[HN Gopher] Google terminated our Developer Account, says it is ...
___________________________________________________________________
Google terminated our Developer Account, says it is "associated"
Author : nadalizadeh
Score : 900 points
Date : 2022-03-30 13:40 UTC (9 hours ago)
(HTM) web link (old.reddit.com)
(TXT) w3m dump (old.reddit.com)
| jmyeet wrote:
| I feel this user's pain. Obviously we don't know of food action
| was warranted in this case. Sometimes it isn't and there being no
| recourse is unacceptable. Knowing someone at the company, having
| a sufficient Twitter audience or relying on posts like this
| getting attention should not be how this is resolved.
|
| Side note: I absolutely won't use my Gmail account for any other
| Google service. It's just too great a risk and it's ridiculous
| that a developer ToS violation can also kill your Gmail access.
|
| I see a fundamental mistake these companies make with automation:
| optimizing for the wrong metric.
|
| The metric they seem to use is the number of cases handled by
| automated systems. What they should use is the number of cases
| their workers can deal with.
|
| The difference is that the second one doesn't reward false
| positives. There are some cases that need human review. You
| should even be able to pay for expedited review (ideally
| refunding you if the decision is made in error).
|
| A good example of this is Tiktok's reporting system. Like many
| such systems it's clear that it just takes actions based on the
| number of reports. There is no penalty for fake reports. So
| people brigade creators they don't like (typically politics and
| science) and those affected have to go appeals processes. It's
| ridiculous.
|
| Put another way: automation shouldn't replace people. It should
| augment their effectiveness.
| bnj wrote:
| > What they should use is the number of cases tax workers can
| deal with.
|
| I'm curious about this and not completely sure I understand
| what it would look like in an example. Would you be willing to
| expand on the point?
| jmyeet wrote:
| Imagine someone working in support. When an activity gets
| flagged it gets assigned to someone. An automated system
| might take action (eg shadow banking).
|
| Given the automation that worked might process 5000 cases a
| day.
|
| If the automation can resolve more cases that figure might go
| up to 8000.
|
| But if there's an appeal that takes manual review and
| resolution that might wear up a lot of time stick that the
| rate drops to 3000.
|
| This means two things:
|
| 1. There is an impact on the metric from false positives; and
|
| 2. Having human review is still part of the system
| ultimately. It rather it can always be escalated to such.
|
| Now you might say the worker might be motivated to take the
| least time consuming action possible even if wrong but an
| appeal might be escalated above then and further time spent
| rectifying their mistake still counts against them.
| rbanffy wrote:
| One possible preventive measure could be to have separate
| developer accounts for each product and keep everything air-
| gapped between those accounts.
|
| I was banned from AdSense for a never disclosed reason. I guess I
| still am - never tried again, in part because the alternative I
| used after that paid better.
| mysterydip wrote:
| What alternative did you end up using?
| rbanffy wrote:
| A local e-tailer affiliate program. It's was a tech blog in
| Portuguese, so the audience was a pretty much match.
| rvz wrote:
| Here we go again. Another day, another termination by Google
| Play.
|
| The reason? None. The same as this one: [0]. Robots at Google
| once again de-platforming apps because they can and for no
| reason.
|
| Like YouTube, Google will not change and it will only get worse.
| [0]
|
| [0] https://news.ycombinator.com/item?id=30824079
| rhacker wrote:
| 6 degrees of separation. Everyone is associated with everyone
| else, so basically Google should shut down itself at this point.
| pram wrote:
| 4 Feb 2022 - Termination of my personal account (Ali Nadalizadeh)
|
| This is pretty horrific!
| jddil wrote:
| These stories are always one sided and gloss over the minor
| policy violation parts.
|
| When we get the full story it's usually less black and white.
| Quick skim over the thread and it sounds like they let an ex-
| employee have access to one of their accounts and he committed
| multiple violations? Was he spamming? Was he uploading malicious
| content to the store?
|
| Also, don't build on others platforms if you want to control your
| destiny. You can't have it both ways.
| nadalizadeh wrote:
| It is not black and white, as I mentioned in the post, the
| former employee had violations in his own developer account.
| But in case of our company? None!
|
| Our company account is assumed to be "associated" with
| wrongdoing of my former employee. This is the black side.
| jddil wrote:
| His own developer account was linked to yours ... that's how
| this works.
|
| In the future, fully control the accounts yourself or don't
| build in someones walled garden and then complain when they
| ask you to leave.
| nadalizadeh wrote:
| Sure, you are good in giving advice!
| LWIRVoltage wrote:
| This is the issue with data being tied and connected....
|
| Not long ago, someone here raised similar concerns with Microsoft
| 's ecosystem
|
| It stemmed from their current underway process to force all
| Minecraft accounts to Microsoft accounts, and the current
| Microsoft account process, if you don't add a phone number during
| account creation, locks and bans the account automatically after
| a week with they only recovery option being to then give a phone
| number, and most voip ones are auto detected and not accepted.
|
| If you set up the account with an alternate email, that has no
| effect. Setting up TOTP has had scattered reports over sometimes
| allowing the account to not auto ban you, but recent reports are
| that this too often won't stop it. There are reports that using
| Microsoft s own authenticator app, does stop the account from
| auto banning you unironically, that I have not confirmed
|
| Of course this means they can then tie it to potentially your
| computer pending how you set up Windows, or Xbox live, etc. Which
| is a risk if you've been formerly banned from something like
| xbox- everything is now linked, and therefore subject to action
| automatically with no human team to talk to about the process.
|
| Also, if you then go and give it to them then afterwards try to
| remove it, the system will not let you without extreme effort,
| and more details.
|
| I worry greatly about this situation where our personal accounts
| are all tied together through hardware ids, mandatory phone
| numbers,IP addresses, and different accounts across systems, only
| to all get banned or locked out at once with no recourse - or
| demanding more data(like Minecraft indirectly giving Microsoft
| every single phone number for the biggest player base in the
| world, as mandatory(with specific exceptions for like one or two
| countries who's laws they are working around now, with Korea
| appears to be one)
|
| Also, so many companies use Amazon, Google, Microsoft company
| emails and systems- your full name is there, so there is a
| increasing risk that if something happens to your company
| account, the systems knows your personal accounts and by name,
| bans or affects them too.
|
| Privacy advocates are being proven right about the need to be
| able to not give info that ties everything together
| ridgered4 wrote:
| Do you have the source information on the minecraft accounts?
| I'm about to fall on this grenade myself. Needless to say I've
| avoided an MS account like the plague but of course that didn't
| do much good in the end.
|
| Can you play at all once banned?
| LWIRVoltage wrote:
| I have done some poking around and digging into the microsoft
| account lock out thing, out of curiousity- only to find it
| appears to be true, as i've had a LOT of test accounts banned
| in the past 2 months. I was trying things like setting up
| alternate emails, and TOTP...
|
| I suspect burner phones are the only way to not give one's
| phone number, or to gamble with the microsoft authentication
| app, which theoretically ever since recent versions of
| android should not be able to pull your phone number from the
| hardware - theoretically. I have not tested that out yet.
|
| There's quite a bit about this out there Here's one such
| thread where a lot are trying to figure out why they are
| being forced to give up their number
| https://github.com/MultiMC/Launcher/issues/4093
|
| to my understanding, since they fully linked it- once your MS
| account auto locks- you can't do anything, since it's linked
| to Minecraft- as well as other stuff. You'd think they'd
| allow one to still play Minecraft- but i guess if you can't
| log into the account, you're out of luck
| A4ET8a8uTh0 wrote:
| This. I genuinely wonder if people understand how much data is
| flowing about them on a daily basis and whether they would care
| if they did. I am just a guy at a place and I personally think
| I have way more insight in people's private lives than I
| should.
|
| I can't imagine how bad it is at a less regulated institution.
| Lamad123 wrote:
| i's kinda said when your livelihood is decided by dumb AI that
| can't tell the difference between a joke and a war declaration or
| some poor reviewer/customer support who needs to decode so much
| shit in 35 seconds and decide if you broke non-transparent terms.
| yellow_lead wrote:
| Welcome to FANG support forums, a human being should review your
| case shortly...
| im3w1l wrote:
| We used to live in a magical world, where your fate was
| governmened by fire spirits, by demons and by thunder gods. We
| tamed nature and learned a scientific worldview. What these
| algorithms are doing is turning back the clock. Undoing the
| science. It's bringing us a new world of superstitution, where
| you better don't anger the machine elves.
| shdon wrote:
| 15-20 years ago, I had a pretty good opinion of Google, as they
| seemed competent and true to their then motto "don't be evil".
| Now I avoid them wherever I can personally (unfortunately, and to
| my great dismay, my employer is fully dependent on Google cloud
| products). It seems they have become very evil. And what's
| worse... casually evil. The fact that these things happen is bad
| enough, but not having any recourse or a good way to resolve this
| is just unacceptable.
| kmeisthax wrote:
| Even 15 years ago we were hearing stories of Google summarily
| terminating whole accounts without stating a reason beyond some
| business-ese for "You know what you did". They have always
| treated their anti-fraud teams as secret police rather than
| just _a_ way to mitigate business risk.
| ncann wrote:
| 10-15 years ago me and I assumed most people here viewed
| Google in a very positive light. At that time they seemed to
| be doing everything right and were somehow at the top of
| everything they did. Gmail was game changing, Search had no
| equal, Youtube was mind boggling, and Android and Chrome and
| so many other things. Somehow they lost their way in the
| process which is a shame.
| CalChris wrote:
| A Google Developer account costs all of $25, one time. You really
| should scale your expectations of service based on that number.
| You will not be partying with Larry Page in Fiji for $25.
|
| https://support.google.com/googleplay/android-developer/answ...
| josephcsible wrote:
| No matter how cheap that is, I should not have to worry about
| losing my personal Gmail because one of my former co-workers
| broke one of Google's rules at a different job.
| incrudible wrote:
| Never build on top of Google. Yes, this limits what you can do.
| No, that is not a bad thing.
| phendrenad2 wrote:
| Build on top of Google or Apple (or Microsoft or Amazon, you
| never know when they'll adopt this anti-user stuff too) _only_
| once you are big enough that they need you more than you need
| them.
| brutal_chaos_ wrote:
| Just a friendly reminder for Google users, backup your cloud data
| before you can't.
|
| https://takeout.google.com/
| qalmakka wrote:
| I will say this once again: App Stores are too important in the
| current world to be left to the mercy of some big Internet
| company. I agree they should get a cut due to them being both the
| creators and maintainers of their platforms, but their ability to
| regulate what's in them should be left to a third party or
| government agency, just like trade is not left to its own devices
| and has regulators. Apple and Google are way too powerful for
| their own good.
| bogwog wrote:
| Figuring out a fair and effective set of laws/regulations to
| control how these companies run their app stores seems way too
| hard and unrealistic.
|
| The easier and more effective solution is to simply force them
| to allow alternative app stores (without suppressing
| competition, like Google currently does). A free market tends
| to correct itself in the long term, so that should solve the
| majority of problems plaguing the mobile software industry
| today.
| withinboredom wrote:
| I think that they've effectively become so rich they'd just
| buy any effective competition.
| zo1 wrote:
| As much as being a full 100% free-market person, I'd still
| say there are plenty of fair and (probably) effective ways to
| regulate this market.
| [deleted]
| Aeolun wrote:
| > Figuring out a fair and effective set of laws/regulations
| to control how these companies run their app stores seems way
| too hard and unrealistic
|
| _Anything_ has to be better than what we have today...
| EricE wrote:
| Yes, competition is better. Force them to allow other app
| stores on the same footing with Google's and Apple's. See
| how fast both suddenly find resources to deal with issues
| like these.
|
| Sunlight (and competition) is the best disinfectant!
| someotherperson wrote:
| > Figuring out a fair and effective set of laws/regulations
| to control how these companies run their app stores seems way
| too hard and unrealistic.
|
| I don't think it's hard or unrealistic to force companies to
| provide realistic support. Entire industries have had this
| established for decades.
|
| Imagine you're renting office space and the landlord decides
| you've done something wrong, clears your things out and
| changes the locks -- refusing to tell you what you've done or
| allow your business to continue to operate. This sounds
| extremely unrealistic because it is, in the real world you'd
| take them to court and sue them for losses. And there is
| plenty of legislation behind it to support you.
|
| Similarly, having companies like Google become accountable
| like this isn't actually that hard. There just isn't any will
| to do so at the moment and livelihoods will continue to be
| destroyed in the interim.
| bogwog wrote:
| That's different though. There aren't only 2 landlords in
| the world, so making laws that affect landlords makes
| sense.
|
| But how do you design a law that corrects the bad behavior
| of 2 monopolists, while at the same time not adding a
| burden to any potential competitors (and thereby
| strengthening the existing monopolies)?
|
| Forcing competition makes more sense to me. No need to get
| into endless debates about the risks to innovation, or
| government being too big, etc. Just open the gates to
| competition and call it a day.
|
| If the mobile app store market goes to shit in the future,
| then we can start getting into the weeds of it. But for
| now, there's no need for that; the answer is obvious.
| Sohcahtoa82 wrote:
| > A free market tends to correct itself in the long term
|
| Only if enough consumers are affected.
|
| Situations like the OP happen, but they're exceptionally
| rare. They just make a lot of noise.
| bogwog wrote:
| Not necessarily. In a competitive market, Google would need
| to fight to win over developers, otherwise their store will
| be lacking apps, and therefore customers.
|
| A noisy post like OPs would _actually_ make Google shit
| themselves if they didn't have an app store monopoly. Even
| if it's a single dev out of millions, the bad press would
| be much more costly than making things right.
| unabridged wrote:
| I don't think regulation is the answer. The US government
| should just create app.gov with a 1% fee or something and out
| compete them.
| inapis wrote:
| Eh. Governments should absolutely not get in the business of
| creating or running an app store. Mobile computing is,
| effectively, a necessity in the modern world but the web
| already serves as a great independent distribution platform.
| We should rather focus on not enabling the technology giants
| to gimp the web for their business moats.
| ComradePhil wrote:
| Why? When they can make regulation once and that will be
| that?
| Pooge wrote:
| I would much rather have a repository system like F-Droid (or
| you could compare it to Debian/AUR/openSUSE) where the
| publisher has to create a repository that respects some kind of
| standard so that they can distribute their software.
|
| NewPipe does this for F-Droid in order to deploy the updates
| faster. Otherwise, F-Droid needs to very, compile and deploy
| themselves and it usually takes a few days.
| kmeisthax wrote:
| F-Droid repositories are equivalent to alternative app
| stores, including all of the associated malware risks they
| bear, just with a nicer UI and lower barrier-to-entry than
| building your own app store.
|
| F-Droid's rules exist specifically to ensure that an app's
| source code corresponds with it's binaries. This reduces the
| risk of using F-Droid because all source code is available
| and auditable. There is no guarantee that said source code
| _has_ been audited, and FOSS malware _does_ exist[0], but it
| makes it harder to hide such code.
|
| I would personally prefer if Google Play had similar
| requirements, but the entire industry would be up in arms if
| Google started mandating source code escrow.
|
| [0] Notably, the ironically-named `peacenotwar` package on
| npm, which is a cyberwarfare tool that attempts to wipe files
| on Russian and Belarusian machines.
| q-big wrote:
| As long as
|
| * developers continue to develop apps for the respective app
| store (they could often create a web app, but they don't)
|
| * there is no outcry among users for competition (instead of
| monopoly) in the provides app store(s)
|
| nothing will change.
| dymk wrote:
| None of the apps created by the developer being discussed
| could have been created as a webapp.
| zivkovicp wrote:
| hear, hear.
| CursedUrn wrote:
| We need an online Bill of Rights to stop these huge companies
| destroying lives and businesses on a whim.
| Shadonototra wrote:
| Share the "previous emails" they sent you, you either ignored
| them, or you know what you did wrong and are trying to play the
| innocent actor
|
| Hard to judge without having all the data in hand
| LanceH wrote:
| Previous emails. That's funny. They don't send warnings and
| they don't allow appeals. It's 100% to done.
| mechanical_bear wrote:
| It's easier to feed the anti-Google circle jerk this way.
| ceejayoz wrote:
| Where are you seeing that previous emails were sent?
|
| The screenshotted notice indicates it may be due to actions by
| the individual developer on their own account, for which the
| company would not necessarily have been notified.
| encryptluks2 wrote:
| I think it is due to account level access. They tried
| claiming they hadn't been associated with them for 3 years
| but then admit that the developer had access to their account
| as recent as Dec 2021. Let's say this developer did something
| really dirty like stole user data and then Google finds out
| this developer still has app store permissions through this
| other company account.
|
| I think Google handles these situations terribly from a PR
| perspective, because the moment someone posts negative
| publicity would be the perfect time to Google PR to show
| their hand and say no they are misleading the public.
|
| There is probably a good reason they don't do that though. I
| could see how a company isn't really responsible for what
| another developer did that they may have not known about, but
| I don't think we are getting the full story here.
| ceejayoz wrote:
| An entire company shouldn't get wiped off the map because
| one contractor has been misbehaving on another gig.
| encryptluks2 wrote:
| I don't think the issue is that a bad contractor worked
| for the company but that they prob had admin permissions
| and were likely doing nefarious things with some APIs
| with those credentials.
|
| Things like this don't ruin a company though. The company
| should immediately file an injunction and claim against
| both the developer and Google. They should have done that
| immediately. I think they have no clue or simply don't
| have the money to pay an attorney so there isn't much
| they can do. Heck an employee could steal all their money
| and unless they are willing to file a lawsuit there isn't
| much that anyone can do.
| croes wrote:
| Maybe you should reply to my previous post first.
| haunter wrote:
| Google: Always blame the victim, never take responsibility, no
| support, the algorithm is the the law
| nadalizadeh wrote:
| What previous email? It seems you did not read the post, the
| first email we received was "your account has been terminated"
| (from a noreply address) with the screenshot in the post, we
| sent an appeal afterwards and that was their response which you
| see.
| [deleted]
| at_a_remove wrote:
| I am struggling to remember the name of this sci-fi book I had
| read about twenty-five years ago. Someone encounters a
| civilization where things are going pretty darned well for the
| humans, and there are these spider-aliens who make sure that the
| trains are running on time. It's just that a small portion of the
| population is abducted by the spider-aliens, for a long period of
| agonizing torture before being consumed. Everyone knows and
| accepts this. Nobody knows who is going to get snatched and
| tormented and eaten. But otherwise things are just _great_!
|
| Omelas aside, I think of this every time I read about someone's
| work or life or memories or whatever just getting zapped by
| Google, for a reason that is _probably_ contained in a 500kb
| EULA, but one you will never find. It 's free! You can do all of
| this stuff! It's great! Except for when your stuff gets randomly
| eaten.
| josephcsible wrote:
| Not the same book, but a similar story is The Ones Who Walk
| Away from Omelas.
| Dave3of5 wrote:
| Google is it's own judge, jury and executioner on it's platform
| and they rule with an Iron fist.
|
| If you fall out of favour with them you're screwed. They know
| they have a monopoly on their platform and it's their house their
| rules.
|
| Remember this when making any business decisions about using
| their products
| tediousdemise wrote:
| Two words: web app. We need to collectively abandon these walled
| gardens and reject putting all of our eggs into one company's
| basket.
| FpUser wrote:
| Car repair shop used to treat customers like shit and hold them
| hostage. It ended up with the government stepping in and
| requiring them to adhere to a certain protocols (like showing
| parts changed).
|
| I think that Google has done enough damage. Government has to
| step in and smack hard in a teeth with a heavy fine and a
| requirement to introduce notices before doing any action
| (especially where money are involved) and mandatory appeal
| process with the human involved and obligation to answer direct
| questions (like giving detailed reason).
| rosmax_1337 wrote:
| I'm intrested in knowing what TOS the "associated" developer
| account broke?
| mikece wrote:
| Cases like this make me wish Google could be sued for
| $100,000,000 because it's clear that are they not following their
| own rules when it comes to banning accounts. This has REAL
| business impact, not to mention the implication of libel that the
| holder of the account did something to deserve to be banned.
| Yeah, I know: the business entered into an agreement with Google
| to abide by their rules and terms of service but when Google
| doesn't follow those rules I think they open themselves up to
| massive liability.
| [deleted]
| voakbasda wrote:
| They would happily pay that amount if they could continue
| business as usual. Add a couple of zeros and you might get
| their attention.
| josephcsible wrote:
| If they just had to pay it this once, I'd agree. But if they
| had to pay it every time they wrongly unpersoned someone,
| they'd change their ways really quickly.
| phaistra wrote:
| Another idea: For every repeated infraction of the same
| type, the fine doubles or triples.
| tempnow987 wrote:
| Um, they are following their rules. They make this very clear
| when you sign up. If you have a scammer working for you /
| linked to your account, your account is VERY VERY much at risk.
|
| Lesson is, don't hire scam artists, ask your employees not to
| scam while they work for you or are linked to your account.
| gambler wrote:
| To all the people who think this is some sort of accident that
| will get corrected. It is and it isn't. This particular
| manifestation of ban by association might be a corrected _if it
| gets enough pushback_. The general idea, however, is something
| Alphabet and the rest of Big Tech clearly like, because there are
| more and more cases of this sort.
|
| Moreover, _you_ likely supported this when it manifested a bit
| differently. Most of HN seems to firmly believe in guilt-by-
| association as a way to control behavior, speech and thought. You
| get all preachy and act horrified when it goes "too far" (i.e.
| when it looks like something that might happen to you
| personally), but in general it's a concept endorsed or at least
| tolerated by the majority here. Well, you know what they say
| about Karma.
| dang wrote:
| Generalizations about the community like that are basically
| spurious unless you have real data. People on all sides of
| every issue feel that HN is dominated by the view they happen
| to dislike. It's a mechanism of perception:
|
| https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
|
| https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
| ComradePhil wrote:
| These fkers need to be brought down with much bigger lawsuits and
| regulations. They can't continue to operate like this.
|
| We can't have app distribution in these people's hands (both
| Apple and Google) unless they change fundamentally.
| peeters wrote:
| Is anything stopping app developers from forming a (non-workers)
| union to collectively bargain and advocate for its members? This
| seems like something where if every app developer paid dues to a
| central body, with the insurance that each dispute had the
| resources and leverage of that body, then maybe they would take
| more care in the first place.
| phendrenad2 wrote:
| Maybe an ACLU-like legal org.
| ketanip wrote:
| So should one stay away from GCP as google can associate their
| personal account and profession account, and if the system detect
| some action which triggers it in personal account it may block
| all accounts and so there could be a severe data loss and other
| reputational losses of the company ?
| richardfey wrote:
| What if they were both doing something irregular, using the same
| malicious library, and that is why they were associated?
| akomtu wrote:
| 2045: "The DOJ algorithm has mistakenly declared me a felon. I've
| been trying to appeal to a human judge, while serving time in
| prison, but have been getting only automated responses so far."
| Animats wrote:
| Google giveth, and Google taketh away. Blessed be the name of
| Google.
| time4tea wrote:
| It's I guess tangentially related, but in terms of de-googling,
| I've been using docker mailserver https://github.com/docker-
| mailserver/docker-mailserver for a few years now and it is great.
| Combined with bluemail, thunderbird clients, backblaze for
| backup, and solar panels, it runs in my house and is basically
| free. For resiliency I do pay for a backup MX, which is about
| $5/year per domain. It took a few hours to set up, supports many
| users (family and friends) and maybe 1h every 3 months to update
| and check all is good.
| tasubotadas wrote:
| Could we stop sharing old reddit links? It works horribly on
| mobile.
| YATA0 wrote:
| Agreed. In a year the entire reddit thread will be [deleted]
| and [removed] and the post will be edited and completely
| redacted, etc.
|
| Reddit is cancer.
| dethos wrote:
| The need for alternatives to the PlayStore (and even AppStore) is
| real. Developers should start publishing to those alternatives to
| mitigate against these risks (even if they don't bring too much
| traffic/revenue at the moment).
| g_p wrote:
| In Europe, the legislation to look at would be
|
| https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32...
|
| Specifically, article 4 covers termination of service, and the
| rules around this.
|
| It seems Google and other platform providers have no interest in
| following these rules though.
| qwertox wrote:
| One of the comments on Reddit states that:
|
| > Develop for iOS. Apple has humans who answer phones and create
| support tickets and escalate issues and follow up and respond.
|
| Is this true? Because if it is, my next phone will be an iPhone
| and I will completely move into the Apple ecosystem and develop
| for publishing in the App Store instead of Google Play Store.
|
| Even though I don't do anything bad, these kind of news do have
| me absolutely scared that it's simply not worth it. It's beyond
| ridiculous how Google is treating developers. At least be precise
| in the cause of the termination, explain exactly what has
| happened.
| izacus wrote:
| We had a fun merry go round with Apples humans just copy-
| pasting policy answers and refusing to actually understand the
| issue as well.
|
| They're not quite as bad as Google in this respect, but tying
| Apple chain over your neck for slightly less abusive system is
| a pretty Stockholm syndrome thing to do as well.
|
| You can't fix this by paying corporations more money.
| natch wrote:
| You can ask Apple people to escalate to second tier support
| and beyond that if warranted they will even pull in
| engineering (not to talk to you directly but to resolve the
| issues behind the scenes). And with Apple you are talking to
| humans who also happen to be good communicators in my
| experience.
|
| If you're having trouble with Apple, it's probably you.
| izacus wrote:
| That escalation only happens with a chosen few companies
| (which I've been part of as well, but please understand,
| this is not the usual experience for most).
|
| This experience is also available with Google - "you just
| need to know someone" or be a company they care about right
| now.
| natch wrote:
| That escalation has happened with me as an individual
| developer so it's not at all only for a few chosen
| companies.
| kayodelycaon wrote:
| Apple does have human review. It's come up many times on HN
| during discussions of stupid rules.
|
| We see few posts about Apple banning people with zero recourse
| and never reversing or reviewing the decision. Given how many
| people here are critical of Apple, the low volume of posts is
| extremely telling.
|
| Google is on the front page regularly for this behavior.
| bedast wrote:
| iPhone user, not a developer - it's my understanding the review
| process and support are, generally, with humans. To the point
| that some app developers have run into human mistakes rather
| than automation mistakes.
|
| Apple is nowhere close to perfect, though. They probably have
| even more problems with control over the app store and what you
| can put on it. To make it worse, unlike android, sideloading is
| not only not supported, it can be a violation of terms.
|
| I saw the comments about developing for iOS instead and shook
| my head, to be honest. It's just as difficult to deal with,
| possibly even more frustrating when you make a simple app
| update and it gets rejected because something that was already
| in the app now violates app store policies, or you do something
| with your app that <big company> does, but you're not allowed
| to. And their explanations can be just as useless.
|
| But, at least you can get support. Which is why I switched to
| Apple for many of my devices and services. Probably the main
| exception is I don't use macOS devices (macbooks, etc).
| chinathrow wrote:
| If you work at Google in this area (and I bet some of you will),
| then please, escalate this and please, fix your systems - as this
| is clearly something which destroys peoples lifes.
| belter wrote:
| You don't get the 500K for your coding skills. Sounds like it's
| to soothe your conscience...
| techaddict009 wrote:
| Same happened with me once. And till date couldnt find out the
| association and what wrong we did or the association who they say
| we are associated with!
| rootusrootus wrote:
| How long until working for Google has the same stigma as working
| for Facebook? Doing it for the money while la-la-la plugging your
| ears about what you're creating. It already seems like the
| aspirational aspect of wanting to join Google has mostly been
| replaced by the greedy desire for FAANG money.
| anaccountexists wrote:
| Before saying anything else: I'm sorry OP. This is miserable to
| deal with and I know you're probably very upset right now.
|
| On the other hand- at every company I've worked at, this is why
| there's clear onboarding and off boarding policies. Yes- if you
| have someone on your developer account violating terms of
| service, they'll shut down the account. No, it doesn't matter
| that it wasn't _you_ personally.
|
| To put this differently: if you had a bank account shared between
| your developers, and someone who left the company started using
| it for money laundering, the entire account would be shut down
| and you would not be getting that money back. In fact, you might
| even be investigated by authorities for money laundering since it
| ran through your account.
|
| As someone who works in FinTech, we deal with _tons_ of people
| just trying to steal / defraud others on a daily basis, and
| we're required but governments across the world to be on the
| lookout for people doing "fraudy" things and terminate their
| accounts ASAP. If we just said "oh, it's fine, you're not in
| trouble because your (insert X relative here) was the bad person,
| not you," then social engineering fraud would be rampant
| everywhere.
|
| To me, the Google situation is identical to the bank situation.
| There's not a good way to prove the bad account shouldn't be
| associated with your Play store account. This is why you have to
| be diligent about who has access to these things.
| kuu wrote:
| The main difference is that with your bank, in case you get
| locked out, you can call them or even go to a physical office
| where they'll attend you, and you, maybe, are able to fix this
| false positive case, even if from detection point of view is a
| justified one.
|
| For Google, good luck if you get in contact with a person.
| anaccountexists wrote:
| Maybe we work with different banks, but in my experience it's
| more of a "1 strike you're out" type of thing if they detect
| illegal activity and to me that feels like what happened
| here. I get what you're saying though.
|
| Fraud is hard. If you don't crack down enough, you get in
| trouble with the government, many legitimate account users,
| and companies working with you. If you crack down too hard,
| you might mess up people's lives who did nothing wrong. Even
| with an appeals process- its rare to get everything right. I
| think the reason we had about it with big tech so much is
| because their userbase is so large, so even with a low false
| positive rate, you'll see high numbers of people getting
| flagged.
| freedomben wrote:
| Unless your bank account balance is at least $50,000, I doubt
| the bank will do anything about it besides have a manager
| tell you "I'm sorry there's nothing we can do" which is
| little better than an automated email.
| jhgb wrote:
| That may very well depend on how regulated the banking
| industry is in your country.
| nightpool wrote:
| You're right. In less regulated countries, they may be
| more lenient. But in countries with strong anti-fraud and
| anti-moneylaundering regulations, banks often will take
| the most risk-adverse course, which is to terminate
| accounts for very little reason and at the slightest hint
| of bad behavior.
|
| I'm not against government regulation of these sorts of
| decisions, but to pretend that the regulations we
| _currently_ have are consumer-focused in every aspect is
| just completely burying your head in the sand. Read
| https://bam.kalzumeus.com/archive/moving-money-
| international..., and especially the "Tiniest bit of
| personal opinion" section for a clearer explanation of
| the problems with the way banking regulation currently
| works.
| jhgb wrote:
| In more regulated countries, the state limits what banks
| can do to their customers. In the EU that means a legal
| right to a basic bank account, among other things, so
| "terminating accounts for very little reason" is not
| going to happen.
| hbn wrote:
| > if you had a bank account shared between your developers, and
| someone who left the company started using it for money
| laundering, the entire account would be shut down and you would
| not be getting that money back. In fact, you might even be
| investigated by authorities for money laundering since it ran
| through your account.
|
| I don't see how that analogy applies here. It would be more
| like if someone who had access to the shared bank account was
| using their own personal bank account for money laundering.
|
| The developer wasn't breaking ToS on the company account, it
| was their own personal developer account. Quote from the reddit
| post:
|
| > Our company used to have several employees with access to the
| business's Play Console, and one of them recently had done
| something wrong with "his own personal" Google Play Developer
| account.
| anaccountexists wrote:
| My impression from the article is that they were still linked
| (directly) to the company's developer account.
|
| If that's wrong, and they were removed, then you're
| completely right and everything I said is very wrong.
| nightpool wrote:
| Yes, but if you read closely, you'll find that OP never
| actually said that employee "H" was removed from their Google
| Play account. Instead, they say that "H [had] all permissions
| removed except on one game which we were still using H.'s
| consultation on - The app was unpublished later on". So H was
| still associated with the company's developer account as part
| of the unpublished game.
| ElFitz wrote:
| And so what? Did H violate any rules on that specific game?
|
| If you have an employee doing stupid things on their own
| personal account on their own personal time, should your
| company's Google Play developer account also be terminated?
|
| This is one of the many reasons I personally stay as far as
| possible from anything to do with Google.
|
| What's next? Loosing access to all our company's emails and
| personal photos because someone former employee's twice-
| removed cousin decided to try their hands at phishing?
|
| Sounds like a joke, but if even Google employees' families
| can permanently lose access to their Google account without
| any recourse[^1], who's safe?
|
| [1]: https://news.ycombinator.com/item?id=24965432
| Aeolun wrote:
| Yes? That kind of makes sense if they are still working on
| something for the company right? Just because they have a
| side job as a fraud doesn't make their day job any less
| legal.
| freedomben wrote:
| Yes good point. A better analogy would be that an employee
| you had a few years ago who left the company, started using
| their personal account for money laundering a few years
| later, and the bank confiscated/closed the business account,
| plus their parent's account because dad co-signed on a minor
| bank account for the person 20 years ago.
| himinlomax wrote:
| You have misunderstood the issue,
| CPLX wrote:
| In this scenario you would have access to due process. There
| are very specific rules when banks make decisions about credit
| worthiness, and for the part involving authorities you'd have
| access to a well developed legal system where you have rights.
| anaccountexists wrote:
| Credit worthiness, yes, though that's typically at approval
| time and not later on.
|
| Risk bans or bans for suspicious / illegal activity? Totally
| different story (see the stories of Stripe / PayPal / etc
| shutting down accounts). The government (at least in the US)
| will punish banks pretty hard if they _don't_ crack down on
| fraud hard, so banks tend to lean more towards over
| enforcement.
| Aeolun wrote:
| Stripe and Paypal are not banks, last I saw. Which is
| exactly the reason they have to be so careful. They don't
| have to adhere to the same rules as banks, but they don't
| have the same protections either.
| CPLX wrote:
| Indeed. Stripe and PayPal are tech companies that are part
| of the problem this post is discussing.
| pfortuny wrote:
| " we're required but governments across the world to be on the
| lookout for people doing "fraudy" things and terminate their
| accounts ASAP."
|
| And that is the difference. Google is not the Govmnt and there
| is no legislation supporting them (except their probably murky
| and possibly ilegal TOS -ilegal because of lack of human
| oversight).
| onion2k wrote:
| _if you had a bank account shared between your developers, and
| someone who left the company started using it for money
| laundering, the entire account would be shut down and you would
| not be getting that money back_
|
| This is more like giving someone a credit card associated with
| your business account, them leaving, and three years later your
| business account is closed because they committed a fraud using
| their personal bank account.
| GordonS wrote:
| This is a bad take - the person who violated ToS hadn't worked
| at the OP's company for 3 years!
|
| In addition, it hardly seems relevant that a ToS violation from
| an employee's _personal_ account should result in effectively
| destroying a business.
|
| Something really has to change with how Google handles this
| kind of thing. At the _very least_ they need to have a working
| appeals process handled by _people_.
| anaccountexists wrote:
| That's exactly my point though. If they hadn't worked there
| in 3 years, why were they still associated with the developer
| account in the first place?
|
| There's a couple of ways (that are best practices for any
| company) to avoid this problem: - Have separate Google
| accounts for work / personal use - Remove old employees from
| the developer account when terminated
| mijoharas wrote:
| I think that's actually the issue. There was no current
| association with the companies account anymore.
|
| Having separate google accounts for work and personal use
| does not actually solve this, since google has an algorithm
| to figure out if the accounts are used by the same
| person.[0][1]
|
| [0] https://news.ycombinator.com/item?id=30855682
|
| [1] https://news.ycombinator.com/item?id=30855659
| nightpool wrote:
| OP never said that "there was no current association with
| the companies account". In fact, they say explicitly that
| there _was_ an association, because H still had
| permissions on an (unpublished) game that was part of
| their Play Store account.
| vmception wrote:
| The bank would give you your money and tell you to bank
| somewhere else, the government would consider confiscating the
| money
|
| Major difference
| cptskippy wrote:
| But would each employee working at a company found to be money
| laundering have their personal accounts shut down?
|
| Google goes out of their way to associate people's accounts and
| identities. Even if you have work and personal Google Accounts,
| you should assume that Google knows they're the same person.
| For example, Google wants you to login to their Youtube App on
| Roku. If you choose not to but have it open at the same time
| someone opens Youtube on their phone, the two communicate and
| you'll get prompted to login. Even if you choose not to login,
| the two apps share information and cross pollinate watch
| histories and suggestions.
|
| Google also makes it difficult/costly to properly lock down
| their development tools. You can't for example lock down your
| developer console or cloud account to accounts with specific
| domains. You also can't take ownership of your domain outside
| of a Workplaces Subscription in the same way you can with
| Apple's ABM tool.
|
| At the same time Google requires you to consolidate all of your
| company assets into one basket. You can't have different
| developer consoles so an employee or contractor working on
| Project X might have access to aspects of Project Y because the
| console permissions aren't granular enough. So there's no
| plausible deniability for Project Y when a Bad Actor working on
| Project X is identified.
|
| You can't even insulate projects on Google's tools as there is
| a 1:1 relationship between their Play Console, Cloud Console,
| and a singular Cloud Project. So again absolutely no plausible
| deniability.
|
| What you end up with is a situation where if a user does
| something Google doesn't like, Google decides how large of a
| net to cast over that user's network graph when bringing down
| the ban hammer.
| nerdawson wrote:
| I may have misinterpreted the explanation given in the post. It
| sounded to me like a developer they'd employed violated the TOS
| on their personal Google dev account. Google then recognised a
| connection between the dev and another Google account belonging
| to a company and opted to suspend that as well.
|
| To use your example, that would be like an employee getting
| their bank account frozen for something they'd done in their
| personal life, and then the company having their bank frozen
| too for depositing money into the employee's account.
| anaccountexists wrote:
| I'd liken the latter to having a company credit card account.
| Regardless, in the bank case there's a high chance adjacent /
| connected accounts would be frozen (at least for a time)
| because money laundering tends to happen in rings.
|
| I see your point, though.
| Semaphor wrote:
| > I'd liken the latter to having a company credit card
| account.
|
| No, having had a company credit card account 3 years ago.
| Unless I'm misunderstanding something, the employee had no
| more relationship to the company for some time.
| AtNightWeCode wrote:
| I hate Google Play. I have been insulted in public chats by
| Google staff insinuating that I tried to go around Google Play
| rules when fact is that I have tried to solve the demands Google
| Play puts in the first place when they removed the apps.
|
| Good luck fighting this as a small company.
| betwixthewires wrote:
| Suppose you were to make an f-droid like client without a source
| code requirement. A way for people to host their own proprietary
| applications, and a client app that can manage repositories the
| way f-droid does. How would you:
|
| - make applications/repositories discoverable without running a
| service,
|
| - allow developers to handle billing for paid apps themselves,
| again, no service,
|
| - have client side malware protection without playing a cat and
| mouse game,
|
| - prevent discoverability of pirate repositories without running
| a service?
|
| If these problems can be solved (or others I didn't think of,
| maybe you did?) you can basically get rid of monopoly curation of
| available applications on android (or anywhere for that matter).
| cao_wang wrote:
| Windows 11 Mobile phone with its native support for Android apps
| can counter the monopoly of big G. Will Microsoft come to our
| rescue?
| ranjitcool1 wrote:
| renewiltord wrote:
| Ah, interesting. I wonder if this means you can't have your
| @company.com logged in at the same Chrome installation as your
| @personal.com.
|
| So the only safe way is for companies to say you have to have a
| separate browser for @company.com?
| leros wrote:
| My website just got blacklisted from Google because a non-
| existent URL got flagged for social engineering. I'm still trying
| to figure what to do.
| belter wrote:
| Escalating to Google 2nd level support, ( a.k.a.: Hacker News )
| is a starting point.
| leros wrote:
| We'll see. I "resolved" the issues and requested a site
| review a few days ago. I have very low expectations.
| MrVitaliy wrote:
| What a time to be alive. Some people spend considerable amount
| of time and money to delist themselves from google, yet others
| get it with 0 effort.
| sccxy wrote:
| Always use different accounts for every Google Service.
|
| One "bad" Youtube comment can ban your Gmail account.
| belter wrote:
| Or they will use your IP, say it was from the same device, or
| different IP same geo location...be afraid...be very afraid.
|
| "...Youtube Account Suspended" - "...All i do is watch videos
| and subscribe to my favorite youtube channels while sitting on
| the toilet!... I have no idea what to do."
|
| https://support.google.com/youtube/thread/21108892/youtube-a...
| andrekandre wrote:
| "I am not a Google or YouTube employee - Product Experts are
| volunteers"
|
| wow, i must live under a rock, but is this how google does
| "support"... by volunteers?
| faggot wrote:
| boredumb wrote:
| The discussion of "ethics" in ML tend to revolve around race and
| sex in order for large organizations to pretend they have some
| moral high ground when their models are being used to ruin
| peoples lives and enable billion dollar companies to not hire and
| manage non technical employees to make human decisions involving
| human problems. These people _are_ evil and their code and models
| are being used for destructive purposes, and so we are forced to
| read about their "ethics" applied to some obscure race, sex or
| "toxicity" problems as a way to cope with themselves. Banning
| someone on youtube for being racist is objectively less good than
| banning a team of people from pursuing their livelihoods, but
| focusing on the prior is a great way to distract from the fact
| that with a revenue over $50,000,000,000 they can't hire a small
| fleet of people to handle customer and partner relations. If it
| makes you feel better though, you don't have to see opinions on
| the internet that google data scientists deem toxic as often.
| whymauri wrote:
| Once again, the resolution of this problem will come down to
| either the OP knowing a Google employee or a Google employee
| happening to see this and feeling pity. For the vast majority of
| people who deal with Google support and don't have access to
| Google employees how many of us on HN do, when the hammer
| strikes: they are completely out of options.
|
| I have such little trust in Google's automation for banning
| accounts that I don't even bother commenting on Youtube or
| uploading videos anymore. Who know when some innocuous footage
| that I have will trigger a cascade of copyright strikes and ban
| my personal GMail? It's like walking around glass.
| dandare wrote:
| I don't understand why the fear of being sued is not preventing
| Google (and other big players) from misusing their position
| like this. Is it impossible to sue Google?
| lkxijlewlf wrote:
| Google is worth 1.8 TRILLION dollars. How much would you have
| to sue them for before they start to give a shit?
|
| 1.8T is an unimaginable amount of money.
| barneygale wrote:
| Their wealth and power rivals many states, yet they act
| with a level of impunity that most dictatorships will never
| attain. We can and should break Google and others up into
| many smaller companies. They'll be less efficient that way,
| but efficiency is not in itself a goal.
| ArnoVW wrote:
| They have in house council coming out their ears, that know
| the relevant contracts, regulation and precedents by heart,
| and whose day job it is to manage these issues. They have the
| budget to delay / protract things indefinitely.
|
| You are paying hundreds of dollars per hour to someone who is
| discovering your issue.
|
| It's possible,sure. But how do you think that's going to play
| out?
|
| Unless you lost kin, or a 5 million dollar inheritence due to
| your issue with Google, you're going to find a way to live
| with it.
| throwawayffffas wrote:
| The aim of the lawsuit threat, would not be to actually sue
| but to get someone to reinstate your account.
|
| The whole idea is that you get a lawyer to be taken
| seriously instead of been dismissed.
|
| It costs them money to have their lawyers look over a
| letter from your lawyer. It costs them nothing to ignore
| your emails. It also separates you from most scammers, that
| would not get a lawyer because their position is bullshit
| but will 100% send a bunch of emails to googles support.
| bogantech wrote:
| It's possible to sue them but how deep are your pockets?
| _fat_santa wrote:
| > Is it impossible to sue Google?
|
| Theoretically no but practically yes. Even if they know they
| are in the wrong and would loose a court case, they still
| "win" by just dragging it out and making you go broke on
| legal fees.
| umanwizard wrote:
| Do you really think they'd drag out the case endlessly
| rather than just having a human spend 5 minutes looking at
| your account, verifying that it's indeed not malicious, and
| reinstating it?
| jelled wrote:
| I was able to get my Adsense account reinstated simply by
| sending Google a letter alleging they had breached our
| contractual agreement. In researching my case I found a lot
| of people who had sued Google.
|
| One of the most interesting ones was Free Range Content v
| Google[1] where a number of Adsense publishers had their
| accounts closed after Google detected invalid click activity
| on their websites. The publishers sued alleging Google
| breached the Adsense terms of service.
|
| Incredibly the Court denied Google's motion to dismiss and
| allowed the breach of contract claim to continue. Google
| settled shortly thereafter but the takeaway is that these
| terms of service contracts are not as ironclad as Google
| would like you to believe.
|
| [1]https://law.justia.com/cases/federal/district-
| courts/califor...
| a9h74j wrote:
| > the resolution of this problem will come down to either the
| OP knowing a Google employee or a Google employee happening to
| see this and feeling pity.
|
| In other words you need [transitive] "Google priviledge".
| pipeline_peak wrote:
| Sure are a lot of "innocent" accounts getting shutdown.
| kmeisthax wrote:
| Everyone here is commenting about overautomation, but this isn't
| an overautomation problem. It's a secondary sanctions problem.
| The developer isn't being banned for breaking Google's rules,
| he's being banned for having hired someone else who later broke
| those rules; and then that ban was transitively applied to their
| personal account as well.
|
| This is beyond the pale. Google should not have the power to
| decide who you are and are not allowed to hire. It both goes
| against the basic concept of a limited-liability corporation,
| _and_ harms worker rights.
| ajross wrote:
| > he's being banned for having hired someone else who later
| broke those rules
|
| FWIW: there's some reason to suspect that the "later" bit is
| being spun here. Per the timeline in the article, there were
| only 5-6 weeks between the employee being fired and Google
| taking action against the employer[1].
|
| That's pretty tight, and from an enforcement perspective is
| going to make it _extremely_ difficult to distinguish which
| entity is doing the bad things. And, frankly, given the spin
| elsewhere in the story, I 'm inclined to suspect more ambiguity
| here and not less.
|
| What's the ask here, that Google (which correctly detected the
| association between the accounts) audit the IT permissions logs
| of accounts that commit bannable offenses before taking action?
| That just doesn't seem feasible.
|
| [1] They further spin this by trying to claim that the employee
| left in 2019, but have to admit that he was still present as a
| consultant.
| nekopa wrote:
| If you are referring to this section:
|
| Mar 2019 - H. Left the company, all permissions removed
| except on one game which we were still using H.'s
| consultation on - The app was unpublished later on
|
| 04 Dec 2021 - Termination of H. (Former Employee) account
| because of multiple policy violations
|
| 26 Jan 2022 - Termination of our company account (Raya Games
| Ltd - AKA TOD Studio) without prior notices and warnings
|
| I think the 04 Dec 2021 is _Google 's_ termination of the "H"
| account.
| stonemetal12 wrote:
| By that timeline they never fully terminated the
| association with H. H went from FTE to consultant, who had
| privileges for what he was working on.
| 8note wrote:
| Google has freedom of association. If they don't want to work
| with you based on your employees, that's their prerogative.
| That's not controlling who you can hire.
|
| Really, it's a monopoly problem. You shouldn't be affected by
| whether google wants to work with you or not
| betwixthewires wrote:
| I'm not buying this line of reasoning entirely.
|
| The problem isn't that you don't have options with regard to
| hosting, email, etc (with the notable exception of google
| play store), the problem is that once you've picked your
| option it's hard to migrate out, and as a customer you have a
| right IMO, whether in the terms or not, to a good faith
| effort on the part of the service vendor to sort our any
| problems you encounter with the service. If a robot just
| shuts you down no notice and there's nobody to reach to sort
| it out that's a negligent business practice and I believe any
| vendor of any service that operates this way is liable.
|
| If they want to offer migration tooling, notice and access to
| your data I can see it being alright. A pain in the ass, but
| at least not the end of your business one morning while
| making coffee.
|
| As far as google play goes, I think there's the monopoly
| aspect to work on and hopefully legislation brings a
| resolution to this problem, like offering independent
| repositories as a default option or something like that, til
| that time though, do not rely on it entirely. If you have to
| open source it and put it on f-droid, maintain an aptoide
| repo, apk download on your site and market that heavier than
| your google play account, whatever you have to do, just do
| not rely primarily on the play store because you're basically
| giving google the keys to your kingdom.
| ipaddr wrote:
| Pick a provider with that option. Building a business on
| top of a business that can shut you without recourse is
| risky.
| [deleted]
| tempnow987 wrote:
| Google is dealing with a very real problem. There are bad
| actors, particularly internationally, who systematically and at
| scale try to subvert / cheat. This includes multiple accounts,
| and businesses that hire folks who try to cheat the system.
| Google almost certainly has statistics supporting the increased
| risk of working with developers / businesses that hire folks
| who break various rules. Certainly there are false positives as
| well.
|
| A lot of folks are offended by $100 / year developer fees. If
| Apple et al charged $10,000 to get going as a developer, they
| would probably be better positioned to deal with all this less
| automatically. In fact, game dev historically might have
| followed a bit of this model (xbox etc).
|
| Anyways, my own thought, there should be a pathway to a $5,000
| fee where you get a higher level of human interaction.
| TuringNYC wrote:
| >> Google is dealing with a very real problem. There are bad
| actors, particularly internationally, who systematically and
| at scale try to subvert / cheat.
|
| I really dislike this explanation because there are so many
| obvious things they can do. Example:
|
| 1. Force uploads of Passport/ID for identity confirmation. If
| you have 100 accounts with the same passport...ok...issue,
| but if not, is it worth human review at least?
|
| 2. Force credit card payment with address verification,
| ideally match to passport. Same credit card used across 1000
| accounts...ok...issue, but if not, perhaps worth a review at
| least?
|
| 3. Still an issue? Force user to pay $100 for verification
| and run credit check routine.
|
| The idea that blanket account terminations are the only way
| to handle issues seem lazy.
| saulrh wrote:
| The solutions you suggest would prompt more outrage than
| anything Google does in this space today.
| 8note wrote:
| Those are still secondary sanctions.
|
| Op wants to be able to hire somebody with a history of
| abuse without google enforcing them
| solveit wrote:
| OP wants to be able to hire somebody with a _future_ of
| abuse because they 're not psychic...
| RexM wrote:
| > there should be a pathway to a $5,000 fee where you get a
| higher level of human interaction
|
| That sounds like extortion...
|
| "We're going to ban your account because we want to, unless
| of course you pay us $5,000 so you can talk to a human to
| resolve this issue."
| andybak wrote:
| I agree but it would actually be better than the status
| quo.
|
| Would you rather have a neighbourhood mafioso who is
| amenable to financial incentives or a local random
| psychopath?
| jessaustin wrote:
| Google love the extortion business model.
|
| "Bid more than your competitor on AdWords for the _literal
| name_ of your business or else they 'll get the customers
| who intended to do business with you."
| tempnow987 wrote:
| Some users like being made aware of competitors to
| businesses. In new SAAS app areas, I'm sure the top 3
| results will all be competitions to the business I'm
| looking for. Works reasonably well.
|
| You would think something like this would increase
| competition between businesses (competitors surfaced
| immediately for users). Instead I guess this is seen by a
| bad thing - though it's not been clear to me recently
| that the FTC is looking out for users, they seem to have
| gone BIG into protecting businesses for some reason.
| tempnow987 wrote:
| This type of setup is routine in most real businesses.
|
| If you want to talk to a tech company engineer for bug
| fixes, you pay for that level of service.
|
| There is something a bit almost scammy about all these
| "businesses" demanding white glove custom treatment, but
| complaining loudly about even being asked to pay a one time
| $25 fee to get on platform.
|
| It used to be to deploy to a platform / get SDKs for the
| platform the costs were FAR higher.
|
| There are something like 5M+ android developers. If you
| want to support this developer pool with 2-3 hours of work
| per developer per year, you are looking at 15M hours of
| work per year. And these people also become a risk - they
| can be socially engineered, they can be paid off etc. We've
| seen this over and over again.
|
| If you look at phone co employees who are supposed to
| protect you from sim swap attacks etc, they have a large
| number of employees, so service is "good", but security?
| Not so much.
|
| What you are proposing is that google should offer a human
| service in a very adversarial and tricky area (ie, your own
| staff may be working against you) and that asking to get
| paid for that is "extortion" that would result in jail
| time. This is perhaps why they don't even offer a way to
| pay (a lot) for a very careful high level review. Folks
| like you would demand jail time for them. Instead we are
| stuck with automation.
| bryans wrote:
| Even if Google were paying support engineers $100/hr, in what
| universe is the average developer going to need 50 hours of
| support per year? In reality, it's at most averaging to 2
| hours, and typically only in situations where Google messed
| up and should really be fixing it for free anyway, because it
| was their mistake. So, at most, it would be a labor cost of
| $300/yr including benefits and taxes, and more realistically
| that number is much closer to $100/yr.
|
| And that's pretending they don't already make obscenely high
| profits per developer, and can absolutely afford to provide
| the necessary support for these situations, which again, are
| largely their mistakes to begin with.
| tempnow987 wrote:
| They charge a one time fee of $25 to get a developer
| account. They provide full SDK / tooling and other
| resources for that $25 fee.
|
| I don't know what universe android app developers are
| living in, this is basically "free" for most significant
| businesses.
|
| For that $25, you are NOT going to get white glove support
| / treatment. Not happening.
| xnx wrote:
| Exactly. I don't think people appreciate how actively all of
| Google's policies are being attacked and attempted to be
| circumvented. I'm very suspicious of any developer that
| claims total innocence.
| shadowgovt wrote:
| It's both (over-automation and secondary sanctions).
|
| The secondary sanctions exist because it's near-trivial to
| automatically create dozens of proxy accounts for a bad actor
| to launder reputation through. So in addition to direct fraud
| detection, Google has had to automate secondary "Is this
| account probably the same bad actor" detection.
|
| That system, like any such system (including human review), has
| false-positivies where two accounts are believed to be the same
| owner when they are not. But the automation-with-insufficient-
| human-review problem is specifically Google's mistake, and
| there's room for improvement.
| spookthesunset wrote:
| As somebody whose worked in the large scale anti-fraud
| area... I always make sure my team knows that the real people
| who fall through the cracks matter big time.
|
| Anti-fraud is a tough space because you can never be 100%
| sure which actors are legit and which are scammers... after
| all if you knew who the scammers actually were you'd have
| blocked them all ready.
|
| I always make sure there is some kind of escape hatch for
| legit users who get caught in our system. These escape
| hatches might not be super awesome for real users, especially
| if they fell into a bucket that strongly labels them as
| scammers, but at least they have an out.
| ceejayoz wrote:
| > Google should not have the power to decide who you are and
| are not allowed to hire.
|
| Especially not _retroactively_.
|
| "Your former employee broke the rules at their _next_ job, so
| you 're banned" is just bizarre.
| miohtama wrote:
| GDPR Article 22
|
| > The data subject shall have the right not to be subject to a
| decision based solely on automated processing, including
| profiling, which produces legal effects concerning him or her
| or similarly significantly affects him or her.
|
| > In the cases referred to in points (a) and (c) of paragraph
| 2, the data controller shall implement suitable measures to
| safeguard the data subject's rights and freedoms and legitimate
| interests, at least the right to obtain human intervention on
| the part of the controller, to express his or her point of view
| and to contest the decision.
|
| https://gdpr-info.eu/art-22-gdpr/
| zo1 wrote:
| Cool sounds like this guy can open a police case, a detective
| or police person looks into it, finds "yeah, sure enough, we
| audited Google's code and they broke rule 2c, so we'll give
| you X-million in compensation for this." And then the
| detective (because it's an open-shut case mind you) goes
| further with: Getting an extract of 12,393,333 other people
| affected by this "problem" so they issue a court order to
| charge Google 12,393,333 * X-million in damages. And then
| further also issuing a court order for Google to stop all
| operations immediately until they deactivate this automated
| process.
|
| As if that will _ever_ happen. We don 't live in a world of
| rules and logic until things play out as simply as above.
| KarlKemp wrote:
| GDPR Art. 4:
|
| ,, personal data' means any information relating to an
| identified or identifiable natural person ('data subject')".
|
| This is a business, not a natural person.
| tremon wrote:
| > and that ban was transitively applied to their personal
| account as well
| [deleted]
| lmkg wrote:
| Data can be both, in which case GDPR right still apply.
| Several GDPR fines have been handed down for processing
| business data about a person. Especially (but not only)
| data about sole proprietors/solo traders.
| KarlKemp wrote:
| Got a link? Because while I don't doubt the logic, it
| just seems too esoteric to be an actual "issue" that
| people know about. Plus, I can't find anything.
| splonk wrote:
| The timeline makes me wonder if the personal account ban
| triggered an audit of their previous actions and found similar
| activity from when they were an employee.
| whoknew1122 wrote:
| I can feel the downvotes coming deep in my bones.
|
| But Google has its own reputation (and users) to protect. It's
| taking a risk whenever it allows a developer on its platform.
| If a developer with low name recognition uploads malicious
| software, it's not the developer's name that makes the
| headline.
|
| Crucially, there's no information on what the employee (and
| later contractor) 'H.' did to get themselves banned. Or fired.
| From the OP's own timeline, the ban came less than two months
| after they severed their relationship with 'H.' Google isn't
| swinging around the ban hammer years after the OP separated
| with 'H.'
|
| The OP's games could still include code contributed by 'H.' And
| 'H.' is apparently untrustworthy. Is that a risk Google should
| be forced to take as the curator of the Google Play store? I
| don't think so.
| jonathankoren wrote:
| There's a difference between banning an app and banning an
| account.
| whoknew1122 wrote:
| Are you suggesting that Google ban all current apps in
| their account? Google has no idea which apps 'H.'
| contributed to. Or whether 'H.' still has a relationship
| with Raya Games.
|
| If 'H.' is a malicious developer, then all apps that were
| extant while 'H.' was associated with Raya should be
| considered suspect. Google (and its user base) have no idea
| what apps 'H.' touched. The very least Google should do is
| ban all apps uploaded and/or updated during 'H.'s
| employment.
|
| And even then Google has no way to know whether 'H.' still
| works at the company, or will work again there in the
| future. Google doesn't (and can't reasonably) have any
| insight into personnel decisions at Raya Games.
|
| Is Google throwing the baby out with the bathwater? Yeah,
| probably. But Google can't differentiate between baby and
| bathwater when it comes to malicious developers. Google has
| an affirmative responsibility to protect its userbase. It
| doesn't have an affirmative responsibility to let any
| individual publisher sell apps on the Google Play store.
| kmeisthax wrote:
| I get what you're saying, but if 'H.' did something bad,
| Google should be telling companies that hired him to check
| their source code for malware. They shouldn't be accusing his
| former employer of being a shell company for 'H.' to continue
| doing bad things.
| spookthesunset wrote:
| Yes all large websites that provide financial incentives to
| run scams on them have this problem. Whenever there are $$$
| to be made at scale the scammers will work very hard to get
| their cut.
|
| The problem lies in the people who implement these anti-fraud
| measures forgetting that not every account their system flags
| is actually a scammer. The goal should always be to fuck over
| the scammer as hard as possible. However you must always make
| sure the real humans that get caught in the net can always
| get out of jail.
|
| Assuming that the 1% of real humans that get flagged in your
| system don't matter is how you piss people off. Always
| provide ways to get real people out of jail! Those people are
| honest people doing the right things. They are the ones you
| are trying to protect!
| rmbyrro wrote:
| Agree with everything.
|
| Just clarifying that the concept of a limited liability company
| has nothing to do with this. It is about not having company
| liabilities (e.g. debt) reaching stockholders (e.g. banks
| seizing your personal car and house to pay for your business
| defaulted debt).
| Closi wrote:
| > Everyone here is commenting about overautomation, but this
| isn't an overautomation problem. It's a secondary sanctions
| problem.
|
| It's both. When you work with tech companies this kind of
| overautomation is rife. When you work with any other type of
| business they give you an account manager and you manage these
| issues openly together with a relationship. If there was a
| human at Google who picked up the phone and worked out the
| problem with the developers before this ban was imposed, this
| could have all been nipped-in-the-bud before an account was
| terminated.
|
| My current account doesn't have much money in it, but my bank
| would call me if there is an issue which would terminate my
| account, and I'm confident that they would work with me to
| offer up solutions rather than instantly terminate it. Google
| should provide developers more respect than my bank offers
| average consumers.
|
| There is no excuse for them not picking up the phone and just
| talking these things through before they implement the bans
| (unless there is active malicious behaviour in an app, in which
| case I would expect a suspension to happen and be followed up
| with a phone call straight away).
| commandlinefan wrote:
| > this kind of overautomation is rife
|
| I've never worked with or for Google, but having worked for
| software companies my whole life, I suspect that it's
| overautomation, combined with "silo-ing". Even if somebody
| identifies the problem from the user's perspective, it
| becomes a rats nest of responsibilities to untangle to figure
| out who or what group(s) _can_ address it and how. The people
| who actually understand how a particular component works and
| can change it are limited to their particular component and
| the people who are nominally in charge of "everything" have
| no detailed visibility into anything at all.
| notreallyserio wrote:
| There's also folks that justify their behavior and choices
| based on the size of their paychecks. As long as they get
| big numbers it doesn't matter if others lose their
| livelihoods arbitrarily and without recourse.
| ocdtrekkie wrote:
| Google is much more profitable than your bank, and this is
| why. The reason tech companies sit all at the top of most
| valuable companies is essentially because they've automated
| away a ton of tasks which normally require hiring a lot of
| employees.
|
| The only way to fix this is to legally require it, because
| nobody's going to stop the profit train by themselves.
| JacobThreeThree wrote:
| >because they've automated away a ton of tasks which
| normally require hiring a lot of employees
|
| Or they've simply removed those tasks under the rubric of
| automation.
| neilv wrote:
| > _The only way to fix this is to legally require it,
| because nobody 's going to stop the profit train by
| themselves._
|
| I don't know what Google's rates of customer service
| failures actually are, but even a minuscule of rate of
| horror stories seems to hurt brand, judging from HN
| comments.
|
| I wonder whether fixing half of, say, 0.00000001% of cases
| that would otherwise be PR horror stories, could translate
| into measurable boost to brand value.
|
| Maybe all the math has already been done, and all possible
| wins for creative automation motivated by business payoff
| (and promo bids) have already been achieved, or maybe not.
| Majromax wrote:
| > Maybe all the math has already been done,
|
| I doubt it. Brand value is a notoriously fuzzy concept,
| and corporate decision-making features a heavy
| measurement bias. A toxic brand might be measurable by
| the time it's influencing enough purchaser decisions to
| show up on "would you consider?" surveys, but that's an
| advanced stage of the problem.
| CPLX wrote:
| > Google is much more profitable than your bank, and this
| is why.
|
| That's not correct. Google is more profitable because it is
| a monopoly and routinely engages in illegal anti-
| competitive behavior.
|
| It's _precisely_ because this is the case that it 's able
| to have nonexistent customer service and stay in business.
| ikiris wrote:
| Ahh yes, Google the bastion of unethical business
| practices in comparison to.... _checks notes_ banks....
| CPLX wrote:
| In both cases the organizations would eventually descend
| into using the skin of newborn infants for making snack
| food if they thought it would make them an extra dollar.
|
| Which is why both need aggressive regulation.
| jessaustin wrote:
| They're not as evil as e.g. Goldman Sachs, but they're
| significantly more evil than several local banks that I
| actually use.
| pyrale wrote:
| Well, yeah. Bankers would go to jail [1] for the kind of
| market manipulation google does on ad markets [2]. The
| realization may not have dawned on our industry yet, but
| the abuses big tech is currently into are the kind that
| gave banks their reputation, and also their regulation.
|
| [1] e.g.: https://www.bbc.com/news/business-36737666
|
| [2] among others:
| https://www.forbes.com/sites/enriquedans/2021/01/19/jedi-
| blu...
| AniseAbyss wrote:
| And even if they have a human customer department that you
| are able to track down it's just some student at a
| callcenter.
| Tozen wrote:
| Good points.
| marcosdumay wrote:
| Guilt by association is the kind of thing people create when
| they want to terrorize a population for control. It not
| existing is a basic human right.
|
| What we are seeing is a monopolist abusing its power by
| directly harming somebody and the civil society refusing to
| acknowledge any harm. And it's doing so by the most visible
| power demonstration it can.
| TuringNYC wrote:
| I had a scare last year where Google supposedly gave me 30 days
| before they would shut off my Google account of 20yrs. Family
| photos, youtube videos, 20yrs of email, not to mention the
| treasure trove of personal documents on GDrive. It took two
| weeks to duplicate the content and back it up elsewhere. This
| is a paid tier Google account and I've yet to get an
| explanation on why this happened. It appears to be because of
| an "associated" (whatever that means) Google Business account
| for a startup where I worked where they shut off my GSuite
| account after I resigned, but customer service couldnt provide
| a real explanation why it would also terminate my personal
| Google account. The automated websites where you upload photo
| ID to prove identity didnt work and didnt give an absolute
| confirm/reject...so i slept uneasily for almost a month knowing
| that my 20yr account might disappear.
|
| Ultimately it did not disappear in 30 days. Was it because I
| upload passport photos? Not sure. Because I spoke to customer
| service? Not sure. Because the original shutdown notice was a
| mistake? Not sure. The lack of clarity made it worse.
|
| I've heard stories about people losing personal accounts like
| this due to GCloud usage. At work, where I'm CTO, I have open
| access +MSAs to the three major cloud providers -- BUT I am
| very hesitant to use anything but AWS/Azure. The risk of
| something going wrong with GCloud and that metastasizing to my
| (or anyone's on the team) personal Google account (or vice
| versa) is huge and just not worth the risk.
| nabeards wrote:
| Did you actually leave Google then? It's not clear from your
| story, and it would be a shame that you decided to stay on
| such a hostile platform.
| TuringNYC wrote:
| For my personal accounts, I've stayed but now I have
| backups of everything elsewhere. I'm also now double-
| replicating everything across other providers. The value
| add having everything so beautifully in my Google account
| is enticing, so I continue to have that as my primary
| personal account.
|
| For my _corporate accounts_ there is _NO WAY_ i 'd use GCP.
| I have the privilege of MSAs with all three major cloud
| providers and we're doing most things with AWS. So on the
| corporate front, I didn't leave because I just didn't enter
| in the first place.
| _jal wrote:
| The old rules still apply: if you don't control the computer,
| you don't control the data on it.
|
| In a way, this is sort of a digital-era generalization of
| "freedom of the press belongs to those who own one."
| anoojb wrote:
| Is this an issue with all cloud providers? Or just large ones
| like Google, Amazon, Microsoft?
|
| I'm currently thinking of migrating from Google for
| productivity to Office 365. Wondering if I'm just re-branding
| the risk of my counterparty.
| TuringNYC wrote:
| >>> Is this an issue with all cloud providers? Or just
| large ones like Google, Amazon, Microsoft? >>> I'm
| currently thinking of migrating from Google for
| productivity to Office 365. Wondering if I'm just re-
| branding the risk of my counterparty.
|
| With AWS/Azure, you typically wouldnt have extensive
| personal data with them, so you dont have the risk of work
| and personal accounts colliding. I dont know _anyone_ with
| personal emails /accounts/photos on the Microsoft
| ecosystem. With Amazon, whats the worst that can happen?
| You lose your connected Amazon purchasing account, doesnt
| seem terrible.
|
| With Google you often have email/documents/photos with
| them. If you have an Android phone, you have almost
| everything with them.
| throwuxiytayq wrote:
| After reading so many posts like this, I decided to bite the
| bullet and start moving off-Google. Funny thing is,
| ProtonMail and Obsidian are much better than Gmail and Keep
| anyway.
|
| I'm still forced to use Google stuff here and there but I'm
| no longer dependant on them, and _coincidentally_ I 've been
| sleeping much better recently.
| reincarnate0x14 wrote:
| Protonmail specifically seems to have strange problems with
| some old and busted email systems, ex: I've seen several
| government ministries in Taiwan (roc) that for some reason
| can not send email to protonmail or domains MXed there and
| no one has been able to explain it to me.
| bragr wrote:
| Protonmail seems to routinely get flagged by fraud, spam,
| and security systems. You emails are probably getting
| eaten by a security appliance before it even reaches the
| government exchange server or whatever.
| brightball wrote:
| I'm happy with Proton right now too. Really just need a
| mobile app for the calendar and I'll be all set.
| triyambakam wrote:
| There is a mobile Proton calendar app.
| ornel wrote:
| I use it, but the requirement to be online in order to
| add or update entries is quite annoying
| Quigglez wrote:
| There is an Android one, but not an iOS one (at least
| last time I checked a few weeks ago)
| brightball wrote:
| Not yet for iOS from what I've seen.
|
| EDIT: Verified. Not yet for iOS.
| skrtskrt wrote:
| the editor for Google Docs is the one really good thing I
| can't get elsewhere, but I don't do that much important
| stuff in it - just like planning vacations, etc. Once I'm
| done editing something, if I want to back it up I can just
| export it elsewhere
| gigel82 wrote:
| Microsoft has a very usable online version that's free
| (with a bit of upsell here and there). Arguably more
| capable than Google Docs.
| e40 wrote:
| Out of the frying pan and into the fire. Of course, I'm
| being a little flippant, but the MS ecosystem is not
| without its problems. A colleague has 3 MS accounts for
| dealing with 3 different things (a government contract, a
| 3rd party company contract, our company account). Because
| of this, he was in hell for days because of some fubar on
| the MS side. I have (seemingly!) different MS accounts,
| for Azure development and Office 365 and I am regularly
| confused by the various MS websites.
| skrtskrt wrote:
| my friends that have one MS/Outlook account at their
| jobs, which have enterprise support reps for their big
| enterprise accounts sometimes have multi-day lockout for
| unknown reason, 2FA failure for days, absurd issues with
| timezones being inconsistent across MS services, etc.
| mbreese wrote:
| MS Azure accounts always seemed odd and overly convoluted
| to me. I had an issue with my personal Microsoft account
| where I couldn't sign up for an Azure trial (wanted to
| kick the tires on Codespaces before it moved to GitHub).
| Turned out, my account got associated to my kids' schools
| MS account because that email address was on a school
| mailing list. That was a pain (and many hours) to get
| figured out.
| cutler wrote:
| Wait until you're locked out of your Outlook.com account.
| No way back.
| Macha wrote:
| I've really pared down my Google usage with the end of
| grandfathered GAFYD accounts as the last straw, so down
| to Sheets, YouTube, and Android as my last google usage.
| YouTube has no alternative, Android has too much sunk
| cost, Sheets I'm probably going to go back to Syncthing +
| Libreoffice I guess. Office 365 is the equivalent
| alternative, but not sure I feel much better about MS's
| consumer products than I do about Google.
| iamacyborg wrote:
| What's the sunk cost with Android? Apps? It's very easy
| to switch to iPhone, I did it a year ago.
| Macha wrote:
| Apps and well the alternative to Android for me would be
| Plasma Mobile or something anyway. Many apps I use
| (Syncthing, Firefox, file manager, emulators) are
| forbidden or crippled by Apple policy.
|
| While I have a work iPhone 12 so I use both iOS and
| Android daily, I do actually prefer the Android
| ecosystem, plus iOS being locked down in terms of
| installing third party apps is a disqualifier for my
| personal device. Also bugbears like the headphone jack,
| though I might be out of luck there in Android in another
| device rotation.
| rexreed wrote:
| Just use Invidious links instead of going directly to
| YouTube (for example, yewtu.be for the same remainder of
| the URL) for viewing. If you're talking about hosting
| videos, use Vimeo. Even when people post youTube links I
| use the Invidious alternative to stop feeding Google
| data. Also invidious has embedded download capability on
| their various sites.
| Calamitous wrote:
| For Google docs I switched to using a Synology server.
| Very nearly as good (better, in some ways) and I don't
| have to worry about what Google is up to.
|
| The up-front cost and setup time is a stiff investment,
| but I'm much easier in mind now.
|
| The other side of the coin is my wife's gmail, which is
| going to be deleted come May. So... we gotta figure that
| out.
| rexreed wrote:
| What sort of collaborative editing does Synology allow?
| Is there a Nextcloud / Owncloud alternative to Docs /
| Sheets for collaborative editing?
| nybble41 wrote:
| > Is there a Nextcloud / Owncloud alternative to Docs /
| Sheets for collaborative editing?
|
| Yes, NextCloud and Owncloud both integrate with
| OnlyOffice Community Edition[0][1] which supports
| collaborative editing of text documents, spreadsheets,
| and presentations.
|
| [0] https://www.onlyoffice.com/office-for-nextcloud.aspx
|
| [1] https://www.onlyoffice.com/office-for-owncloud.aspx
| Calamitous wrote:
| Same as Google, afaict. It has a slightly better
| permissions model, imo (I can create a doc with a
| password and share the link freely, or I can give
| specific permissions per user, like Google). Same
| editing/commenting/viewing interface.
|
| My collab needs are pretty light, I only work with a few
| family and friends, but I haven't run into anything I
| wanted to do in Synology that I couldn't.
| polski-g wrote:
| DropBox has a hook into Office's editors.
| aunty_helen wrote:
| If you like markdown note taking apps and want to move
| completely from being dependent on a 3rd party, I would
| suggest Joplin.
|
| Currently I'm syncing to a s3 bucket with e2e encryption
| but of course you could sync to a server you setup yourself
| including a basic windows box.
| twojacobtwo wrote:
| Seconded on the Joplin recommend.
|
| I've been using it for a little over 3 years and it
| serves all my note-taking/storage needs, especially with
| the relatively recent addition of extensions/add-ons. I
| have had no issues syncing through either dropbox or
| Nextcloud.
| ocdtrekkie wrote:
| In my case, I moved to Fastmail... and yeah, the hilarious
| thing is people remember moving from AOL to Gmail over a
| decade ago, and think Gmail is still so much better than
| everything else.
|
| Gmail is worst-in-class at this point. It's slow, it's
| bloated, it's bad at spam filtering compared to the
| alternatives. They've been riding on people remembering
| email before Gmail, but not really actually stayed
| competitive with any modern alternative offering.
| tut-urut-utut wrote:
| That's so true. Switched to Mailfence recently. I still
| can't get used to it that whenever I click on something,
| the action gets done immediately. Its web/mobile client
| is a bit limited but crazy fast.
| mitchdoogle wrote:
| I admit I don't have a lot to compare between, but my
| company switched from Rackspace mail a couple years ago
| because of the unrelenting spam and seemingly no way to
| stop it. I suggested Google because I hardly ever see any
| spam there in my personal account, so we made the switch.
|
| The difference is night and day. I can look in the spam
| folder for my work email now and there are hundreds of
| spam messages there for the last 30 days, and absolutely
| zero false positives. I have seen a handful of spam
| messages come through, but it's in the single digits over
| the last two years.
| ipaddr wrote:
| It's the ones that never come through you need to worry
| about.
| zepearl wrote:
| I believe you, but there is still the usual dark side
| that has been mentioned maaany times here: very often
| emails sent by small/tiny email providers aren't
| delivered at all to Gmail receivers.
|
| That's often the case with one of my friends who has a
| Gmail email address: anything that I send him (once or
| twice a year) doesn't even show up in his spam list
| without first making him start an email exchange to me =>
| in my opinion that kind of filtering is just too easy to
| do (come on Google, at least put it into the spam folder
| and/or show it as a colored/blinking line and/or put some
| warnings whatever - don't just delete it), and of course
| it poses questions about oligopoly etc. How Gmail works
| is just not fair (in my opinion) :(((
| joemi wrote:
| I tried switching to Fastmail (from Gmail) 7-ish yrs ago,
| and I ended up switching back to Gmail specifically
| because the spam filtering was far worse with Fastmail.
| Is it Fastmail's spam filtering actually better now, or
| does it just seem that way when you start a new account
| because you're not getting much spam in general?
| ocdtrekkie wrote:
| So, I moved to Fastmail in 2016, and I'd say I've never
| had to get a legitimate email out of my spam folder, and
| I've never seen obvious spam hit my inbox. I do
| occasionally get the "my husband left me five mil
| overseas" type garbage, it's always spam-binned
| correctly. (Meanwhile, my Gmail account I retain in case
| someone tries to reach out to it, regularly has emoji-
| subject-filled spam and other garbage Gmail fails to
| classify, and also has a deluge of garbage spam coming
| in... at this point, Gmail is 98% spam for me?)
|
| One important point here, and I don't know how long you
| used Fastmail when you tried it, is that Fastmail uses a
| personalized spam filter. It probably took me six to
| eight months to receive enough spam on Fastmail to
| actually train it. (In the interim, they use a non-
| personalized filter, which as I said, still worked!)
| Gmail doesn't seem to be able to make personal spam
| decisions: When I was regularly using Gmail, some types
| of regular messages would spam-bin no matter how many
| times I marked them not spam or classified them as a
| particular category of mail.
| anamexis wrote:
| I switched to Fastmail (with my own domain) about a year
| ago, and haven't had any issues with spam so far.
| ydant wrote:
| Another anecdote - I switched earlier this year (prompted
| because of the ending of my grandfathered Gapps account,
| but my experiences are largely with the "standard" Gmail
| account vs. Fastmail).
|
| Spam filtering on Fastmail has been the same/better than
| Gmail was - including possibly fewer false-positives on
| the Fastmail side. Gmail was getting worse about those,
| both with mailing lists and individuals' emails.
|
| Like many on HN, I'm diversifying my data/access risk
| across more providers. Too many wake-up calls recently
| about Google locking people out. There are still some
| services Google is compellingly better enough that I
| still use them (Android, Maps, YouTube, Google Sheets),
| but Email was too precious to tie up with them. I also
| wanted to finally kick myself into stoping using the
| `gmail.com` address at all anymore (maybe 20% of my
| emails before the migration).
| Tozen wrote:
| Many people consider Gmail as consenting to spyware.
| Unfortunately, lots of people don't know any better or
| haven't bothered to take a good look at the account
| settings or Google's policies.
|
| Anybody that knows better, will avoid Gmail like the
| plague or use it for only the minimum.
| moralestapia wrote:
| Obsidian?
| ti00 wrote:
| I'm assuming they are referring to the note taking
| software: https://obsidian.md/
| throwuxiytayq wrote:
| Correct, it's pretty great and by design immune to
| Google-like rug pulls.
| moralestapia wrote:
| Nice, thanks!
| koonsolo wrote:
| So how do you know those services don't pull the same
| stunt?
|
| I use various google services, and do a monthly backup of
| everything. I guess that's a sane thing to do with any
| service, even self hosted ones.
| lolinder wrote:
| > So how do you know those services don't pull the same
| stunt?
|
| It's a questions of eggs per basket. Google wants you to
| keep _everything_ in their one basket, and the result is
| that if they arbitrarily terminate your account, you lose
| _everything_. If they give you 30 days like OP, you have
| to remember all the different places you need to download
| content from.
|
| If you split your services up, a sudden termination only
| affects a few things rather than _everything_ , and a
| forewarned termination has a much smaller surface area
| you need to consider.
| nybble41 wrote:
| > If they give you 30 days like OP, you have to remember
| all the different places you need to download content
| from.
|
| Google Takeout (takeout.google.com) should give you
| almost everything in one place. It's a good idea to do
| this periodically in case you don't get the 30-day
| notice. Be prepared to download a few dozen GB, though.
| And there is no "incremental" option.
| pyrale wrote:
| Proton, or fastmail, or any number of other mail
| providers for that matter, don't control half of the
| internet. They don't associate personal accounts with
| professional accounts, and they can't block necessary
| services at a whim.
| onemoresoop wrote:
| When they start growing close to the size of Google you
| could start worrying about this type of problem. With
| smaller players you could reach them easier if something
| happens, especially if they care about their customers.
| Ultimately nothing is guaranteed so backing up the data
| regularly is a good idea but that's not the only problem
| though, a lot of people's identity is tied to some
| services that if they stop functioning for them they're
| in a bit of a nightmare situation.
| Qub3d wrote:
| Obsidian is a self-hosted repository that ultimately
| stores everything as plaintext markdown (.md). It is 100%
| portable and by default owned by you.
|
| Protip: you can easily sync obsidian by sharing the top-
| level vault directory with syncthing. Its entirely
| transparent, you just start obsidian and open the vault,
| and changes you make on one system automatically appear
| on others.
|
| As for protonmail, its better than google -- but you're
| right in the data ownership. In the case of protonmail,
| they have a much better track record than Google, but if
| you are _really_ paranoid choose a service that supports
| SMTP /SNMP. You can then just have a mail client store
| the mail as an archive or connect it to any other mail
| system.
|
| I have mentioned my preferences before, but I'll refrain
| from turning this comment into an unpaid ad. Drew
| Devault's recommendations are pretty good though:
| https://drewdevault.com/2020/06/19/Mail-service-provider-
| rec...
| scgtrp wrote:
| I think you mean IMAP. Protonmail supports SMTP (the
| mail-sending protocol; it needs to to interoperate with
| other mail servers) but not IMAP (the client side mail-
| reading protocol).
|
| SNMP is something entirely unrelated, afaik.
| jibcage wrote:
| ProtonMail offers an "IMAP Bridge" application that keeps
| a local IMAP server running on your machine, while still
| decrypting your messages on-device.
| throwuxiytayq wrote:
| Depends on the service. For example, if proton bans me I
| can move my email to a different provider because I own
| my domain. In case of Obsidian, it's an offline app that
| uses Markdown, so I can easily migrate to a different
| note-taking software for any reason.
|
| Your backup note is on point; I highly recommend everyone
| to do a Google Takeout every few months (or at least
| years!!). If you've never done one, like most Google
| users, you're playing with fire.
| karteum wrote:
| Notice that Google Takeout is broken with regards to non-
| UTF8 email encodings (for some of you who archive old
| emails). I noticed it when coding a small tool
| https://github.com/karteum/gmvaultdb to (among other
| things) import the mbox from Takeout into an sqlite DB :
| Google performs some encoding conversions that
| permanently break all non-ascii characters in non-UTF8
| emails (they are all replaced by 0xEFBFBD). In order to
| archive old emails, I had to use mbsync with IMAP
| (gmvault does not work anymore with Python 3, and I
| didn't try yet https://github.com/GAM-team/got-your-back
| ).
| laurent92 wrote:
| If your domain registar bans you, you'll lose your email
| all the same.
|
| "GoDaddy has two major problems.
|
| First, their customer service (...).
|
| Second, if there are accusations made against you, they
| will shut you down and side with your accuser more often
| than not." https://www.warriorforum.com/main-internet-
| marketing-discuss...
| throwuxiytayq wrote:
| Fair point. I think in this case relying on a domain
| registrar or an email service is somewhat inevitable,
| though.
| dotancohen wrote:
| Customer service? For a Google account?
| TuringNYC wrote:
| Yes, they do have customer service and I did get on the
| phone with someone. I'm not sure if this is universal, or
| because I had a paid tier Google account.
|
| That said, the rep failed to provide any definitive
| guidance on issue or resolution.
| dotancohen wrote:
| Good to know, thanks.
| codegeek wrote:
| For Google Workspace (previously called GSuite), you do get
| support. Anecdotal but I recently used their live chat and
| the person was very helpful and helped me figure out a
| weird issue with a lot of patience. I would say it was a
| pleasant experience but this was the only time I needed
| them so far so you never know :)
| runnerup wrote:
| I've also reached reasonable-quality support due to being
| a paid consumer of GoogleOne, which includes phone
| support for most (all?) google consumer products.
| commandlinefan wrote:
| > Google should not have the power
|
| I can't help but notice the "they're a private company, so they
| can do whatever they want" folks that pop up whenever
| somebody's account gets banned for political views are
| strangely silent right now...
| jgod wrote:
| They were cheering it on a week or two ago when it was
| against Russians.
|
| My favorite was when they were licking their lips and
| reaching ecstasy over Parler getting deplatformed but then
| throwing a tantrum like a week later when Terraria dev got
| banned by Google.
|
| Terraria guy and this guy simply need to build their own
| Google, Gmail, Play Store, and Android, easy! ;)
| dymk wrote:
| > They were cheering it on a week or two ago when it was
| against Russians.
|
| Tired of seeing people equate war crimes to Google screwing
| over some company.
| jessaustin wrote:
| Tired of people not complaining about war crimes in
| Yemen, Libya, Somalia, Afghanistan, Iraq, etc.
| rvz wrote:
| > They were cheering it on a week or two ago when it was
| against Russians.
|
| Also celebrating that Google was _'on their side'_. Until
| they are not.
|
| > My favorite was when they were licking their lips and
| reaching ecstasy over Parler getting deplatformed but then
| throwing a tantrum like a week later when Terraria dev got
| banned by Google.
|
| That was my favorite one. Basically the chickens cheering
| on the wolves eating the other chickens that disagreed with
| them. Now the wolves are eating them as well and they are
| complaining why they are _'not on their side'_ anymore.
|
| They thought it could never happen to them. Just use the
| same 'private platform' logic towards them for everyone
| else that is getting banned after Parler and now they are
| all crying in the comments here.
|
| These companies are not on anyone's side and these bans can
| happen to anyone on their platform. They won't change.
| pyrale wrote:
| Maybe people getting banned from twitter for their political
| views is a bit different from people getting banned from
| their work means because the son of an ex-coworker abused
| youtube in some way?
| Reason077 wrote:
| I suppose the best practice solution to this is to try to keep
| company Google Play accounts as "sterile" as possible?
|
| Give access to as few employees as possible, and have all
| access to Google Play go through a designated, trusted release
| manager or "play account manager"? And don't log in to Google
| Play from random browsers and IP addresses which could create
| an association with other Google accounts?
| 3np wrote:
| Or just _don 't link personal and company accounts_. Even
| these issues aside , there are so many reasons to keep them
| separate and unrelated. That's not unique to Google but goes
| for GitHub, AWS, and whatever else.
|
| Use company e-mail addresses to register for everything.
| Enforce it for your employees. This is in the interest of
| both the company and the employee. Yes, the summer intern
| gets a corp email too, which at minimum gets access to
| internal resources beyond the OT chatroom revoked when they
| are out.
|
| (Your advise is not bad though: grant granular access as it's
| needed)
| Reason077 wrote:
| It sounds like Google have other means to establish links
| between accounts, though? An employee using their personal
| account and a company account from the same browser is
| likely to result in a "link" or association being
| established between those accounts.
| 3np wrote:
| From what's written here, it's not clear if such links
| have been used for these terminations.
|
| But yes, my point of not mixing accounts does go that far
| - if you don't have separate hardware, at least use
| separate browsers or browser profiles.
|
| Don't put the cookies in the same jar.
| JacobThreeThree wrote:
| Most likely yes, but as usual it's a black box, we don't
| really know how it works.
| heleninboodler wrote:
| > just don't link personal and company accounts
|
| Easier said than done, in my experience. Years ago I had to
| log into my Company's Play account on my computer for some
| specific reason, one time, and more than a year after that,
| my daughter purchased a game on my android phone and the
| CEO sent me a message saying "FYI, we just paid $3 for a
| princess coloring book app, please enjoy it with our
| compliments but please delete the Play Store login info
| from your devices." I still have zero idea how that could
| possibly have happened. That company will be shutting down
| and now I'm worried that my google account is somehow
| "linked" to it.
| poink wrote:
| > I suppose the best practice solution to this is to try to
| keep company Google Play accounts as "sterile" as possible?
|
| This is probably "best" practice, but Google has randomly
| closed accounts for our mobile test devices. They're only
| used to run our (non-shady) apps on a single device that is
| never used with other accounts.
| ransom1538 wrote:
| I have worked at four large scale mobile app companies [10
| million downloads+]. All four were thrown out of the Apple store
| for various reasons. The real killer is the time between getting
| thrown out and finishing appeals. It's a real corrupt system too
| - like dealing with Russian oligarchs. You need to know the right
| people, know the right things to say, etc. If you don't you sort
| of play Russian roulette with the reviewer. That time between
| appeal and getting back in is usually enough to destroy all
| momentum - two of the companies just closed afterwards. I am
| still in mobile but in education teaching children to read [20+
| million downloads]. I sleep well at night knowing we cannot be
| thrown out.... but any "phone call" from apple [they don't put
| anything in writing] I would probably throw up and have a full
| blown panic attack.
| ultim8k wrote:
| We gave these mofos an ecosytem because they were hiding behind
| the label of "free and open source software". Now they can screw
| anyone and not even answer to emails. They are nothing but
| crooks.
|
| All software giants hold too much power in their hands and nobody
| can touch them. What can you do? They have at least 50% of the
| market.
| fsflover wrote:
| > What can you do?
|
| https://puri.sm/products/librem-5 and
| https://pine64.org/pinephone.
| dymk wrote:
| I'd rather just carry around a laptop than use those phones
| incrudible wrote:
| For one, Apple has the better 50% of the market. You could do
| without Android. Secondly, being subservient to any app
| storefront policy is not a position you want to navigate into
| in the first place.
| projectramo wrote:
| Not sure why people thing Google does not have a help function. I
| think it is obvious at this point that reddit and hacker news are
| Google's help desks but people do need to vote up the relevant
| tickets to get priority attention.
| falcolas wrote:
| In the discussion of the last article, there was a discussion
| about weaponizing "associated accounts" when Google shuts things
| down.
|
| Looks like it's 100% a valid tactic.
|
| Looks like you need to make sure your employees all leave on good
| terms, and stay on good terms in the coming years. Otherwise, you
| too might find your Google accounts terminated with no recourse.
| Eric_WVGG wrote:
| I think it would be more accurate to say, when an employee
| leaves, it's imperative to cut that associated account,
| regardless of whether you're on good terms with them or not.
| Beltiras wrote:
| And also that they never violate Google's TOS.
| spookthesunset wrote:
| > Looks like it's 100% a valid tactic.
|
| It is valid and I'm sure quite effective but it isn't perfect.
| You need to provide escape hatches for real people in all anti-
| fraud systems you create. Even if those escape hatches
| sometimes let fraudsters through as well.
|
| I'm not Google and I don't know the kinds of fraud they attract
| (note: probably _all_ kinds of fraud imaginable) nor do I know
| the level of effort those fraudsters are willing to put in
| (note: probably unimaginable amounts of effort)... but I do
| know that all anti-fraud work needs to allow ways for real
| people to escape. Your job in this space is to protect real
| users... and sometimes those real users inadvertently behave
| like fraudsters and get flagged. There has to be ways out.
| falcolas wrote:
| > There has to be ways out.
|
| It seems like there is: appeal your case in a public forum
| (HN, Reddit) and hope you catch the attention of a
| sympathetic Googler with the political clout to get the case
| reviewed.
|
| But I can't imagine this will work forever. It certainly
| doesn't scale.
| mikece wrote:
| This also suggests a need for app development companies to ban
| developers from using personal accounts to associate with a
| project. I realize this just sends more money in the direction
| of Google but if every app developer was set up with a G-Suite
| (or whatever it's called this week) account for developer
| access then there could be no question of actions a developer
| does on their own accounts coming back to bite the company.
| Likewise, there needs to be a mechanism for the company to mark
| a developer's account as "fired for cause" so that if they did
| anything toxic on the company-assigned account the company
| could pre-signal to Google that they are proactively taking
| care of things and following the rules.
| mijoharas wrote:
| So, please correct me if I'm wrong, but I think I read a
| similar HN article a while back, that said a users company
| and their personal google developer accounts got "associated"
| somehow (can't remember the specifics), so I'm not sure if
| that would be a mitigation for this issue.
|
| I do agree that it's a sensible thing to do and it _should_
| be enough to mitigate issues like this.
| [deleted]
| Tijdreiziger wrote:
| Wouldn't Google associate personal and work accounts by IP
| address?
| falcolas wrote:
| > ban developers from using personal accounts to associate
| with a project
|
| As I understand it, this may not be sufficient, since Google
| also looks at things like "logged in from the same browser"
| or "logged in via the same IP" to find associated accounts.
|
| > mark a developer's account as "fired for cause"
|
| Which, practically (and maybe legally) speaking is not
| something Google needs to know. Then again, in a world where
| Google can shut your company down arbitrarily, perhaps it is
| something Google needs to know...
| kuschku wrote:
| So you need to have separate WiFi networks, separate
| corporate devices that are so locked down that developers
| can never use their personal accounts from your devices or
| your corporate IP range (and ensure the same applies in
| reverse).
|
| To absolutely prevent any and all association.
| Gareth321 wrote:
| This sounds virtually unenforceable. Gated and protected
| phones and computers are the domain of highly secretive
| projects, and cost an arm and leg to enforce. It means
| searching personnel as they enter the protected zone for
| watches, phones, computers, tablets, etc. Since phones
| geolocate and Google has this data, the protected zone
| needs to be enormous. Like, an entire city block to
| prevent the algorithm from detecting the handover. If you
| somehow overcome this, you need to ensure that the
| employee never ever, for any reason ever logs into
| anything personal on the gated devices. It basically
| means preventing them from using the internet. How
| productive are developers who can't go online? It also
| means zero cross-communication to outside the zone. No
| emails to/from home/work. No sending files, no checking
| emails, no taking calls (someone could easily use a
| connected service to make the call). This "air" gap is
| extremely difficult to enforce.
|
| I've ever seen anyone successfully pull off this kind of
| secrecy in anything larger than a 10 person team, and the
| cost was insane.
| TuringNYC wrote:
| >> This sounds virtually unenforceable.
|
| The simple way to "enforce" it is to literally just use
| AWS/Azure instead. I agree with you, totally
| unenforceable.
| freedomben wrote:
| And it's the end of the era of a few friends building an
| app together and spinning it into a startup.
| jordemort wrote:
| This kind of thing is why I would never try to build a company
| where the business model depended on being able to sell through
| Apple or Google's app stores, which is a shame because it ends up
| excluding several large categories of possibilities.
|
| I think there's probably a connection between the "bloat" and
| complexity of the modern web that the Gemini crowd rails against,
| and the draconian and wildly inconsistent gatekeeping that is
| applied to native apps for mobile platforms. It puts the Web
| platform in tight competition with native apps, because it is the
| only viable alternative; this causes developers to exert pressure
| to add more and more capabilities to browsers so that they can
| match native experiences without having to pass review or pay
| commissions. I wonder if browsers would have evolved in the same
| way if mobile devices were more open platforms.
| gentleman11 wrote:
| Googles dumb machine learning is destroying peoples lives and
| will continue to do so for decades unless somebody stops them.
| They control most of the internet and mobile space, it's like
| having your water cut off permanently
| foolzcrow wrote:
| savant_penguin wrote:
| I'm really unsure why people still decide to build their
| companies under Google products
| [deleted]
| [deleted]
| carrolyda wrote:
| Is there any cloud/PaaS/SaaS company without a "we can
| terminate your account at any time for any reason"-clause?
|
| Otherwise you still have the same problem wherever you go.
| lima wrote:
| There isn't. Google is just in the news more frequently
| simply because they have many customers, but that doesn't
| make it any less of a problem (across the board, not just
| Google).
| tedivm wrote:
| Technically sure, but in reality that's not the case. I've
| personally seen people lose their GCP account for weeks
| over amazingly stupid stuff- if that same stuff happened at
| AWS I'd get a phone call from an account manager to clarify
| things and humans would be involved in the decision to shut
| things down.
|
| Google has a history of excluding humans from their
| processes, with no recourse for when their automation
| breaks except to complain online and hope someone important
| enough hears you. That's not something people can trust.
| [deleted]
| belter wrote:
| What about Google scanning Company ownership records, without
| authorization, adding your own residence in Google Maps as
| the company headquarters, and then prompting you to take over
| the record on their own system if you are the company owner?
| bluescrn wrote:
| Android has a ~70% share of the mobile device market, that
| seems reason enough.
|
| (Although more focus on the mobile web rather than apps might
| be a good thing)
| voakbasda wrote:
| They only have that share because developers continue to
| support their platform.
|
| Too bad developer greed prevents an effective boycott of
| their ecosystem. If enough people stopped giving them
| money, they would change.
| _Algernon_ wrote:
| Your criticism essentially boils down to "Too bad human
| behavior is the way it is". Sure, I agree, but it's
| pretty unactionable.
| thatguy0900 wrote:
| To go further, any competition to Google and Apple are
| killed in the cradle by developers refusing to support
| their platform.
| Gareth321 wrote:
| I think it's a bit more complicated than greed. Remember
| that the only mobile development shops in town are iOS
| and Android, and they're both run by tyrants. There are
| millions of developers who only know mobile development.
| Giving up their skillset to learn a whole new profession
| is difficult.
| toqy wrote:
| I haven't checked in a while, but with Apple you used to
| have a much better chance of people shelling out money
| for/in your app.
| realusername wrote:
| There's only two options on mobile and both are terrible.
| tedivm wrote:
| They've always been like this. Back in 2005 I had a website
| that was popular enough to earn about $80 a month in Google
| ads. When I tried to cash out with $300 to pay for some college
| books Google cancelled my ads account claiming click fraud and
| kept the money. They completely ignored any attempts to contact
| them.
|
| In some ways I'm lucky it happened when it did, as it kept me
| from relying on Google services since then. Google is horrible
| when it comes to customer service- always has been, always will
| be- and it's why I'll never understand people who advocate for
| GCP or other Google services.
| matsemann wrote:
| I wonder if the devs behind these kind of automations ever stop
| and think about the ethical sides of it.
| hwers wrote:
| They select for sociopaths coding these things. If someone is
| able to be bothered by these actions, they won't last long or
| will quit voluntarily and someone more sociopathic will take
| their place. It's a problem higher up the chain of
| management.
| leros wrote:
| It's probably something they're not really aware of. My
| company does something kinda similar. We're an aggregator of
| sorts. We have all sorts of quality and safety rules and we
| de-list things all the time for violations. As long as we
| aggregate 95% of what's out there, our users are happy, so we
| don't have massive incentive to spend lots of time manually
| working with rule violators, especially when a good chunk of
| them are actually scammers manipulating the system and
| harming our users.
| hbn wrote:
| I'd be willing to bet that there was no one developer or team
| who was given a task such as, "run our audit AI on accounts
| and permanently blacklist them forever if that's what the
| algorithm wants"
|
| It was more likely years worth of minor changes that got it
| into this state. Teams adding different algorithmic checks
| for various things, where the output is just setting a flag
| on the account. And other teams adding account termination
| logic for certain flags or a certain number/combination of
| flags, not knowing exactly how the flags are set. Though
| maybe that would be the bad task. I'm just spitballing.
| jrockway wrote:
| I've spent an inordinate amount of time banning fraudsters
| from my own cloud platform. The bots that companies write to
| do this are designed to fight off other bots. If you have an
| appeals process, the humans that control the malicious bots
| will show up to abuse the appeals process. One of my favorite
| cases was a user that signed up with hundreds of stolen
| credit card numbers (all from the same IP address, as they
| are apt to do), got banned, and then opened an issue in our
| open source repo complaining of trouble logging in. Yeah,
| you're having trouble because I banned you and your entire
| network of bots.
|
| There is a balance, of course, but if you haven't seen how
| much automated abuse there is on the Internet, be careful of
| what you wish for. Even the tiniest of the tiny services
| suffer from massive amount of automated abuse. At that tiny
| scale, it was nearly impossible for me to keep up with the
| abuse without the help of automation, very broad bans, and
| deleting related accounts by walking a reputation graph (like
| Google is being criticized for doing here). At Google's
| scale, I don't think there are enough humans on Earth to deal
| with the abuse. As a result, there are going to be some
| innocent casualties.
|
| I don't think it's an ethics thing, it's simply not possible
| to run a business without some sort of process like this.
| There are laws, rules, and processes that could cut all this
| down to levels that could be managed by humans, but the cure
| might be worse than the disease. (For example, it would be
| great if there was a 1:1 mapping between your national ID
| card and your IP address. All of these stolen-credit-card
| users could then be imprisoned. But, you know that that's a
| terrible thing, because it will also be used against anyone
| criticizing governments or large corporations.)
| nkrisc wrote:
| > At Google's scale, I don't think there are enough humans
| on Earth to deal with the abuse. As a result, there are
| going to be some innocent casualties.
|
| Perhaps they've scaled too large then. I don't think "we're
| too big to be held accountable for screwing innocent
| people" is a valid excuse.
| spookthesunset wrote:
| One thing that never gets talked about is how do we go
| after the actual fraudsters and bring them to justice? How
| can private industry work with law enforcement across the
| globe and get some of these dudes behind bars?
|
| I'm not saying it would be easy. Doing so would require
| insane amounts of coordinated with basically every country
| on the planet. But damn would it be nice if fraudsters
| couldn't easily hide behind internet anonymity.
| matsemann wrote:
| While I see your point, when it's accounts with years of
| history, millions of downloads, thousands of dollars paid
| in sales etc., it should be easy to discern those from
| spammers creating thousands of new accounts with no
| standing.
| spookthesunset wrote:
| Maybe. Or maybe the account in question has a long
| history but got taken over by a scammer. It's the oldest
| trick in the book. Find long standing accounts and take
| them over. Boom, now they look totally legit!
|
| Shit is hard. If it was easy to tell fraudsters from real
| people we'd never be discussing this. The fraudsters are
| willing to invest unimaginable amounts of time and effort
| to get into your systems and do their dirty work. Every
| fix you make will eventually be routed around. Always.
| geophertz wrote:
| > At Google's scale, I don't think there are enough humans
| on Earth to deal with the abuse.
|
| I disagree.
|
| Some time ago, a person (on HN, although it may have been
| somewhere else) did an estimate of what it would take for
| Google to review all 500 hrs of video uploaded to YouTube
| every minute.
|
| The result was that Google could more than afford it.
|
| Based on that I don't see any reason Google couldn't add
| more humans to deal with these ban appeals.
| inafewwords wrote:
| Nope. You can tell by how it is implemented.
| rexreed wrote:
| Exactly. You think that developers are paid to stop and
| think about the outcomes of what they do? They're all too
| busy running sprints and meeting OKRs and performance
| metrics and hustling design and code reviews and playing
| internal politics to worry about the effect of what they
| are doing on their users and ordinary people. Besides, even
| if they did have an end user in mind, it's not the "users".
| They're motivated by the customers - advertisers.
|
| I really found this video to be enlightening on our current
| techno-dystopian state:
| https://yewtu.be/watch?v=GWvFZ99s558
| bogwog wrote:
| Even if they do, it's not their responsibility to fix those
| problems. It's government's responsibility to step in and fix
| bad behavior that market forces can't fix (like when it's
| more economically viable to destroy thousands of livelihoods
| per year than to invest in human review processes)
| matsemann wrote:
| I do feel it's my responsibility to think of the side-
| effects of what I do and the consequences that bear on
| others.
|
| But as a sibling to you say, maybe I therefore self-select
| away from those kind of companies, and those not thinking
| or caring about those things end up taking those jobs.
| bogwog wrote:
| That's because you probably have a moral compass, but
| that still isn't enough. If you were a decision maker at
| Google, those morals would probably get you fired at some
| point.
|
| The people running a company have a _legal_
| responsibility to act in the interests of their
| shareholders. Even if making a morals >economics decision
| doesn't get them into legal trouble, it can get them into
| trouble with shareholders, and they may be fired and
| replaced with someone who doesn't have a moral compass.
|
| So if the infrastructure doesn't have room for morally
| correct decisions, no amount of martyrdom from executives
| is going to eliminate bad behavior in the long run.
| gambler wrote:
| People who consider this an issue either wouldn't work for
| Google to begin with or end up butting heads with management
| and leave the company. The benefits of self-selection.
|
| There is also a lot of internal corporate training and team-
| building designed to redefine "ethics" to make this sort of
| stuff acceptable.
| thedeadfish wrote:
| otterley wrote:
| OP: You don't happen to be an Iranian national, do you? Google's
| relationship with Iranians is... complicated, and likely
| influenced by the U.S.'s sanctions regime with respect to Iran
| and some of its nationals.
| ivanche wrote:
| Hah, it seems you're right! This is OPs LinkedIn profile
| https://www.linkedin.com/in/nadalizadeh/
| tenuousemphasis wrote:
| What on the profile are you basing OP's Iranian nationality?
| zivkovicp wrote:
| I can't wait until the tipping point when people realize just how
| nasty Google is and start avoiding all of their services.
| Crosseye_Jack wrote:
| Starting a email regrading an account termination with "Hi" comes
| off as being a dick!
|
| (BTW, I'm talking about the email Google sent the dev's)
| nperez wrote:
| In my current org, all developers, whether they're F/T or
| contractors, have a company account created for them and never
| get permissions on any other account. This is a good reminder on
| why I should adopt that practice I ever build a company of my
| own, no matter how small.
| CoastalCoder wrote:
| I seems "killed by Google" deserves a broader meaning.
| qwertox wrote:
| "Innocent until proven guilty"... This sentence has zero value in
| Google's enforcement of their ToS, even though it is a
| fundamental right.
| lima wrote:
| We need legislation forcing companies to manually review
| algorithmic decisions that impact people's lives - there has to
| be a proper appeals process.
|
| It's simply not economical for many companies to deal with the
| long tail of false positives, so they don't. Google has billions
| of users, and if their algorithms are 99.999% right about bans,
| their metrics look great but that's still tens of thousands users
| wrongfully banned.
|
| I'm not usually a fan of government intervention but this is such
| a no-brainer for regulation.
|
| With how much our modern lives are dependent on services like
| Google's, they effectively become utilities and should be
| regulated as such.
| rileymat2 wrote:
| > We need legislation forcing companies to manually review
| algorithmic decisions that impact people's lives, and have a
| proper appeals process.
|
| What you want is human judgement, but it will be hard to
| legislate that. What can easily happen is the human parroting
| back the underlying reasons for the decision. In this case "We
| have reviewed your case, and according to our records the
| account is associated with the problematic account"
|
| I have had this happen to me in bureaucratic situations with no
| computers involved.
| lima wrote:
| We have courts and the ability to appeal to courts when
| bureaucracies make mistakes.
| buscoquadnary wrote:
| That seems like the same problem we have hear just now you
| get the headache of the courts on top of the decision, how
| many people avoid court now for much more impactful and
| legitimate situations simply because they can't afford the
| time and money?
|
| What we want isn't review of automated decisions, what we
| want is openness, transperancy and clarity in the process.
| The problem people have isn't so much the appeals process
| it is the opaqueness and seeming arbitrary nature of the
| whole thing.
| anaccountexists wrote:
| There are problems with how transparent you make things
| though (i.e., giving away the underlying signals).
| There's a moving target between fraudsters and risk teams
| at companies where the fraudsters will try to run _just_
| up to the edge of alerting systems without passing over,
| then scale and repeat it.
|
| If the signals used are made public, fraudsters will win
| every time. It's the same with search engines- if they
| publish how a score is calculated, people will game it
| immediately.
|
| Maybe the signals should be required to go through a
| review with authorities? Idk.
| spookthesunset wrote:
| I came here to say this too. A lot of the anti-fraud
| stuff is a closely guarded secret that changes all the
| time. I don't even think that legal would let us disclose
| it even if we wanted to!
|
| That isn't to say there shouldn't be some kind of way to
| escalate an appeal to a real human.
|
| Of course keeping the fraudsters from DDOSing the crap
| out the appeals process will be a challenge! Because I
| could see them doing that...
| lima wrote:
| > _openness, transperancy and clarity in the process_
|
| But that's what a public court gets you.
| antattack wrote:
| If human judgement is based on flawed AI output - the
| judgement will be flawed.
| Symbiote wrote:
| GDPR Art. 22: https://gdpr-info.eu/art-22-gdpr/
|
| But that's only part of it. A business account might not fall
| within these rules, and Google can enforce them _anyway_ (after
| human review) with very little recourse available.
|
| Breaking the App store duopoly is the solution.
| merrywhether wrote:
| There are alt stores on Android though, it just seemingly
| doesn't matter. The root problem is that consumers don't care
| about this problem and voted with their wallets for the
| current situation. That's not necessarily surprising: most
| people didn't care that their clothes/shoes were made by
| suffering child laborers, so a few relatively comfortable
| devs having to essentially find a new job is barely going to
| register.
|
| I think that forcing human recourse _is_ the solution. This
| problem is much bigger than just the "App store duopoly" axe.
| A law that required the ability to perform all account
| actions/appeals/etc realtime with another human (phone, chat,
| etc) would've also minimized the need for the recent
| unsubscription laws as well since the hassle would've been
| much less in the first place. These are the kind of
| foundational human-centric business laws we need instead of
| the reactionary hyper-focused ones that don't address root
| problems and usually just wind up further cementing
| incumbents.
| Sebb767 wrote:
| > Breaking the App store duopoly is the solution.
|
| Not really. We a comparable situation in a lot of different
| industries; if a large companies serves tens of thousands of
| customers and get hundreds of thousands of malicious
| requests, they're going to do some filtering and it will lead
| to some people getting stuck in the cracks, even if it's just
| 0.01%. More app stores won't solve this; if enough developers
| would be burned, the problem would solve itself on its own.
|
| That's not to say that I like the current situation, but from
| what I see it's likely that the actual number of incidents is
| low (compared to the number of Google's customers) and a
| third or fourth store won't change this.
| sschueller wrote:
| It's coming but from the EU.
| davidkuennen wrote:
| Every day I'm more thankful to live in the EU.
| mtgx wrote:
| jsmith45 wrote:
| The EU's proposed Digital Services act mandates a proper
| appears process for account suspension/termination related to
| transmitting "illegal content", is "or incompatible with its
| terms and conditions".
|
| This appeal is required to be real, actually reviewing the
| content or conduct in question to determine if it violates the
| law or terms and conditions. If there is enough information to
| conclude that no violation occur, the company is required to
| reinstate the account.
|
| If after the appeal, the user is still not satisfied they can
| appeal to one of a set of government approved arbitrators, who
| will listen to the dispute and decide the case. It is the user
| who gets to decide which of the arbitrators will be used (among
| those certified for the relevant category of platform). The
| company always handles its own expenses associated with this
| process, and if the company loses, they must reimburse
| reasonable fees and expenses incurred by the user.
|
| These appeal processes also apply to removed content, not just
| account suspension/termination.
|
| There is an exception for "small and micro enterprises" though.
|
| The main downside of this law is that its primary purpose is to
| create a DCMA++ framework over in Europe, but it still looks to
| have a much better balance of concerns that the laws here in
| the US have.
| leros wrote:
| I agree. These walled gardens wouldn't be the end of the world
| if you could actually talk to a human customer service person
| to resolve these issues. The problem is that companies are
| willing to use algorithms that are 95% correct because it's
| good enough for them, but that ignores that it's screwing over
| a percentage of their customers.
| micromacrofoot wrote:
| > We need legislation forcing companies to manually review
| algorithmic decisions that impact people's lives
|
| It's not hard to argue that all algorithmic decisions impact
| people's lives though, Facebook for example, prioritizes
| certain friends' posts over others... it doesn't seem like a
| stretch to say this could actually impact who you're close to.
| Seattle3503 wrote:
| In banking and financial services we have regulations that
| require "model validation". Any automated decision needs to be
| tracked and compliance needs to check the decisions to see that
| they are sound. They were required after the financial crash in
| 2008 in order to get a better handling on financial risk
| modeling, but the laws were written broadly enough that they
| apply to other automated decisions in financial institutions.
| We could take lessons from these regulations and apply them
| elsewhere.
| toomuchtodo wrote:
| Call your congressional rep [1]. That's what it takes; to get
| policymakers to write and pass the law. I imagine there's
| bipartisan support at the moment for reining in Big Tech [2].
|
| Google is never going to improve the situation out of the
| goodness of their corporate heart (if such a thing were even to
| exist).
|
| [1] https://www.commoncause.org/find-your-representative/
|
| [2] https://nypost.com/2022/03/29/biden-doj-backs-senate-
| antitru...
| reaperducer wrote:
| I don't know if it's still true, but pre-pandemic I used to
| have occasional contact with legislative types, and they
| regularly told me that physical letters carry more weight
| than phone calls, and email was a distant third.
|
| Pretty much, the amount of effort you put into your
| communication is a reflection of how important the issue is,
| and how important it is to you.
|
| Which kind of goes hand-in-hand with lobbyists. Companies
| don't pay them millions of dollars to send emails or rant on
| web forums.
| bitxbitxbitcoin wrote:
| Can confirm, worked as a Congressional intern.
|
| Order of importance was (at least in 2011):
|
| 1. In person meeting 2. Physical letter 3. Phone call
| [deleted]
| Msw242 wrote:
| Call the district office and see if you can get a meeting
| with the district manager to talk about the issue.
|
| Then go to district events that your rep will be at, get the
| district manager to introduce you to the rep.
|
| That's way better than calling the same phone line all the
| wackos call
| mnd999 wrote:
| toomuchtodo wrote:
| Sitting out means those who do reach out have a louder
| voice with policymakers. You can't not participate and also
| be upset by the outcomes due to your lack of participation.
|
| https://en.wikipedia.org/wiki/Brandolini%27s_law
| epolanski wrote:
| > We need legislation forcing companies to manually review
| algorithmic decisions that impact people's lives, and have a
| proper appeals process.
|
| I don't think this is enforceable nor I think it's even
| possible to have such legislature.
|
| At the end of the day Google has every right to decide what
| they put and what they don't put on their store, with whom they
| do business and with whom they don't.
|
| > With how much our modern lives are dependent on services like
| Google's, they effectively become utilities and should be
| regulated as such.
|
| Calling an online application store an utility seems quite a
| stretch.
|
| De-googling and de-duopoling is the answer to these situations.
| At the end of the day you can't force Google or Apple to have
| your products on their shop.
| rvz wrote:
| > At the end of the day you can't force Google or Apple to
| have your products on their shop.
|
| Correct. AdSense worked the exact same way on YouTube. They
| are just doing the same thing with apps on their platform so
| really nothing has changed here.
|
| These companies can do business with whoever they want to.
| You can criticise them, scream at them, protest, etc but they
| will never change, unless you split them all up.
| rootusrootus wrote:
| > De-googling and de-duopoling is the answer to these
| situations. At the end of the day you can't force Google or
| Apple to have your products on their shop.
|
| Eh, just de-googling is probably enough. This isn't really a
| walled garden problem, this is mostly a Google problem. Apple
| can do stupid things, for sure, but you can reach a human
| there. And they definitely don't have the same Google
| algorithmic "scorched earth" account banning style.
| nightski wrote:
| You are right, just don't do business with this evil company.
| Simple as that.
| matsemann wrote:
| Except they are so big it's hard to avoid.
|
| So perhaps the real solution is to split up these giants..?
| [deleted]
| phaistra wrote:
| This is actually the real solution IMO. Instead of
| playing whack-a-mole with endless stream of various
| abuses across all the bad business practices they do,
| these giants should not be able to exist in their current
| size and scope.
|
| The fact Apple, Google, Microsoft, Amazon, Disney,
| Verizon, and others [1], etc are even allowed to exist in
| their current forms is absolutely bonkers to me. The
| outsized roles and influence they have on the economy and
| their individual markets just highlights that the
| government is incompetent or willfully corrupt.
|
| [1]: Just a random selection of giants I can think of in
| a split second. But there are tons of other companies
| that dominate other less-sexy markets that should
| absolutely broken up.
| epolanski wrote:
| Is that their fault? There's other operating systems one
| can install on mobile, they can even argue Android is
| open source and no one is stopping you from installing a
| different OS on your phone.
| reaperducer wrote:
| There's a lot more to it than just that.
|
| A couple of years ago, the New York Times ran an
| interesting article where someone tried to live an
| ordinary day without interacting in any way with Google.
| The result was that it simply wasn't possible.
| rvz wrote:
| > So perhaps the real solution is to split up these
| giants..?
|
| Yes.
| [deleted]
| nonameiguess wrote:
| It's unfortunate this comment was grayed out so quickly and I
| hope that changes.
|
| The sentiment is basically correct. Enforcing a ban on stores
| being able to control who they do business with is a radical
| break with all precedent and violates freedom of association.
| All stores have always had the ability to kick out any buyer
| or seller for any reason whatsoever short of systematic
| discrimination against specific protected minorities. Whether
| or not any particular seller thinks this is a morally optimal
| situation or bad for their personal business isn't going to
| change the centuries of history behind this.
|
| The actual problem here isn't the arbitrariness with which
| Google bans sellers or the false positive rate of their
| decision-making process. The problem is the device vendor, OS
| vendor, and app store vendor are all the same company, and
| there are, practically speaking, only two options for the
| entire mobile market. Solving this is basic antitrust
| enforcement. Force competition for app distribution
| platforms. At least Android allows you to sideload and has
| F-Droid, but the situation is still anticompetitive and bad
| for both consumers and sellers.
|
| And yes, with all respect to mobile app developers, access to
| a selling platform is not a utility. You don't _need_ to be
| an Android developer to meet the basic necessities of life.
| It doesn 't mean we can't or shouldn't do anything to make
| the situation better, but this drive to call everything a
| utility is not helping.
| mikem170 wrote:
| Companies originally were given charters by the government,
| and limited liability for their owners, in order to perform
| a public good. Over time that "public good" part seems to
| have been completely forgotten about.
|
| So now do we say that companies have the innate right to
| make profit without any regard for the public good? That
| profits are more important than what voters in a democracy
| want?
| muzani wrote:
| Apps are effectively utilities today. Apps have replaced
| taxis and phones. Order food through an app. Transfer money
| and buy things through apps. Find jobs and work those jobs
| through apps. Pay parking with apps. A lot of the developing
| world don't have a web app for certain things.
|
| Refusing to have say, Telegram, on your app store is similar
| to not allowing a telco to operate. Also as much as I dislike
| Meta, if Apple/Google decided to remove
| WhatsApp/Instagram/Facebook, that would disrupt a lot of
| lives. Many businesses heavily rely on WhatsApp, more than
| they'd rely on landlines in the past.
| zdragnar wrote:
| I can't speak for the developing works.
|
| In the US at least, where these companies are
| headquartered, every example you gave has an alternative
| that doesn't require an app.
|
| There might be an argument for more regulation, but calling
| apps utilities most definitely is not one.
| CharlesW wrote:
| > _In the US at least, where these companies are
| headquartered, every example you gave has an alternative
| that doesn 't require an app._
|
| There are countless U.S. examples where an app (native
| and/or web) is the only practical interface you have to a
| company or service.
|
| For example: What's the phone number to YouTube customer
| service if someone needs to discuss a misunderstanding
| about a copyright strike?
| brailsafe wrote:
| Agreed. I'm facing this right now with my Amazon account, and
| posted a question related to it. Basically they detected
| something suspicious, locked my account a while ago, and now
| the account is irrecoverable for an opaque set of reasons that
| they won't elaborate on. I feel totally fucked.
| Nextgrid wrote:
| I believe the GDPR already has that. The problem is that the
| GDPR is not enforced enough and not enough
| resources/willingness are allocated to enforce it.
|
| The problem in account termination cases would also be that:
|
| 1) they can claim they've reviewed the ban, that it's
| legitimate and they're refusing to disclose the reasons behind
| it to avoid helping people circumvent the ban, while in reality
| they didn't do any investigation at all. _Proper_ enforcement
| should be able to pierce through this veil (by forcing them to
| disclose the reasons and data behind the bank to the
| _regulator_ , a neutral third-party), but it's missing and
| nothing suggests it's going to get any better.
|
| 2) given that businesses are still allowed to essentially
| "fire" customers at will, and changing that is impossible due
| to wide-ranging repercussions, nothing prevents them from
| "firing" you anyway. Proper antitrust enforcement is needed
| here (so that you're not allowed to "fire" customers this way)
| but that's missing as well.
| frankfrankfrank wrote:
| That's the problem with all these abstracted types of
| legislation.
|
| All it would take is to reestablish that you are the sole
| owner of your information that is your property, as has been
| established by the courts, and it cannot be sold without a
| formal contract, e.g., the way real estate is transferred;
| and that any tracking is illegal stalking and wire fraud
| (because it is) just like tapping someone's phone would be
| since it is using the public internet. Alternately, these
| companies can stop relying on the public internet for illegal
| criminal actions and fraud, and build their own internet if
| they want to track and stalk people.
|
| The law exists, it doesn't matter what other laws you make
| when none, even the fundamental Constitutional law, is not
| enforced and simply ignored. We have too many people who have
| these narcissistic perceptions that the real problem is that
| their pet legislation hasn't been added to the mountain of
| legislation; when the real problem is people trying to
| control others, some in business, some through legislation.
|
| If the general public does not recognize this soon, the
| clutter of legalization will become a prison, if it isn't
| already.
| hnbad wrote:
| The GDPR does require algorithmic decisions to be non-final.
| However it provides no mechanism beyond allowing the company
| to just claim they manually reviewed the case and came to the
| same conclusion as the algorithm. The purpose of that
| requirement is really more to limit the effect of automated
| decisions by insurance companies and such.
| jahnu wrote:
| Microsoft have a better solution, or at least one of their
| departments does. You pay for support questions and if it turns
| out it's actually Microsoft's fault they refund you the fee.
| It's great and most of the time I never had to pay. When I did
| it was still money well spent as I got good support.
|
| There have been a few occasions where I would gladly have paid
| Google/Twitter/Apple to answer my questions.
| [deleted]
| boredumb wrote:
| Honest question, why on earth would you ever have a question
| for twitter so important that you'd consider paying them to
| answer it?
| e9 wrote:
| If they ban your account and you don't know why
| silon42 wrote:
| Also, to prevent an automated ban (or at least immediate
| manual review).
| boplicity wrote:
| There's a Twitter account that has our company name, but it
| hasn't been used for a decade, and has only one Tweet. I'd
| love to pay Twitter to talk to them, so we can take over
| the account. Maybe they have a process for this anyways? I
| don't know. All I know is this account gets tagged all the
| time by people trying to tag our company.
| snowwrestler wrote:
| Find your way to your local Twitter ad rep. They may be
| able to facilitate transfer of an inactive handle. It
| obviously helps if you are buying or intend to buy ads on
| Twitter.
| lima wrote:
| Plenty of people use Twitter for commercial purposes.
|
| It's also a big part of many people's social lives these
| days (like it or not).
| jahnu wrote:
| The algorithm banned our first company account. Nothing
| could get them to respond, including the appeal form.
|
| We want to switch now to professional and can't despite
| fulfilling all the criteria they tell you need.
|
| I would like to see legislation forcing detailed
| explanations of bans though.
| duped wrote:
| You can sue them, which is the normal recourse for
| disagreements between companies. Usually that starts with
| a letter requesting documents from your lawyers to theirs
| BolexNOLA wrote:
| "Just sue Twitter" is one of the more head-scratching
| comments I've read lately.
| duped wrote:
| People sue big companies over bullshit all the time,
| sometimes it works and sometimes it doesn't. I called a
| lawyer and they threatened my bank with litigation a year
| ago, and the bank remedied their mistake (this is a
| company on par with Twitter).
|
| It's more head scratching to me that people think it's
| going to be easier to pass legislation than to go through
| the existing legal channels when a company's policies are
| causing damages. You sue them.
| BolexNOLA wrote:
| I can't imagine committing bandwidth to sue a major tech
| company. We didn't have a lawyer on retainer or something
| at my old company, we were a very small operation. I'm
| not saying it isn't an option at all, but it's not like
| going down the street to pick up some milk. It also just
| strikes me as silly we should have to sue a company to
| correct a relatively simple error they could fix if
| they'd just pay a modicum of attention/responded to us.
| duped wrote:
| Lawyers are how you get them to pay attention and respond
| to you when companies do shitty things and you don't have
| recourse. It's really not that expensive or difficult to
| send a letter to their counsel and get a reply.
|
| Every business needs some kind of legal advice, they
| don't have to be on retainer. You probably did have one
| or more lawyers that your leadership was in contact with
| for particulars. Every business I've worked at has dealt
| with legal bullshit at some point (even the 3-4 person
| startups!).
| cptaj wrote:
| Not explanations. We need due process.
| peckrob wrote:
| A few months ago I was banned from Twitter for sharing a
| meme that literally said "I fucking love outer space." [0]
| That was it. Just an image with some text on it. For some
| reason this angered some algorithm and 10+ years of tweets
| and interactions were gone. It was heartbreaking. For a lot
| of people I followed that was my only real way of engaging
| with them.
|
| The worst part was the complete and absolute silence from
| Twitter. I tried opening a support ticket and got no
| response. DAYS later, I got an automated email about what I
| needed to do, but the instructions didn't even work.
| Eventually I was able to get my account back about a week
| after that by going through some cumbersome verification
| process.
|
| All for sharing a dumb space meme.
|
| In that moment, if I could pay $10 to talk to an actual
| human being who could resolve my problem or at least tell
| me what I needed to do, even if it was via web-chat, I
| would gladly have done so.
|
| [0] https://knowyourmeme.com/photos/746515-space
| Aeolun wrote:
| Hmm, I know how you feel. Got banned on some subreddit
| for some stupid post. 10 years of comments linked to that
| account. Will never be able to post in there any more,
| and there is zero appeals process. The moderators
| themselves are just silent, no response to my appeal at
| all. The response from the admins I got to my ticket on
| an 'unjust ban' was basically 'tough luck, subreddit
| moderators can do whatever they want'.
|
| Living in a liberal democracy has made me so used to the
| system working mostly fairly that these interactions with
| a 'fiefdom' introduce some sort of cognitive dissonance.
| notreallyserio wrote:
| Google doesn't have billions of developers publishing Android
| apps, not even close. They shouldn't need to make these
| irreversible, algorithmic decisions on the Play Store. They
| choose to, and there are engineers and product managers and etc
| that individually choose to support those efforts.
| headmelted wrote:
| It's true that there aren't so many developer accounts, but
| there was a thread on here not long ago that discussed how
| someone's life was turned upside down by getting locked out
| of a cloud account without recourse. Not even the account
| being hacked, just being unable to access it.
|
| I would imagine any broad-based regulation around recourse
| for account locks is likely to start with the individual B2C
| user due to how many more of them there are (essentially
| everyone, even if you only count Apple and Google -
| legislation would of course cover every provider).
|
| The bigger issue is that I don't even know where or how you
| would start with this. Ironically, there's a certain amount
| of comfort in knowing that your data is behind an
| unresponsive brick wall these days as it makes it
| harder/impossible for someone to socially engineer their way
| in. The downsides to that are many and varied, and what the
| post references.
| frankfrankfrank wrote:
| I find it would be far more effective and faster to simply
| demand enforcing the Constitution (at least in the USA), while
| also enforcing competition and shatter all the cartels and de
| facto monopolies.
|
| If there were more competition, there would also be
| alternatives that companies like in the subject case could
| choose from and which would deter companies from making
| mistakes in order to prevent loss of market share.
|
| A good measure should be that anything should have more than 3
| equal competitors, is 4+ search engine companies of equal
| scale, 4+ App marketplaces for 4+ phone OS/hardware makers,
| that can operate on 4+ telecom services, etc.
|
| And that transfer of data and services between each must be
| effortless.
|
| We don't need new legislation that will not be enforced or is
| flawed because it is too specific and myopic, we need
| enforcement of basic and fundamental law and concepts that
| expand freedom and choice and our fundamental human rights.
|
| Submit to our every tech company dictate whim or we will
| destroy everything you have worked for and not be able to work
| in your industry ever again or feed yourself is not freedom and
| is a crime against humanity.
| cortesoft wrote:
| What aspect of the Constitution would apply to this
| situation?
| frankfrankfrank wrote:
| Freedom of speech and assembly, security in one's person
| and affects, freedom of movement/transportation, even
| prohibition against slavery (even though that will be a bit
| too abstract for most), etc.
| whoknew1122 wrote:
| Google isn't the government, so the first amendment
| doesn't apply. Security in one's person and affects? The
| OP still has possession of their apps. Google is just
| deciding it won't sell them for the user.
|
| And prohibition against slavery? It's both laughable and
| deeply offensive to consider this situation even remotely
| similar to chattel slavery.
| cortesoft wrote:
| I really can't see how any of those would apply to Google
| shutting down an account.
| anaccountexists wrote:
| In my experience, the algorithms are much more forgiving than
| humans. At least, when I worked with the risk team at my
| FinTech company, algorithms flagged people for review and then
| humans decided to unflag or terminate their accounts. The only
| time we'd do a freeze is if it looked like an account take over
| (since that could super badly affect the account owner).
| freedomben wrote:
| Very true, I've seen similar things. Humans can be just as
| cold-hearted and unempathetic as a computer is, especially
| when they deal with problem "people" all day every day.
| throwaway82652 wrote:
| >We need legislation forcing companies to manually review
| algorithmic decisions
|
| No, I'm sorry, this is a horrible, horrible idea. As long as
| these companies are targeted by automated spambots, they need
| automated systems to counteract and remove spam accounts.
| That's just the reality of the internet arms race in the last
| 20 years. If you make them manually review everything, you hand
| a victory over to the spammers and degrade service quality for
| everyone.
|
| >and have a proper appeals process.
|
| This is a much better idea. Do this and require them to have a
| functioning customer service department.
| lima wrote:
| Fully agreed - I wasn't suggesting they review _every_ manual
| decision, but do it as part of a proper appeals process.
| Google, for instance, is likely seeing abuse on a scale where
| they _have_ to have automated bans - for everyone 's benefit!
| - and there's nothing fundamentally wrong with that as long
| as you can escalate to a real human.
|
| Edited the comment to reflect this - thanks!
|
| I worked on an abuse prevention system in the past and know
| the challenges very well, except my company actually put in
| the effort to respond to every appeal and compensate affected
| customers for their troubles.
|
| Yes, humans are expensive, and spammers _will_ try to game
| the appeals process, too - but it 's simply a cost of doing
| business.
| Anthony-G wrote:
| All good points.
|
| > Yes, humans are expensive, and spammers _will_ try to
| game the appeals process, too - but it 's simply a cost of
| doing business.
|
| Another Hacker News commentator1 had a good suggestion for
| this problem:
|
| > Microsoft have a better solution, or at least one of
| their departments does. You pay for support questions and
| if it turns out it's actually Microsoft's fault they refund
| you the fee.
|
| If users paid some up-front fee for the appeal, similar to
| the above, regular users would have the opportunity to
| appeal an automated ban (if the appeal was done properly).
| On the other hand, spammers and other malicious actors
| would have to pay money for the opportunity to attempt to
| game the system.
|
| 1 https://news.ycombinator.com/item?id=30855836
| phaistra wrote:
| Why not make it hard to create a Google account? Why is that
| not on the list of potential solutions? If you have bad
| actors that can make hundreds or thousands of bogus accounts
| in an automated way, it means the account creation process is
| too easy. Any legit user who actually wants a Google account
| already has one and those who don't but actually need one
| will jump through the necessary hoops. Google isn't a startup
| anymore.
| yunohn wrote:
| > It's simply not economical for many companies to deal with
| the long tail of false positives, so they don't.
|
| This happens everywhere, not just Big Tech. Even as humans, we
| try to handle the 99% and ignore the 1%.
|
| I still don't understand what anyone is proposing - force
| companies to provide support against their will?
| browningstreet wrote:
| You'd be amazed at how a little regulation right-sizes things
| in corporations. I work in banking -- there's no grumbling
| about our regulatory landscape. We just have teams of people
| who make sure we're compliant, and we get through our audits.
| So, to answer your question: yes.
| yunohn wrote:
| Why are you comparing banking regulations to tech support?
| The former is crucial to trust in money, governance, and
| societal functioning. Tech support is easily overrun and
| exploited by bad actors, and the upside for the company is
| very minimal.
| freedomben wrote:
| The upside of good support for the company wouldn't be
| minimal anymore if giant and/or frequent mistakes could
| get them kicked out of the market, either temporarily or
| permanently.
|
| What I worry about most is that human support
| requirements will apply to smaller companies and
| essentially guarantee supremacy of big tech since no
| startup would ever be able to disrupt them.
| Aeolun wrote:
| Smaller companies could be exempted under the rules.
| Start it from 20 employees or so.
| reaperducer wrote:
| _force companies to provide support against their will?_
|
| Yes. This happens all the time in all sortes of industries.
| But people on HN think that tech companies are somehow
| different and shouldn't be held to the normal rules that
| other companies have adhered to for decades, generations, and
| centuries.
| [deleted]
| [deleted]
| CPLX wrote:
| Yes of course we propose to make them provide support against
| their will.
|
| Like we force telecom companies to serve rural areas against
| their will.
|
| Like we force construction companies to use safety gear and
| have insurance for injuries against their will.
|
| Like we force credit companies to provide mandatory
| disclosures.
|
| Like we force airlines to do what the people in the control
| tower tell them to do.
|
| And so on. The entire concept of a corporation is a legal
| fiction, a privilege granted by the state that enables them
| to pretend they even have something analogous to free will.
| Without the consent of the state companies wouldn't exist at
| all. Maybe we should do a better job of reminding them of
| that.
| xboxnolifes wrote:
| > I still don't understand what anyone is proposing - force
| companies to provide support against their will?
|
| That's what laws are: forcing people to do things they would
| otherwise not do.
| Aeolun wrote:
| And kind of the point of laws. If people did them without
| the law then there wouldn't be a need for the law in the
| first place.
| antattack wrote:
| There is a (state level) legislation proposed to 'open source'
| algorithms used for hiring[1]. Makes sense to expand it to all
| decision making processes.
|
| [1]https://www.brookings.edu/blog/techtank/2021/12/20/why-
| new-y...
| duxup wrote:
| I know a group of devs collaborating on a side project. Same
| thing happened to them. They created a new developer account for
| this project, worked together on it, and the app vanished off the
| store and dev account terminated, along with one of the
| developer's personal developer account.
|
| They assumed, but don't know, it was because the developer who
| had his personal account suspended as well once worked for a
| company who was kinda scummy and went fully scummy a few years
| after that developer left. Somehow that was associated with him
| personally and then the chain of guilt made its way to them.
|
| This seems to re-enforce that this kind of chain of guilt is a
| thing.
| tempnow987 wrote:
| My question, is there some statistical support for this? I
| scummy company employees tend to trend towards scummy stuff? No
| doubt lots of false positives, but folks keep on seeing this as
| a "mistake" google is making, and google may not think this
| type of associative banning is actually a mistake.
| Tagbert wrote:
| But Google is not open about the reason and if you can get
| the attention of their internal support people (if you have
| the right kind of account) they don't seem to know why this
| was done either. If Google were explicit about the nature of
| the problem and were to provide an open process to contest
| and address the accusation that would help a lot. As it is,
| they are opaque and non-responsive. It's an abusive
| relationship.
| tempnow987 wrote:
| Here it seems pretty clear.
|
| They had this developer associated with their accounts
| still.
|
| This developer did bad things.
|
| Google banned this developer and businesses using this
| developer?
|
| What more is needed to understand what happened?
| duxup wrote:
| Theory:
|
| I think the problem is the only solid connection google has
| are developer accounts / that's the only club they have to
| swing. So bad actors may jump from account to account and
| Google's method of whack a mole is to just associate
| accounts.
|
| Way back in the day I worked on an old forum where we used to
| try to do that for spammers and such. But we didn't automate
| it. We just had a checking mechanism that would indicate if
| some accounts might be from the same person ... maybe.
|
| But beyond anecdotes and the above story I've no idea how
| widespread this is.
| hbn wrote:
| It's the new virus! Your account was terminated because you
| know a guy who knows a guy who worked at a company whose CEO is
| the cousin of a guy who broke Google ToS.
|
| 6 degrees of termination.
| duxup wrote:
| How soon until everyone at Facebook is associated? :O
| ncann wrote:
| Reminds me of Nine familial exterminations in China back in
| the days:
|
| https://en.m.wikipedia.org/wiki/Nine_familial_exterminations
| duxup wrote:
| In the Apple TV series Foundation they do that, including
| extending beyond the family to any kind of connections,
| friends and etc. Eventually including something around
| 1500+ individuals tied to one person. The point being to
| eliminate whatever impact that person had on the universe.
|
| Maybe Google's algorithm is more concerned with being a
| tyrannical emperor than we think ...
| Topgamer7 wrote:
| > 6 degrees of termination.
|
| I died.
|
| This should be the term.
| bluescrn wrote:
| Another example of why we should be opposing app-store-centric
| computing.
| mmastrac wrote:
| We cannot continue to allow big tech to provide these walled
| gardens with zero recourse. It's turning slowly into a Gibson-
| esque dystopia as they continue to set the rules under the guise
| of contracts and EULAs with a shadow legal system.
|
| If it needs to be more expensive to publish and buy apps, so be
| it. This is unsustainable.
| pipeline_peak wrote:
| > harms workers rights
|
| Isn't that kind of the trade off of small entities doing business
| with a tech conglomerate? There's not much government
| authorization with developing smart phone apps.
| flerchin wrote:
| I would like for Google to have a process whereby this type of
| story is not plausible. They are too big to not do business with.
| fsflover wrote:
| See also: https://news.ycombinator.com/item?id=30771057,
| https://news.ycombinator.com/item?id=30811297.
| testplzignore wrote:
| Maybe we need a "Businesses/Lives Ruined by Google" site like
| the "Killed by Google" site.
| ghoward wrote:
| Not exactly what you want, but I run the Programmers Against
| Humanity account on Twitter (@software_crimes), and I collect
| stories like this.
|
| I'm going to be tweeting this story out as soon as I get to
| my computer.
| napoleoncomplex wrote:
| Upvoting just because Google's (and Apple's) app store processes
| are so horrible, and this is probably the best way the case gets
| noticed by someone human in a normal timeframe (according to the
| post, they've been going through it for 2 months already).
| bradrn wrote:
| Upvoting for the same reason, although it does feel a bit
| counterintuitive to upvote such a horrible story.
| natch wrote:
| Please don't lump Apple with Google on this. Apple has humans
| that answer the phone and help.
| pastage wrote:
| Who can not help you. Appstore policies are rife with
| catch-22, personally I have never had problems with Google
| but Apple has been a pain every time. I am unable to update a
| ten year old app because Apple think they know the 10k daily
| users better.
| natch wrote:
| If they can't help you frankly the problem is probably with
| you or your app.
|
| But who knows... what aspect of your users do you know
| about that Apple refuses to understand?
| tenuousemphasis wrote:
| > If they can't help you frankly the problem is probably
| with you or your app.
|
| Fanboy logic.
| rootusrootus wrote:
| > I am unable to update a ten year old app because Apple
| think they know the 10k daily users better
|
| I'd be interested in hearing more details.
| hwers wrote:
| To everyone reading this who feel the same: Please avoid
| commenting too much (unless necessary) since HN pushes down
| stories with lots of comments (to disincentivize flame threads)
| even if it has tons of upvotes.
| [deleted]
___________________________________________________________________
(page generated 2022-03-30 23:02 UTC)