suspect it's not going to be easy to convince a court to hold Google in breach for stopping giving you a service you weren't paying for. If you're paying for a service, you're in a much more secure position.
If I offer to let you park your car in my garage for free, and then one day lock the door and take your car...I'm not allowed to do that just because I had been letting you park there for free. The car still belongs to you.
Likewise, google shouldnt be able to close a free account and keep all my email, my stored files, etc. it's
ludicrous.
Yet thats exactly what they do..time and again...and people just bend over and take it.
It would be interesting to know if that might be a path for someone with a sealed closed account to at least get access to their data back. I imagine Google would want to settle such a case, and giving the customer a dump of their data would seem an easy route to settlement.
Same as every other “cloud provider”, yet somehow Google is the one subjected to these overwritten accounts and the almost mandatory pseudo law/policy musings that follow.
You might want to take a look at some policies from others in the industry to get a more accurate picture of this landscape.
These policies are constructed as such to mitigate litigation, which the author concedes. Regardless I'm glad this instance had a happy ending.
Gmail and Yahoo Mail and Facebook Mail and my personal mail server all stand in contradiction to your claim.
Stop making things up just because you want to complain about the Google. Nobody will fault you for a simple "Fuck Google, they're demonstrably evil and have access to way too much data now," which is what it seems to me you're driving toward.
Email is decentralized because Gmail, Yahoo Mail, Hotmail and whatever server you can setup can talk together. You don't have to use Gmail to send an email to a Gmail user.
The only thing that's threatening email decentralization is the war on spam. It's becoming more and more difficult to send messages that don't go directly to spam boxes if you're not one of the big player.
Or simply people who didn't have the skills to be a peer?!
And what about closed gardens like social networks and services that wall our data behind proprietary walls? Google data liberation front is a step forward but its still not enough.
People with such great skills and knowledge of the stakes of IT like the HN audience shouldn't put the blame on common people right?!
I genuinely believe that technology and the open source community have reached a maturity that makes the development of simple and solid alternatives are possible, even for the least knowledgeable of us.
Take a look at what this startup is trying to achieve: https://www.cozycloud.cc/
It gives everyone an easy to administrate server, you can assign your own domain name, self host it or have it hosted elsewhere. The server is a plat-form on which you have total control and ownership of your data and can install and develop apps that serves YOUR needs. It still young but with the support of talented people that could become BIG!
One of the problems that's recentralized mail is spam.
Because of spam senders, especially spam originating from residential and dial-up IPs (well, mostly residential now), many large email providers use blacklists (literally: DUL -- dial-up lists) to block SMTP access from IPs within a known residential range. Many also work to whitelist specific lists of known legitimate email providers.
May enterprise IT organizations require explicit whitelisting of domains from which email is sent. I kid you not. And many of these organizations apparently have never heard of SPF/DKIM.
A third level of resource are reputation-based services. Cisco's Ironport / Senderbase is among one of the better of these (it indicates both good and bad reputations, as opposed to simple blacklisting or whitelisting, as well as volume variations from a given IP and "neighborhood" reputations of nearby IP addresses.
The result is that it can be painful to try getting your mail delivered through to large email service providers. I've had the most significant issues with Yahoo and Aol, though others are at times problematic. This affects both individuals trying to configure small residential servers and businesses / enterprises.
Ideally tools such as SPF and DKIM help, but at best these indicate that a given IP address is included in a policy framework or that header integrity is assured -- there's still no basis for assuming that a given email message is or isn't spam. Getting SPF and DKIM properly configured can also involve hoop-jumping, especially for non-technical users.
I don't think his comment was focused on John or Jane Q Public, but rather the general use of cloud services and the dangers of these types of events happening.
For instance, I host most of my business on AWS. We recently had a compromised server that delivered malware to some of our Web visitors resulting in Google completely blacklisting our site, and ultimately resulting in AWS sending us a threatening notification that we were violating their terms of service by serving malware and we could be terminated at any time.
Within an hour of finding out the root cause we cleaned up the malware issue, but we spent the next 24 hours trying to get Google to remove the blacklist and kept our fingers crossed that AWS wouldn't just terminate all our 17+ instances and ask questions later - effectively putting us out of business.
This has always been the way it works with hosting providers and even colocation facilities. You have an obligation to keep your infrastructure healthy, or the provider has an obligation to shut you down before they get a reputation for being malware/spam/badness-friendly and have to worry about their peering relationships and the like.
Well, the Amazon approach is much better than the Google approach. At least they sent a notice, while Google's policy is "shoot first, discuss later". Well actually the first part, I'm not sure if there is a second part.
Apple iCloud, MS Live, Amazon Kindle Libraries, Dropbox.
All of these widely used and are subject to loss of service, arbitrary account shutdown, data loss, and data theft. None of them are really trustworthy, particularly not as a primary data store, so I find it odd that the commenter rants about Google - the problem is trusting any corporation with control over your data.
The interests of a corporation and an individual are not likely to coincide in the long term. Google is not evil, they're just a corporation like any other.
Microsoft gets a lot of beating for changes to Windows, simply because of widespread use; an OS with 0.5% market share will not be messing with so many people. By being banned by Google you lose your email, youtube, adsense, adwords, docs...your financial life could be destroyed, even if the 'violation' is for an unrelated offense (example: posting copyrighted material on Youtube and getting adsense disabled)
Another difference, as an example, when the company I work for had some issues with the hosted mail from MS, my boss was able to get to a real, live person .. not left fluttering in the breeze as so often happens with google.
The handful of times I've had issues, I usually take to twitter, and it magically gets resolved within a day... I'm overly tethered to google at this point. via Andriod and Google Voice alone, it's been a difficult weekend with the issues GV seems to have had since Friday. I've recently cloned my dropbox to both google drive, and skydrive... which gives me a little security.
For the past two years, I've been using my gmail address more, and my own domain email less, because the gmail ui has been more convenient... without igoogle/reader I don't think that's as much the case, but if I lost my email (logins for other sites) I'd be boned... I recently had to re-enable a domain on my mail server just to change an old account on a site I needed to recover. Not cool/fun.
But I strongly believe search needs to be decentralized. Something like P2P. I mean it's like basic healthcare rights (or right to live) on the Internet. Without search most of the Internet is blocked for you and this mostly lies in a few corporate behemoths; no, I let me correct it - that's just one!
Or are there already services like that? I don't think DDG can simply read from Google indexes and give us the results or maybe they can but it still is dependent on indexes by Google which shuts accounts without notice and it's gone for good if you don't know anyone inside or your story is picked up from the Internet.
If you lose access to your gmail account, you also lose access to changing your password on any service that makes you do so through an email link - I know of some services that don't even let you change your account email without clicking on an email authentication link.
So not only is there the always-lingering possibility of losing your google account to automated shutdowns, you can also lose access to services that you use that use authentication through email, quite an uneasy thought.