💾 Archived View for dioskouroi.xyz › thread › 29428922 captured on 2021-12-03 at 14:04:38. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
________________________________________________________________________________
Fixed. I used Chromium to login (which I never do) and then back to Firefox. Everything back to normal, for now.
So I have also had this happen to me in the past which was one of the reasons I abandoned gmail completely.
Am I understanding this right that you had the correct password but no 2FA authentication and somehow a Firefox user agent on Linux triggered google mail servers to shut you out?
I never really tried with chromium perhaps I can still retrieve old data (Google Support was obviously non existing on this issue).
It's not user agent, it's session (cookies, localStorage) that they didn't have in Firefox, but still had in Chromium. And this isn't Google specific at all.
But they just said they cleared cookies.
Also I travel a fair share (used to) and never faced any issues with any other services except gmail.
It's too stringent to assume the same machine/storage/ip are always used.
Right. Session is stored either in cookies or in Local Storage. Both get cleared when you "clean cookies". If there is no device session, next time you're trying to log in, service will ask to show the second factor (so that hacker can't steal your account through finding the password on some other website).
Firefox didn't work, because person deleted session and didn't have second factor (nor backup auth methods). Chromium worked, because it still had device session.
I'm traveling and using TOR and VPNs just like everybody else and haven't faced any issues. There most definitely is a problem with communicating security/accessibility tradeoffs to the public though, so I'm not putting blame on the op here.
What do you use instead of gmail ?
The HN crowd generally looks favourably on Fastmail.
For anecdata I am indeed using fastmail! :)
Yes I had the correct password and no 2FA... yet they require some form of second-factor that I am not really aware of.
This has happened to me too, but in my case the Google account that I lost access to is the admin account of a Google Adsense publisher account. For some reason I don't receive the 2FA code to my phone, though I do know the recovery email address and the password. I don't log into the Adsense account a lot, it's a small amount of revenue, enough to cover some DO droplets every month. Given that I don't log in a lot, between my last login and first getting locked out, I had switched ISPs and switched my main browser to FF from Chrome, and even erased all my old Chrome data. So, new IP, and no cookies/fingerprint, not getting the 2FA codes... lock out! No recourse. No person to ask.
What's more funny is that I figured, well, I'll just create a new Google account and sign up for Adsense again for my domain with the new account. Turns out you can't do that because the domain for the Adsense account "is already in use by another Adsense account".
There is simply no customer service.
Sue them in small claims court, it's cheap and it sends a message. Worth it for the satisfaction even if the Adsense revenue they scammed from you is less than the (small) filing fee...
This story keeps coming up. When you pay for email, you get a customer status. This entails a SLA and a bunch of other rights, which you most likely never get from a free service provider. I hope if those reading these comments still use free email service instead of hosting their own (or paying for it), strongly consider making the switch.
A good idea is to never use a large corporation for important things like email, because these are built on maximum scalability and therefore practically always have lousy customer support (automated replies & chat, etc.). I'm paying for the same small email provider I used more than 20 years ago and it has always been worth every penny. If an issue comes up, I'll call their customer support or write an email and they fix it within minutes.
If you own the domain yourself you can have it hosted wherever you want because you can trivially move away
There is Google Workplace where you pay $5/month/user for a google account including email and there is support
There is also 365 Basic, which is also $5 and gives you 1TB of Onedrive storage...
By far a better email service and the 2fa just works.
Works if all you need are Gmail and Docs.
It's a very bad idea if you want to use the account as a Google account. i.e. smart home does not work, lots of user features do not work, there is no workaround to this other than "don't use a Google Workplace account for personal life things, get a Gmail account".
Example of the pain to try and migrate from Workplace to Gmail just to get the workaround working:
https://medium.com/@buro9/one-account-all-of-google-4d292906...
Can you even use that if you're not logged in?
Could you elaborate on what you mean by "use"?
How do you gain meaningful access to help/support without being able to sign-in to their help portal / ticket system?
I've been exposed to that type of Kafkian catch-22 nightmare scenario all too many times :|
You call the phone number
When I was admining G Suite, if you wanted to call in, you needed to login to get the phone number and an access code. Which is hard to do when you can't log in.
I switched to my hosted email, it is not so difficult to manage, and I feel very free.
Also I have created accounts for my children, my wife with very little costs.
The magic?
This very well supported project:
https://github.com/docker-mailserver/docker-mailserver
I have been doing this for a few months for similar reasons - particularly spinning up family accounts with little additional overhead - but decided to pass in favor of hosted. Getting everything set up was fine enough and my mail was eventually being received in places I expected (I had to add my domain in Google's panel somewhere), but I noticed lag on receiving stuff, and was still occasionally ending up in spam folders. How are you overcoming that? Forwarding stuff off? Do you host in a VPS somewhere?
Typically solutions like that will work for a few months or years and then you are in much bigger trouble than before. Highly annoying. This is because just like every other server you will need to keep it up to date, you are going to have to deal with being falsely labelled as a spammer, you will have people attempting to abuse your server and so on. I'm still doing this but the overhead is such that I'm tempted to just let it go and move to Fastmail or something similar.
Even paid email you can be identified as a spammer. I use Namecheap's private email for my side project. I do zero marketing/automated emails.
All of a sudden my hand written emails to clients were going to spam. Namecheap verified my spf/dmarc/etc was all setup correctly and told me there was nothing they can do.
I don't communicate often and am just using my personal email address for now, but I'm looking to switch providers
To add to those points, one day you (the person with self-hosted email) would die and your family will be left without emails sometime soon and no way to get their widely used addresses back. Choosing a medium or large third party provider means you just need to document “go to <this site> and manage payments to pay <this much> <this often> to retain your address; this is how you contact customer support in case something isn’t working”.
You can pay for gmail too, and get phone/chat/email support via
https://one.google.com/about/plans
(basic plan is less than $2/month)
Doesn't this work for folks?
Backups are worthless unless you try to recover; support is worthless unless you put a ticket in and see what you get.
Before I migrated my domain and old emails to Fastmail I contacted their support twice to see what I got. Once I simulated an account lockout, the second was more of a technical problem. I can't remember the exact steps that I needed to take, but I do remember that their support was quick to react, had surprising technical depth, and fixed my "problems" faster than expected. I had no problem trusting them with my data.
Has anyone actually tested Google One's support?
Not if you can't log in!
I feel signing up for a new paid/self-hosted email becomes tricky when a person has used an email for most of his life. All the online-services, grad school, office-alum, etc. use the old email. And now when you switch to a new one then it becomes hard I feel. Any suggestions?
There's no reason you can't migrate over slowly. I have my freemail and personal domain both in use for this exact reason. Slowly switch over. It won't happen overnight.
Email forwarding. For anyone you communicated with in the last year (or x months) you can send them an email to update your contact if you wish.
I've not found an online service you can't switch emails with.
> I've not found an online service you can't switch emails with.
I've probably switched email addresses on 200+ websites now, and there were a handful that don't seem to allow switching email addresses back when I made the switch. The situation could have improved since then, but you're basically right, very few don't allow one to change their email address.
I forward my gmail and iCloud accounts to my Fastmail account where my own domain is setup. I also only use my new email address and replace the gmail and iCloud whenever I see it in use. It’s a long process but worth it.
I've set up forwarding from the old email to the new one and am slowly pointing everything towards the new email.
You are paying for gmail, in a coin that Google accepts: your personal information. It's not "free" ...
So unless you're rich enough to be able to pay for premium status, you don't deserve a reliable email address—something that is absolutely required to be able to operate in the modern world?
While I agree with your sentiment, I don't think that's quite what the person you're responding to meant. Rather than talking about how things should be, they're talking more about the reality of the available options as they are now.
To give a baseline: I pay for email hosting through a reputable non-Google company. It costs me about $40 a year, for both the domain name and the email hosting, and it didn't require me to have any technical knowledge to set up. Compare that with, for example, my cell phone plan (around $100 a year) and it seems pretty affordable, or at least comparable to other common bills.
I think it's helpful to think of this in terms of other utility services. People tend to agree that heat, electricity, phone, etc. should be accessible to the non-rich. But those still cost money to operate, and the cost is paid by consumers. (There can be a broader discussion around who should pay for this, but the money does come from somewhere.)
If we decided that electricity could be free, but that it would be funded through personal data collection, that you could permanently lose access at any time, and that you wouldn't be able to get outages fixed in a timely manner, that most people would prefer the current model.
The bottom line is that email is pretty important to modern life, similar to a phone. One way to ensure that your email is reliable is to pay for it.
Is it necessary to pay with a fiat currency to be considered as customer? Paying them with personal data doesn't count?
Is a pig the farm's customer when they "pay" with their flesh?
I lost a lot of accounts because of this misunderstanding. I always use a VPN for work. I keep all logins and passwords in the password manager. But Google is very worried about my safety, even to my detriment.
Using a public VPN is almost guaranteed to flag your logins as suspicious at all of the big tech companies.
If anyone wants to see how intent big tech is on tying your profiles back to personally identifiable information, connect to a VPN and try to create new accounts on various services. It's basically impossible without a non-VOIP phone number. If you manage to get an email address, big sites like Facebook and Twitter will instantly lock your account and require SMS verification.
Big tech discriminates against anyone that doesn't have enough money to own a phone.
Isn't that just a necessary measure to stop bots?
Googler, opinions are my own. I don't work on these systems at all.
My general understanding is that Google wants to prevent account takeovers, as it happens far too often. They flag accounts for various heuristics, even if you know the login (as it could be someone that stole your credentials). This normally should just trigger 2FA for that login. If that doesn't work, you likely need to go through the account recovery flow:
https://accounts.google.com/signin/recovery
Whenever I'm connected to my VPN (I use Private Internet Access), Google will force me to pass a captcha test every time I do a search
I recently tried to start up some new accounts across all of big tech, while keeping my true identity private. I was making up names etc. I wanted to try out the services under a fresh new name and see what it was like (Facebook feeds etc).
Every one of them required a phone number and had all kinds of algos and databases in place to thwart anonymity. If all of your demographic information didn't match the country your IP address was in the experience turned into a brick wall.
I did this a few years ago when establishing an onion (new accounts created and accessed only over VPN+TOR) identity for the dark web and didn't have a problem.
If I needed to hide my identity and communicate with people as a non-techie journalist or dissident I would not know how to proceed at this point.
This is not being done to fight terrorism. The real reason is to ensure that every user is a real person that can be sold.
When some fat cat spend thrift advertising executive complains about possible sock puppets numbering in the millions on their platform they just kick back and explain thier byzantine system of identity verification.
Have you tried to create an account at this site - HN, using a Tor-enabled browser of over a VPN connection?
Kind of like 90% of the problems on our production servers at work over the last ten years have been related to security software installed on them.
Same. I don't even know my password, but I know that I have the correct one because I use a password manager.
I hate this. If I know the password I should be able to log in to my account no matter what (unless if I have 2fa enabled). Sadly companies like Google and MS do not like this idea, they also often use the excuse that they can't verify you in order to mine your phone number.
"Edit: Account recovered. I used chromium to login (which I never do) and then back to Firefox"
How can google keep getting away with this? MS got into trouble with IE with much less.
Google denying me access to YouTube videos asking me to verify my age by giving them either my passport or my credit card should be illegal as well.
Then they expanded it to the app store - some apps, even ones that don't seem to need to be age restricted - now require I verify my age in the same way. I just give them the middle finger and manually install the APKs for those apps.
Unfortunately, no way to get around the YouTube restriction though.
Google having a complete monopoly on this stuff has got to end at some point. They have way too much power over what are now pretty mainstream services to the internet, especially since they cannot be completed with by most companies, even those with adequate funding and reach.
> Google denying me access to YouTube videos asking me to verify my age by giving them either my passport or my credit card should be illegal as well.
Wasn't this added because of some EU law? It seems that YouTube's interpretation was that asking this is the opposite of illegal, actually legally required.
The irony is that I have to verify my age on YouTube, but I heard that people don't need this on any porn site for example.
UK _prawn_ laws? - proposed and then dropped?
You can get around the youtube restrictions using yt-dlp (fork of youtube-dl) There are video players such as mpv that integrate with youtube-dl/yt-dlp so you can watch videos without saving them.
Including the age restriction? I don't see how that's possible. I know some typical bypass methods work for some of the other checks but they've never worked for the age requirements.
I'll give it a try though, thanks. There are some High Boi videos I still haven't seen :|
Keyhole, Jigsaw. Deep ties to defense.
The request for a phone number is precisely a 2FA mechanism, and that's how it's being used. I don't understand what the bad faith you're assuming on Google's part is. What do they want that phone number for otherwise?
If they're asking for a phone number after they've already decided you're not trusted enough with just your password, that is _not_ 2FA.
If you're not trusted, then any phone number you give shouldn't be trusted, either.
If you're trusted enough to be let in when you give a phone number, then you should be trusted enough to be let in without it, and _then_ asked for a phone number, if one is really needed for 2FA.
Indeed this is not a second factor.
I assume this restriction is against automation. As a complete guess on the heuristics: If the phone number you gave them is a "virtual" one, you are out. If it was used too frequently for recovery, you are out. If they are already familiar with it as belonging to someone else who is unlikely to also own the current account, you are out.
With those heuristics you need to provide a "fresh" phone number that likely belongs to a real person and costs real money to purchase and you are unlikely to want to "burn" for just 5 out of 5,000,000 of your automated attempts.
I perform a periodical backup of all my Google data with
if the sh*t would ever hit the fan.
N.B. note that Google performs some encoding conversions within the GMail backup from Takeout that permanently break all non-ascii characters when an encoding other than UTF-8 is used in the original mail (those characters are replaced by the 0xEFBFBD sequence, and since information in lost it guess it cannot be properly recovered).
Obviously I am not the only one who have been experiencing the issue, e.g.
https://webapps.stackexchange.com/questions/71153/takeout-br...
The issue does not happen when doing backup with another tool e.g. mbsync.
As it stands, Google Takeout is not sufficient. While attempting to export data, you can still get a "sensitive action blocked" and "we can't verify it's really you"-style errors that indefinitely prevent access to that data. I've encountered this myself when trying to export my YouTube subscriptions, and it gave me pause when I considered that this could happen to more serious data. It's not a one-time issue, either, I've been retrying export for months now without success.
The responses I've seen to other people with this problem are not encouraging, amounting to "oh, you must have done something out of the ordinary, try again in a few days". See, for example:
https://news.ycombinator.com/item?id=20054083
https://old.reddit.com/r/DataHoarder/comments/i6cn1x/google_...
https://support.google.com/accounts/thread/13380514/i-can%E2...
https://twitter.com/veerismo/status/1341605248834498561
_Edit: better links_
Is there a good way to automate this?
I have been looking into this. There is mbsync (isync)[1] which will let you download a imap account. There is also a premade docker image[2] which you could trigger via cron and sync your mails. For gmail it is recommended to get a login token but I have not looked into how to do that.
[1]
https://isync.sourceforge.io/mbsync.html
[2]
https://github.com/JakeWharton/docker-mbsync
No API but you could script the browser. Obviously would break if the UI changes. Quick google shows some potentially still-relevant posts:
https://superuser.com/q/716756
It lets you choose a bi-monthly schedule for the exports, then you just need to automate the download from the link that you get emailed.
Google takeout offers build in automation, you can set it to run every X months automatically.
I hope you checked your data and tried to restore everything. I pulled out my Google Music data about 6 months ago and it was almost unusable with Google mixing all the data in one folder.
where do you backup the data? I keep it in the Dropbox for now (anything other than GDrive)
I ran into a variant of this issue: I received an email at my primary address (recovery address for Google) that someone is attempting to log into my old Google account, and that the request was blocked. I try to reset password, hoping that the reset link is sent to my recovery address but Google doesn't allow that.
The only option is to "try and enter the last password I remember". Besides that there's no way to reset the password.
Why even bother informing me at my recovery address about the suspicious login then?
As long as a recovery address exists, it must be able to reset password?
Good idea, but when I try to reset the password, it asks me for the last password I remember
https://i.imgur.com/vedOeJG.png
and then I am brought back to the same page
https://i.imgur.com/JAXxcvl.png
... (I tried my current password and the last two before that).
Try a different machine and a different internet connection. Maybe your phone - just a nice normal everyone-has-one machine - if you're on an anonymous or strange version of Linux, or using a VPN, or datacenter internet connection etc, they might be blocking you automatically.
I'm not saying that's good behaviour on their part but it looks that way.
Well, that's not good. It's frustrating that there isn't a customer support division that you can talk to either, at least for escalated issues like the ones we face.
yeah not good... and the only reason I started to save my previous passwords is because of Google. It is the only company that I know of that uses obsolete data to verify that you are the account holder.
This kind of stuff ought to be regulated somehow, one can’t lose access to one’s life.
I recently wasn’t able to recover an old account because I did not have access to my 2FA number and their help site suggested I “contact the phone company to recover the number, then try again.”
I had to do the same exact thing for another service but they did allow me to change the number by providing some information like last transaction, ID, selfie with statement.
If you are in Europe, and at least for email, it is regulated.
The GDPR's Right to Data Portability means that a company is obligated to give you access to your personal data - they are within their right not to have you as a customer anymore, but they must give you at least a copy of whatever data they already have.
Of course, you'll probably have to jump some hoops to prove that you are you, but IMHO that's a reasonable compromise.
> Of course, you'll probably have to jump some hoops to prove that you are you, but IMHO that's a reasonable compromise.
But how can I prove I own my email if I don't have the credentials / Google won't let me log in?
I wrote about my experience for that exact same situation here:
https://7c0h.com/blog/new/lost_gmail_ii.html
In short, you can send their Data Protection Office a letter demanding access to your data. In my case it took almost three months but they eventually relented and reset my password. I guess a lawyer could have gotten it done faster, but who knows.
Thanks for sharing this! I'm glad that there's a way
Did they ever verify the you had the old password / recovery email like you offered? It seems strange to me that they reset an account password because they got many letters asking them to.
All e-mail communications were sent through the same address I gave as recovery address, so they didn't have to ask. It is possible that one of their e-mails was sent to my recovery address instead of my personal address, but since they are the same account I wouldn't know.
Ah, that makes sense. I'm glad it worked out for you!
Doesn't work with Google. If you cannot log into the account, their legal team won't accept that you are the account holder. Even if you provide passport and driving license etc., they can't be sure, because you didn't upload the passport and stuff when opening the account.
I'm having trouble deciding whether you talk about something that _has happened_ or about something that _could_ happen.
Assuming it's the latter: given enough evidence that you are you (same name as the recipient, deep knowledge of the account, knowledge of the password, etc), any court would rule in your favor and force Google to turn over the account. But I would be willing to bet that, assuming you are no one "special", they would relent much earlier in the process - the cost of the lawyers alone would probably outweight whatever profit they obtain from you, and GDPR fines can be high.
But there are also massive GDPR files for handing the data to the wrong person. Inaction is less risky.
Then you can sue, I guess.
Yup lost my phone for a few months until my provider deleted my number and moved it on to some one else, now I am locked out of my paypal.
I tried to find a pay as you go sim where the number doesn't expire and I would use that exclusively for 2FA but such a sim does not exist in the UK, most expire after 3 months the longest is 6 months.
Now I know this is an issue but it doesn't seem like there is anything I can do to solve it.
You could avoid using SMS for 2FA. Most websites offer TOTP as first choice for 2FA. For the ones that insist on SMS 2FA being first choice, I don't bother using anymore. I delete the account and find another provider.
"most websites" has not been my experience at all. Sure, for the big ones like email that's and a lot of dev tooling that's the case. But there's a huge amount of services that requires SMS verification and once you loose access to that number you get locked out. A very common case is loosing ones phone (or having it stolen), at which point you have to log into your accounts again from another device but also don't have access to your SIM anymore.
Funnily Google suite does not offer TOTP with Google authenticator… Unless you use SMS/Voice 2FA first… and then you can activate TOTP, I asked if I can then remove the phone number later, and was told that it is possible, and that they won’t use this number for anything in the future. But who knows…
The NHS requires SMS 2FA - can't get around that.
I’ve moved my mobile number to voip using
https://www.aa.net.uk/voice-and-mobile/number-porting/mobile...
and receive all text messages via mail. Use it for call forwarding when I’m abroad to avoid roaming charges, also sim swap attack seems less possible?
I did that a few years ago but have been finding that every year more and more websites are recognizing the number as VoIP and refuse to send SMS to it.
I have a Giffgaff SIM for this reason. The expiry is 6 months and I have remembered to use it within that period so far. Not ideal but I would imagine you need a 2FA code more regularly than that.
I wonder if used with a smartphone (mine is in a dumb Nokia) whether you can automated a SMS send or outgoing call once every month or something?
> This kind of stuff ought to be regulated somehow, one can’t lose access to one’s life.
You can't create regulation requiring anyone or anything be competent and responsible.
If you entrust your livelihood to a company that cannot be trusted, that's on you.
Yes you can. There are all kinds of regulations. Many entities are held to high standards. They're exposed to liability.
The 'free' era of the internet has been enabled by excessive liability shields granted to shareholders that are collectively worth trillions of dollars, and those riches have been built around callous disregard for the property and rights of billions of people worldwide.
That being said, with Gmail, you get what you pay for. With Google's paid for hosted email, you don't get what you pay for either. It's not a good provider if you ever have any issues with it that cannot be solved by their automated processes.
Imagine applying the same logic to hospitals.
«A malpractice lawsuit? You silly goose!»
This reminds me of the time that I obtained my original cleartext password for my old tripod.com account by simply emailing their tech support from an email account not associated with the tripod account. The email address from which I contacted them had the same username as my tripod account email, just at a different domain.
Their response email was simply my password. Not a password reset link, not a new random password. No questions asked.
This happened less than 5 years ago, when password hashing should be standard practice. But tripod was created in the 1990s when it wasn't standard, and I guess there was no budget/willingness to refactor the old database and login code.
I was not surprised to hear a few years later that their cleartext password database had been hacked and published.
Happened to me on an account I didn't use for a couple of years. I used the same IP, login, password, recovery email. Nope, 'we can't verify it's you, try again later'. Later I tried, and tried, and tried for a few weeks, still the same.
I gave up, transferred all services linked to this email, with some back and forth with their support. Then, after a couple of month of not trying I was finally allowed in.
The moral is this: google can't be trusted with such serious and vital service as email. They can freeze your access to an account and offer no way or support to let you back in.
I too faced the exact same issue, lost 2FA recovery codes as it was saved in Google Drive (lol).
The most frustrating thing was that even though my phone number was linked to my Google Account, they didn't have an option to send OTP to my phone number to reset my password. Even after contacting Google support nothing helped, eventually I gave up and created a new account :/
> they didn't have an option to send OTP to my phone number to reset my password
This is good, really.
https://en.wikipedia.org/wiki/SIM_swap_scam
I have so many important accounts attached to my gmail so I created a bunch of backup codes and hide them in various places
Good idea, but I wish that there was an option to get backup codes without having to enable 2-step verification.
https://support.google.com/accounts/answer/1187538?hl=en&co=...
Backup codes are a way to bypass the 2nd step, so what works that even mean?
No - you need backup codes _and_ something else, like a password, SMS OTP, or access to the recovery email address.
Well yeah. If the recovery process is weaker than regular authentication, that's what bad guys will use for account takeover. You don't want to lose Gmail because someone bruteforced your backup code?
It would not be weaker then usual authentication... you would still need username and password.
Not sure why companies nowadays rely on your tiny device to provide a second password. Both my passwords and 2FAs are on that device, what security does it add?
And why do they need a password if they are going to require Timestamped-2FAs anyways?
I had a bit of a squeaky bum moment the other night. I needed to sign up for Stadia and was asked for my gmail address and password which for the life of me I couldn't remember (and it wasn't in my password manager).
I then requested a password reset and tried a couple of the account rescue codes. Turns out I'd used these specific ones before but hadn't marked them as used (doh!) and at that point stopped in case of a hard lockout due to "suspicious activity".
So at this point I capitulated and just went for the "I'm dumb and forgot my password and have no other codes or keys" option. I was then told it'd take _SIX HOURS_ for google to verify my account before they'd send me a password reset link.
Luckily it all worked out and all I lost was an evening of Stadia, but I couldn't help feeling I was teetering on the edge of loosing my account.
Footnote: yes I have considered switching to a paid service such as Proton Mail, but at the time covid happened, I lost my income and couldn't afford it. I think this experience will spur me on now that I'm gainfully employed.
Happened to me as well, except I could never get back the access. This is how it permanently looks like:
https://i.imgur.com/4YrElkJ.png
About a week ago there was a trending article about backup strategies in HN and everyone shared their insight. But it seems that know one takes thought about backing up your personal cloud services, especially from Google. There have been countless stories of people locking out from their Google account and still people don't do some basic backing up.
You've just reminded me of how much I rely upon a free service provide something so critical to my everyday life. Time to move to a paid service where I can have someone to call when issues like this turn up.
I have had my domain/email hosted on office 365 for years now. Zero issues. Before that I hosted it through various other providers which was also fairly trouble-free. Many years ago I tried hosting my own email server. That excersize revealed how cheap $50 a month is to have email hosted for you.
Recently, I became a "Microsoft Partner" which gets you a monthly Azure allowance, software licenses, and five Enterprise accounts for Office365. This is only $550 a year which is cheaper than my previous office365 small business account.
The support is great when or if you need it. You probably will.
Hi, this account was created for this post.
My personal gmail beta account is to this day being held ransom by Google. It was only used for my most important accounts, my bank, gov, utilities etc. My life, online and offline.
Despite only ever logging in from a residential line in the same city for entire life of the account; one day there was """suspicious activity""".
I did everything asked.. confirmed every detail, provided backup codes, secret answers, gave up phone numbers, every password change and dates, even the exact date and location when the account was created, E V E R Y T H I N G.
Turns out that my account is so secure that even I cannot access it.
Well I'm sure you can imagine what a total fucking nightmare it was to workaround the absolute evil that is Google.
That's my rant, I'm glad that you got your account back OP.
You get what you pay for.
(Sorry for the obviously totally useless comment that is not helpful in any way. But seriously: I've seen this happen to a number of people, and you're just out of luck - computer says no. If you value your digital history, host your mail and file at a party where you pay for the service - that makes you a _customer_ not a _product_)
> If you value your digital history, host your mail and file at a party where you pay for the service - that makes you a customer not a product
And then the hosting company has a fire in their datacenter and there’s someone on HN saying it’s still your fault because you needed to do backups as well. And then you have a backup issue and there’s someone on HN saying it’s still your fault for some other reason.
https://www.reuters.com/article/us-france-ovh-fire-idUSKBN2B...
There is always someone on HN willing to blame the victim and excuse, or at least shrug at, the bad behaviour of trillion dollar tech companies.
That's one way to look at it. Another way to look at it is being solution-focused.
Tech megacorps often behave badly yes. But what can we realistically do about it? Discussing that just puts into yet another pointless political argument. Even in the best case situation it may take a decade to actually do anything, assuming whatever gets done actually works the way we hoped.
Maybe we should do something like that one of these days. But meanwhile, the OP has an actual problem right now. They would probably appreciate something they can directly do to fix it now or ensure it doesn't happen, instead of moving the discussion to the 50 billionth political argument on the internet that does nothing to help them.
You appear to be suggesting that because other HN comments (arguing different things, no less!) exist that zevv is wrong. That isn't a very powerful argument.
I have some sympathy for both sides of the debate, but fact is that if your emails are important to you, using a free service from a rather unreliable company like Google is the lazy choice. One of the main reasons it is free is because you get no support if something goes wrong.
> One of the main reasons it is free is because you get no support if something goes wrong.
No, it’s the opposite: you get no support because there are too many people using it because it’s free. In theory paying for a service should get you better support, but in practice there are thousands of counter-examples.
I couldn't agree with you more. People complain about free services like if they were directly paying for it.
I have my main email service through Protonmail and my GMail account is for all the spamming email stuff.
It is not like you get much better service when you pay for Gmail. Maybe huge customers do, but small ones are treated almost like free users.
_"Catastrophic” hack on email provider destroys almost two decades of data:_
https://news.ycombinator.com/item?id=19146110
Sarcastically, I would say he paid dearly with his privacy and metadata, without ever giving it a second thought.
This happened to me when I was away from my home; I tried to log in to my Google account, but I couldn't gain any access; I tried to change the password and everything, yet the email won't update; it will only update on my browser.
HN exposure to the rescue!
I love that, because it's sadly very relatable. We had to create support ticket for a defective server. It was impossible to move the "support" forward, because we didn't know if the server smelt burned.
In the end we just said: "Sure whatever, it smelt like burned electronics."
Google marketing: "Entrust your livelihood to us because we're the experts"
Goodle production: "We're not responsible for your livelihood"
Same from Microsoft
Clueless users: "Let me enable uber-secure mode, so nobody can hack me"
Clueless users next day: "Damn, I got locked out of my account, there are no alternative email addresses for recovery, I lost Ubikey and didn't save backup codes"
Yup. This happened to me two years ago. Thankfully I hardly used them for anything important. They started freaking me out years ago and I've moved to self host everything.
People still send emails to my gmail address, including my own family. It forwards to swiley.net for now but that probably won't last.
Log in from one of the ip ranges and browser/os combinations you’ve used in the past
I am on the same internet connection (Comcast cable) but my IP address did just change though.
Edit: I was able to login using Chromium (even if I never usually do)... and now it works again in Firefox. I wish Google would just accept my credentials and ignore the rest.
So, what was the cause of your inability to login sense all you did was switch browsers for it to work?
Could it be some autofill or other cached information jacking with the form input?
Most probably they've added MFA and lost it. Devices that have been authenticated already can be used with the bare login & password, but new sessions will ask for the MFA they can't access.
Backups? I have daily snapshots going back 1 month.
i use firefox containers for critical logins like that, where i never clear the cookies.
Yep I have an account like that for several years, but it's still logged into thunderbird and works fine for sending / receiving.
Cannot login via browser though. It asks for my recovery email, which successfully sends an email, and then says "we cannot verify it's you" lmao
I wonder if you could sue google to get back your data.
They have your data and they are effectively arbitrarily deciding you can't access them anymore.
They are too powerful. Nobody stands a chance against their infinite budget and top lawyers.
I don't buy that
realistically, you threatening to sue would get you transferred to an actual human being to resolve this
you may have to get a letter from an actual lawyer
