The linked support forum article is very short on detail. But assuming you've been locked out of your Gmail account and [as quoted in the linked post "...have years of important emails attached to [the] account...":
1: Don't depend on Google, Amazon, Facebook, Twitter etc. not to suddenly lock you out of your account for no apparent reason.
2: Don't expect to be able to get through to anyone at Google, Amazon, Facebook, Twitter etc. who cares about your problem, if it does happen.
3: If you do insist on using a service like Gmail, don't keep all your eggs in the webmail basket. Access your account via an email client with IMAP. Then, if you get locked out, you'll at least still have your email archives and can move on from there.
It never ceases to amaze me the people who trust monolithic unaccountable 3rd parties with their "important" data and then compound the issue by not having a local copy to fall back on.
Do you have data or anecdotes that this is a consistent issue across the tech companies you mentioned? As an AWS employee speaking for myself, I find it inconceivable that in our customer obsessed culture we’d lock out accounts without a clear reason or the ability to talk to a human.
I've had it happen to me with four Twitter accounts at once. All locked overnight in January with no explanation or response to emails from their support dept[0].
It took 6 months and a formal GDPR complaint to the Irish Data Protection Commissioner before Twitter finally unlocked the accounts and admitted they'd made a mistake[1]:
>Hello,
>We’re writing to let you know that we’ve unsuspended your
>accounts. We’re sorry for the inconvenience and hope to see you
>back on Twitter soon.
>A little background: we have systems that find and remove
>multiple automated spam accounts in bulk, and yours was flagged
>as spam by mistake. Please note that it may take an hour or so
>for your follower and following numbers to return to normal
So yes. It does happen and, when it does, you have little to no chance of actually getting hold of a real human being to talk to, or who can give you any explanation as to why it occurred.
Thankfully in my case, it was just some shitty Twitter accounts and I'm actually quite glad it happened now as it gave me the impetus excise another pointless moronic social network from my online life.
I signed on to Amazon's Mechanical Turk as a worker just to see what it was all about (and to evaluate what the workflows were, so I could recommend it to others). I think I ended up doing a couple bucks worth of work, and applied it to my regular Amazon account.
Well, recently I went back on it (after a few years of not using it, although I use my regular Amazon and
AWS account all the time). And it said I'm not allowed to take on work, because my payment method has been suspended for a policy violation. Which policy? How do I get it un-suspended? Did someone else compromise it to use it illicitly? Nothing on the page gives me any clue of how/who/what to contact.
Ironically I've just resorted to signing in with Google on my eBay account as, for the past couple of months, whenever I sign in with my email address, I end up in a Groundhog Day hell of endless login screens and reCaptchas.
I'm not comfortable at all with the thought of Google harvesting data about everything I search for, buy, or sell on eBay. But, frankly, being able to avoid the killing rage that descends on me every time I see one of those fucking reCaptchas is worth the loss in privacy!
Gmail also has the ability to forward all (or some) emails to another email address. Set up a secondary account somewhere (non-gmail), and have a live backup of your gmail for when the worst happens.
I just set up a couple of Protonmail addresses myself yesterday, as I was getting really pissed off with how unreliable Yandex Mail had become.
Unfortunately I didn't find out til after I'd spent a good hour logging into lots of websites and updating my email address to my shiny new Protonmail ones, that I can't connect to a free tier Protonmail account with IMAP and Thunderbird. D'oh!
Protonmail looks like a good choice, if you only have one or two email addresses and don't mind being restricted to accessing it via webmail. But I've got half a dozen or more across various services, as well as on my own domains and I want to continue to be able to access them all from within one app [ie. Thunderbird]. The whole different app for every web service thing gets tired very quickly. Also, as per the original thread starter, if you only access your Protonmail account via webmail this does still leave you at the mercy of another company which may or may not decide to lock you out.
Can anyone recommend any free alternatives to Gmail / Yandex Mail [preferably privacy respecting] that will actually integrate with an IMAP client?
Pretty much. I already use my own domain for my main personal and business email addresses and I've also set up email addresses for several family members on that domain. So, if I moved to a paid plan, I'd not just be paying for one email address but about 8 or 9 --either that or face the unpleasant task of explaining to family members that they now needed to pay to continue using the email addresses they've had for years.
I also have a few other domains that only I have email addresses on and I run the email for those through Gmail and Yandex Mail's servers.
I've also got a few other email addresses @gmail.com and @yandex.com which I use for less important stuff like signing up for forums / websites and the like. So, I wouldn't want to be replacing them with a paid plan either --given they're not used for anything important.
So in essence, "free" [and reliable] is more important than "secure". I'm not majorly unhappy with my current setup, but I'm always open for giving rival services a try out, just to chip away at the stranglehold the big boys have on the market.
With email you absolutely want an address with a domain that you own. You can use it with pretty much any email hosting provider, and in case you get banned, you can point your DNS to another provider and continue with your day.
If Google banned my account, my phone would probably be useless, but other than that I wouldn't have any negative consequences. If Facebook banned my account, I wouldn't care at all (I spend less than 5 min per month on there). If Amazon banned my account, same thing (stripped DRM from all ebooks I've purchased there). Microsoft, same (losing my GitHub account would be a bummer, but wouldn't impact my work which is on GitLab). And as far as Apple goes, the only product of theirs I've ever owned was a USB Type C cable.
This feat about getting locked on Google Accouints will cost google customers. Last week I wanted to try a Google Cloud API, but I stopped when I had to fill a form with more billing information . At that moment I though soemthing like "what if something weird happens with my test script and Google flags my account? " then I was thinking "maybe I make a new test account" but then next though "making a new account could also be a flag and could cost me my main account" so I just gave up.
I was already preparing to leave gmail but hadn't found the thing to really motivate it yet. The broken password reset heuristic motivated it. Or rather, it gave me no other choice at all.
Yes, same story.
However, making a new account must be the safest bet, one just need to read their T&Cs to see if having second account is allowed? I guess it is, since Google neatly offers to sign-in under different accounts when several people use it from one device or when you have a business e-mail hosted on G suite.
Yes, I already have 2 gmail accounts, one for personal stuff and my personal phone and one for work. The problem is if I make a 3rd account for testing APIs and this third account somehow gets flagged will it bring down all my other accounts?
Sony also scares me sometimes, i get email that I broke their terms in some chat message in some game (my son uses my account) but no fucking detail on what exactly is the problem(I would not be surprised if they are so incompetent to get triggered by non english words , so children report each other to troll)
Plus: GMail for most people is a free service. They can just close it down and are under no obligation to continue their service to you.
It happens to paid accounts too, so maybe switch important Accounts to a smaller service that needs you as a customer and therefore provides customer service
I'm actually facing the same situation because of a 'use-case limbo' and I'm devastated.
Google is locking me out of my 11 years old Google account (Gmail, Adsense, YouTube, Analytics, ...) I use for a side project (electronic music blog) because I'm trying to log in from a new device/country/IP.
Alright then, I'll try to recover the account with the security question or the recovery email.
Nope, Google doesn't even let me enter the recovery process because of the same error. I can't do anything because of a stupid flag on the account.
The best part? Everytime I'm trying to log into my account, I get a security alert email sent to my recovery email. I can say to Google that I don't recognize the connexion (AccountDisavow) but I have NO OPTION to allow it. What's the point of having a recovery email?
Can't Google see that it's the same IP trying to log in and trying to access the "Review activity" from the security alert email?
If any Google employee is reading this, I'd love some help!
The idea of paying for restoring your account is quite smart, Google, Facebook etc should adopt it. And if it's the algorithm that failed you should also get your money back.
You fail to realize that these disablings/lock outs are but mere pennies to Google. There won't be anything done until they see those said pennies turn into millions or billions of dollars. Google's reputation is already tarnished, IMO, for that and other reasons.
So, IOWs, you're wasting everyone's time with this. Just saying.
throwaway29303 is right. Google won't care a stuff about your problems until you can get a few hundred thousand or million others to back you up.
Look at all the bad publicity they get from [with no insult intended] much more influential sources than yourself. They carry on regardless and I don't see them haemorrhaging customers, because of it.
I think the fix (from a legal perspective) is very simple.
Ban me from your services if you want, but banned accounts should be able to download their information, for a reasonable timeframe.
In the case you were using Google products as a business (YouTube, Google apps), allow the banned user to show a text communicating to their users the service they moved to or where they can be contacted.
It's a bare minimum, but it would get us real far.
Also, a provision that enables the person to switch emails from all accounts that depend on it. This requires giving the user limited access to email (basically viewing confirmation emails from other services) until they migrate everything out.
Good point, I had missed the impact of email as an authentication tool. I think the industry should move towards a decoupling of that from email (or worse, social networks). I think there's been some movement towards using phone numbers instead, but that presents its own kind of issues.
I'm not sure, to be honest. I think GDPR would grant you access to the personal data the service holds of you, but AFAIK they have no obligation to keep the data, so they could have previously removed it (?).
There must be a provision for that I guess, since otherwise companies could potentially react to GDPR requests of access by nuking all the information they hold about that user and then replying they've got nothing, which would be a major hole. But I honestly don't know.
Google seems to have no desire or incentive to fix this problem. However, people can reliably prevent the problem from happening to themselves by not using Gmail. (If you want a recommendation for an e-mail provider, I can recommend Fastmail - I've been using them for years and they've been very reliable. They also have customer support. Their service is not free, however.)
Pay for hosted email. You can always get human support if you pay for e.g. MS Exchange. Use a custom domain, so you can switch providers if needed. There’s no substitute for having control.
One of the biggest problems, I’ve found, is that if you enable mandatory hardware 2FA (U2F) on your Google account, the so-called Advanced Protection Program, you can no longer get app passwords to log in with IMAP, essential for mirroring your email somewhere else automatically.
Not if you have mandatory hardware 2fa (advanced protection program) on, no. You're probably thinking of just 2fa enabled, which still permits TOTP (and app passwords). Once you enable APP, it is U2F only, and app passwords are no longer possible.
That initially got deprecated for paid accounts. But I think they’ve since delayed the deprecation indefinitely, probably because they got strong push back.
I have a Google account that is associated with an email address at my own domain. When I was in the EU in summer 2019 (I'm American), their AI decided it didn't likWrye my new location. It also kindly emailed me, asking me to verify that this "suspicious sign-in attempt" was actually me. Which, of course, required me to sign in. I will leave you to guess whether the token in the url from the email was sufficient proof that it really was me, or whether this sign-in was also flagged, generating a new email, etc.
You should actually read some of those. I went through the first six in the results I got and they were all some form of user error and had responses from multiple real humans either working for MS or forum “MVP” type folks. Seems to be far better support than Google’s shenanigans.
As the world we know gets even more digitalized events like these are just going to become even more common..
The question arises if the government should intervene and finally make the internet and the online profile it comes with it a basic fundamental right?
E.g. when you go and pick up your personal I.D. you should also get your personal email and credentials, so no corporation can make you disappear online..
The Finnish post office provides email for people (with some extras, like letters from participating senders can show up digital-only). For a while that also served as a centralized authentication service; I think that has mostly migrated to being done by banks.
Of course, the UX sucks and nobody sane would use it for anything useful, but it is a backup email address you'd be unlikely to be kicked off of.
Good thread to remind everyone who may have rarely-used Google accounts they want to keep: set up regular calendar reminders to login to the accounts.
I've recently been locked out of a couple of accounts I hadn't used in more than a year. I didn't forget the password or anything, Google just prevents access to the accounts with no recourse.
While email lockout seems to be solved problem, by using your own domain and doing regular takeout backups or redirecting emails, what should we do about other Google services, that are impossible to use without Google account, e.g. Google Play for app developers and Android users, that purchase apps?
I've been unsuccessfully trying to get my account back for 7 years after a "joke" went wrong and someone replaced my profile picture with that of a decaying penis.
I realize Facebook can't just "start doing that" at their scale, and that my best luck would be to reach out to someone high-up enough in their organization.
So I've been starting to send monthly postcards from France both to Zuck's house and to random executives @Fb Headquarters with a very compelling story explaining how happy I would be if I ever got my memories back, and not just their stupid account backup file.
I know you wrote this between '' but how does that even happen... For one I know 0 people who would find that funny (it's more embarrassing, including for the prankster) but the move confusing thing; how did they gain access to your account? Unless the entire account was a joke?
Not all devices have DNA authentication on wake yet, some people still use those old "desktop" computers with browsers logged in to their online accounts via cookies, which anyone could use if found unlocked.
Setting up mail forwarding to another address you own might also help (assuming Google doesn't stop the forwarding when they lock you out which is something I heard but it's not confirmed).
Those would have the same "we can shut you down at any time and you would find nobody at support to talk about it - will only get automated responses" result, the main difference being that you'd also pay for it...
1: Don't depend on Google, Amazon, Facebook, Twitter etc. not to suddenly lock you out of your account for no apparent reason.
2: Don't expect to be able to get through to anyone at Google, Amazon, Facebook, Twitter etc. who cares about your problem, if it does happen.
3: If you do insist on using a service like Gmail, don't keep all your eggs in the webmail basket. Access your account via an email client with IMAP. Then, if you get locked out, you'll at least still have your email archives and can move on from there.
It never ceases to amaze me the people who trust monolithic unaccountable 3rd parties with their "important" data and then compound the issue by not having a local copy to fall back on.