top | item 17627093

Ask HN: My Microsoft account has been suspended by Microsoft without details

311 points| ThoAppelsin | 7 years ago | reply

My entire Microsoft account has been suspended, due to the violation of the Terms, by Microsoft, and without any further details. At the time of incident, I was not doing with the account or anything digital, and rather was cooking/eating dinner, when my computer received a notification about a problem with my Microsoft account.

I am not given any other options than to Contact Support about it, which I did yesterday and got an answer today that tells me nothing more than the very few that I know:

> Microsoft disabled access to the account due to a serious violation of the Microsoft Services Agreement https://www.microsoft.com/en-us/servicesagreement. As stated in the Microsoft Services Agreement, you will no longer be able to access any Services that require Microsoft account. For any subscriptions associated with the account, Microsoft will immediately cease charging the credit card on file for recurring charges. [...] Pursuant to our terms, we cannot reactivate your account, nor provide details as to why it was closed. This represents Microsoft’s final communication regarding this account.

I hope that I am not violating any other terms by sharing these messages. I do it out of frustration to know what exactly I might have done to deserve this, something more detailed than "you have violated our Terms as you eat your dinner", because without knowing which action of mine caused this, I either;

a) Will be unable to understand my mistake and not repeat it,

b) Will fear out of doing nearly everything and refrain from them, such as using a VPN on Amazon's AWS at Ohio, which I am sincerely suspicious of.

Microsoft's own way of justice is against the legal systems in all the modern countries, which always makes sure that the accused knows their faults, as one of their rights, and for the benefit of the accused not getting involved in such acts for a second time, for that they this time will know.

225 comments

[+] ddtaylor|7 years ago|reply

This is becoming much more common. A YouTube channel I created to poke fun at rap music was brigaded after I submitted it to a popular group on Reddit. They reported so many of my videos so quickly that before I could finish the appeal of a single community guideline I had 3 strikes and my channel was permanently deleted before I ever received any feedback or appeal.

[+] ryandrake|7 years ago|reply

Everyone should take some time to go through their online accounts and ask: “if I were to wake up tomorrow banned from this account, would it be a disaster?”

If the answer is “yes” you should take corrective action right away and make that answer “no.” Or at least minimize the number of accounts for which the answer is “yes”.

The reality is that this could happen to anyone, for any or no reason. Don’t pin your life to an online account you have no real right to.

[+] ryanmarsh|7 years ago|reply

By your logic Apple completely owns me. I have no idea what to do about that. To start with I could run my own email server on my own domain (something I did years ago and have no appetite for in the modern mail deliverability cesspool). That’s just email. If they wanted to disable my phone or apps I rely on I’d be equally screwed. Is there a way to live digitially today that isn’t at the pleasure of some large tech company?

[+] andrewmcwatters|7 years ago|reply

Another bit of food for thought, ask yourself what it would look like if email had the same federal protection as snail mail.

[+] trumped|7 years ago|reply

I wish most online accounts didn't require an email address to signup...

[+] jimnotgym|7 years ago|reply

This is a stark reminder about the dangers of signing your life over to saas. If you are in the EU you might want invoke your right to an electronic, transferable copy under GDPR

[+] flyinghamster|7 years ago|reply

What's especially infuriating is the dark pattern that began with Windows 8 and has become worse in Windows 10: hiding that you can create a local account instead of using a Microsoft clown, er, cloud account.

The more I see things like this happening, the less I want to entrust anything important to MS, Google, Amazon, etc.

[+] my_usernam3|7 years ago|reply

Unfortunately this indirectly promotes usage of pirated software. I do believe companies that publish and develop software deserve to get paid, but if licenses can be pulled on such short notice, an individual user might opt to have a hacked version.

[+] ksec|7 years ago|reply

I am still waiting for the circle to come back so I can host everything safely in a Tiny box at my home, with ease, and with convenience.

[+] cm2187|7 years ago|reply

As an individual, I found the cheapest option on the long run is colocation.

[+] emodendroket|7 years ago|reply

As opposed to the happy and risk-free world of every man operating his own e-mail server, I guess.

[+] bad_user|7 years ago|reply

The takeaway for the rest of us is that you should never depend so much on one big company. Put your eggs in multiple baskets, preferably the smaller players (but not too small, as that might mean incompetent).

E.g. my email, calendar and contacts are at FastMail with my own domain, cloud storage is at Dropbox but looking to migrate to pCloud (after their recent fiasco). For notes I use Evernote, but investigating Standard Notes. I also don’t buy DRM-ed books or other products, e.g. I buy DRM-free audio books from Downpour. I have a Spotify account but I regularly buy the music I like. I have an iPhone but I’ll be damned if I’ll let Apple dictate my web browser therefore I use Firefox and apps that play along with it.

My Google and Microsoft accounts are basically unused. I use Docs at times but I regularly back them up automatically. I don’t even use Google’s Search anymore. I have some apps purchased for Android but I stopped using Android for now. If they block me for anything, I couldn’t care less.

These companies that have products in multiple markets are after lock-in of their users by any means necessary. Don’t fall into that trap. The alternatives cost more, but your freedom and privacy are worth it.

[+] pm24601|7 years ago|reply

> For notes I use Evernote, but investigating Standard Notes.

I am a (former) Evernote employee. Before I joined I didn't use Evernote. After I left I started using Evernote extensively (Hard to use the app when you are constantly messing up your test account doing dev work :-) )

From my experience there I know that:

1) the people there really care about the customers. If there is any sort of problem, the customer support will really go to bat for the customer. There are more than a few times where CS ensured that a bug fix made it in.

2) If there is any sort of data corruption, Evernote will stop the weekly release to get back the data before doing the next release.

3) You can get a hold of a live human being to get support

4) Evernote has a explicit policy of never going to an ad model.

5) User privacy is highly important.

6) User security is highly important - if Evernote had a choice between Evernote as a company getting hacked or a user (not even a customer) getting their account hacked. Evernote errors on the side of protecting the users' security.

Please reward this positive company by paying for the product - that is their only revenue source :-)

[+] greggarious|7 years ago|reply

I'm not familiar with Fastmail - do you find it comparable in terms of usability to say, Google Calendar?

I'm interested in switching away but nothing I've found beats Gsuite in terms of ease of use, and paying for Gsuite for my domain means I don't have my data pawed over like plain gmail accounts are.

[+] emodendroket|7 years ago|reply

Fastmail sounds alright, but realistically whoever your e-mail provider is you're in trouble if they go away.

[+] api_or_ipa|7 years ago|reply

> an iPhone but I’ll be damned if I’ll let Apple dictate my web browser therefore I use Firefox and apps that play along with it

AFAIK all iOS web browsers must use WebKit so really are little more than a shell on top of Safari.

[+] robert204|7 years ago|reply

How do you back up your Google account automatically?

[+] wattonen|7 years ago|reply

What was that Dropbox recent fiasco?

[+] j88439h84|7 years ago|reply

What fiasco?

[+] hyperman1|7 years ago|reply

A few years ago, google tried introducing a real name policy on google plus. Accounts were being banned left and right. Google removed everything including gmail when they decided your name was wrong on plus.

That was when I realized I could not participate in plus: I realized how important my gmail account had become. I am diversifying and backing up today, but gmail stays a single point of failure.

The result: Even if google drive and a lot of their services sound really nice, I simply do not dare using them. I can't even take the risk of paying them: Anything non-gmail is a chance for them to obliterate my digital life.

Opening a second account is probably a bad idea: One day some algorithm will find out and either merge them or simply nuke both.

Not shooting at google specifically, this AskHN proves microsoft is just as bad. But it sounds to me these companies will have to do something or lose user trust.

[+] ddebernardy|7 years ago|reply

> Opening a second account is probably a bad idea: One day some algorithm will find out and either merge them or simply nuke both.

Nuking both would be nuts except in extreme edge cases. It could potentially nuke the accounts of all spouses and parents and kids who share a laptop at home. Granted, everyone has their own writing style and computers seem good at identifying text written by people based on the latter, but that's still a big risk for the tech company.

[+] ThoAppelsin|7 years ago|reply

I've got another thing to become suspicious about, which again involves VPN.

I live in Turkey, I use VPN (on AWS at Ohio) not to circumvent anything else than the imposed restrictions of my own country, and not some other countries' or companies'. Along with countless others, Wikipedia and Imgur are some well-known websites that are made unaccessible from Turkey. With Windows 10's VPN client, you don't even recognize that you are on VPN. The overhead is so low (relative to the basic internet speeds), that I don't even notice that VPN is on most of the time. I usually open it when I want to visit some Wikipedia page, and turn it back off after recognizing delay/lag on the games I'm playing online. Not even videos load recognizably slower, not on my VPN on AWS at least.

Within last 10 days, I had encountered the news about Dragon Ball Z - Season 1 being free on Microsoft Store, one like this I just found searching: https://www.neowin.net/news/first-season-of-dragon-ball-z-no...

I wanted to give both the anime and the Microsoft Store's video section a try, and did nothing more than just opening the Microsoft Store, finding the content, getting it for free and watching the first episode. My guess is that this might have been the problem.

If this really is the case, then I could not possibly know I was fooling Microsoft Store: - I did not and still do not know if the content was not available, free or paid, from Turkey. There were no indications of the content being unavailable to Turkey on the Store page. - Microsoft Store did not ask me if I am from Ohio, I never said I was from Ohio. I regularly use VPN for personal reasons, unrelated to this matter. I did not use VPN to make Microsoft Store think that I am from Ohio. Microsoft Store itself may have falsely assumed that I am from Ohio, and granted me the right to watch a content for free. It is Microsoft Store's fault for immediately assuming my location from the way I connect to the Internet.

If my guesses are true, then Microsoft's Microsoft Store is the culprit for being overly presumptuous about my location, not asking me for approval, hence not putting me responsible, and giving me free access to some content as a result. I may not be put responsible for Microsoft's presumptions that I haven't approved.

[+] wnsire|7 years ago|reply

>"We canno't provide details about why your account is closed and won't reactivate it"

This type of behaviour should be banned by the European Union.

You should be provided with the exact reason of why your account is being closed , regardless of who is the provider of the service.

It's unacceptable that companies like Microsoft, Facebook, Airbnb feel entitle to behave like this knowing how critical the service provided by those companies are for some organization. Plus the fact that those suspensions are usually done automatically by an algorithm powered by Machine Learning or something similar.

This type of mechanism could destroy an entire organization if the account of CEOs , CTOs, CFOs are suddenly locked down without possibility to access their emails , their contacts, their meetings and others business critical information.

This is outrageous.

[+] stouset|7 years ago|reply

Often times companies are legally barred from disclosing this information. For example, in the financial services sector, if a person’s account is linked to certain forms of financial crimes, it is strictly illegal for the company to tell the owner why their account was suspended and/or funds frozen.

The intent is to not reveal that the account had been linked to (for example) financing of terrorist organizations, but in reality I think it causes more problems than it solves. A real criminal who has their account shut down is probably going to be pretty aware of what the reason is. On the other hand, many times something like this can happen due to a mistake by a government agency, an account takeover, or some other situation where the owner of the account has no idea what went wrong or how to fix it, and finds themselves blackballed by multiple financial institutions with no recourse.

I’m not a fan of PayPal by any shot, but I would wager a nontrivial number of the customer support nightmare stories we’ve all read actually come down to this, and their hands are completely tied.

[+] jdietrich|7 years ago|reply

>This type of behaviour should be banned by the European Union.

It probably already is. Under Article 15 of the GDPR, you have the right to access personal data and to an explanation of how that data will be processed. A database entry saying "this account has breached clause x.y of our ToS" constitutes personal data within the scope of GDPR.

Under article 16, you have the right to correct any inaccurate data. Under Article 22, you have the right to opt-out of any wholly automated decision-making process that "produces legal effects concerning him or her or similarly significantly affects him or her".

Article 23 does impose some restrictions on those rights, e.g. in matters of national security, defence or criminal justice, but those restrictions are narrow and specific. If someone tells you "your account is banned and we can't give you any further information", they're likely in breach of the GDPR.

https://gdpr-info.eu/chapter-3/

[+] hkai|7 years ago|reply

You can thank American and European governments for that. They extorted money from private companies for "due diligence violations" and now they will ban you and close your account on any smallest suspicion of financial impropriety or connections with sanctioned individuals or countries.

As an example, people lost their money to PayPal and had their accounts banned because their address contained a street named after a sanctioned location.

Corporations are panicking. They spend billions of dollars on due diligence now and this is the result you are seeing. They don't want to spend even more billions of dollars on fines.

Obviously they can't tell you "transferring over 500 USD per month to Africa looked dodgy to us, so we closed your account". They are keeping details secret, which makes sense because next time you'd just circumvent their checks.

[+] Shank|7 years ago|reply

I agree that companies should provide more transparency, but I think that this should be provided as a remediation process to get an account back into compliance, rather than termination reason. If companies were able to give you actionable steps or why your account was flagged, that would let them have a way forward to retain a customer as well as provide answers.

On the converse, though, termination without reason does serve a purpose. For example, if this was because of illegal content being stored on the service, Microsoft may be complying with law enforcement and doesn’t want to tip off the suspect.

I strongly believe account remediation is better than all out termination, and that termination should only be enacted in the most severe of cases (repeat offenses or potentially criminal conduct).

[+] unknown|7 years ago|reply

[deleted]

[+] paulpauper|7 years ago|reply

although I can see how this can be abused. Imagine if I create 10000+ spam Facebook accounts and they all get disabled, am I entitled to a written explanation for why each account got disabled?

[+] zokier|7 years ago|reply

Call them? Escalate, escalate, escalate until you get an answer.

https://support.microsoft.com/en-us/help/4051701/global-cust...

[+] Gys|7 years ago|reply

Exactly the same thing happened to me while using Azure free tier. 2-3 y ago. It was a new account which i only used for a few days. Only to make a few test calls to their geo location api (i think). I needed that for a service that i was building. Then i got this same message. No idea why. I did get two phone calls to upgrade my account (!) but they could not explain why this happened, nor get more details. Very, very strange. I switched to Google and never looked back

[+] pc86|7 years ago|reply

There are dozens of stories of identical things happening to Google accounts so it's not as if they are any better.

[+] CommanderData|7 years ago|reply

There's forums of people claiming there site/product/business was removed off of Google because it competed in some way with no redemption.

They are too small for anyone to give a mess about.

[+] BjoernKW|7 years ago|reply

While this certainly is not exactly a decent way of dealing with people and a less than stellar customer experience, Microsoft isn't the judicial system but a private entity. This being a civil law affair there are no formal charges and you're not accused of anything but merely (and potentially ) in breach of contract.

If you sue them they'll have to reveal what they think you did. Other than that you're probably only entitled to access to your data so you can transfer it to another provider, as well as maybe a prorated refund if applicable (and you'd probably have to hire a lawyer for that, too, because they possibly won't answer any further inquiries on your part).

You mentioned a university licence. Many vendors explicitly prohibit usage of such licences for purposes other than educational ones. This might be the cause of your problem, for example if you used your account for hosting a commercial application on Microsoft Azure.

[+] ThoAppelsin|7 years ago|reply

I did not use my account for any commercial purposes, and I don't have much to say for the rest, read them like "you are a poor customer, who won't be able to afford, and should not afford a lawyer to recover your $100-300 loss, for your own interest". Sad that this is reality, or someone perpetuates this fact in such an acceptant manner.

[+] rlpb|7 years ago|reply

> If you sue them...

Sue them for what? Surely they reserve the right to deny service to anyone?

[+] mehblahwhatevs|7 years ago|reply

> Microsoft's own way of justice is against the legal systems in all the modern countries, which always makes sure that the accused knows their faults, as one of their rights, and for the benefit of the accused not getting involved in such acts for a second time, for that they this time will know.

Welcome to the modern world.

I read frequently on the /r/androiddev subreddit about Android devs who have had apps suspended or accounts closed for reasons beyond their comprehension.

I frequently read about people wanting tech platforms to start censoring more actively (Twitter, FB, Youtube?) and for them to boot controversial people for using their free speech (even if offensive).

Unfortunately giving "the accused" any sort of recourse doesn't seem to be a priority when the PR machine is going against a tech company - it's easier for them to use the banhammer.

[+] ams6110|7 years ago|reply

Microsoft isn't a government. They can't arrest you, and they can't seize your property (that you haven't already given them). As a private entity, they can define the terms by which they provide or revoke services, within some broad boundaries such as Civil Rights law.

So that can suck, if you don't know why you've been banned or possibly when you are banned by mistake, but that is the risk of using these kinds of services.

[+] ThoAppelsin|7 years ago|reply

This account had been my oldest digital property, which I had been using for probably over 10 years now. I haven't been using it any differently than before, so now I am left absolutely clueless with a sizeable digital property of mine being lost. I could have kept a copy of everything and not got all-in to the OneDrive with the On-Demand feature, but I don't know what I could have done to not lose 3.5 out of 4 years of pre-paid (required) Office 365 University service, because Microsoft simply does not tell.

[+] DenisM|7 years ago|reply

Email the office of Attorney General of your state with a grievance - you paid for it, it was yanked from you, no one is picking up the phone. This is what AG is for - protecting consumers from all kinds of snatch-and-run, big and small.

Now you might think the AG won't have time for you, but the AG is not sitting there reading the incoming email and deciding to act. The AG clerk on duty will check that basic facts and dates are present in your email (make sure to include them), and ask the BigCo for their side of the story; all that before anyone even looks at the merit of the case. The BigCo will now face a choice - continue corresponding with the office of AG (which is billable lawyer time plus a drain on management brainpower), or shut you up by giving you back your stuff (which is free).

[+] brudgers|7 years ago|reply

How have you been using it?

[+] rabboRubble|7 years ago|reply

Does anybody know of a MS feature similar to Google Takeout?

I frequently take downloads of my Google content with Google Takeout but haven't been doing the same for Microsoft. Recently started adding important content to my MS account, and probably ought to start doing the same for that service.

edit: yeah, yeah, yeah all the cool kids don't use Microsoft stuff. For some of us, there may reasons we do, and I suggest this MS service might do the trick. I'm still testing what all is included in this export. UPDATE apparently this tool just exports a json file including usage information of each MS service but not the data contained within those usage sessions i.e. a file I've created in OneDrive Excel. Hmmmm.... going to continue the hunt.

https://account.microsoft.com/privacy/export

[+] patrickg_zill|7 years ago|reply

They can claim that they are following the law, but that doesn't mean they actually are... If you have a university based license then I would suggest you complain about the suspension of service with your university. Possibly the person who manages the business relationship with Microsoft has contacts they can talk to.

Also: keep backups outside of the Microsoft ecosystem.

[+] hkai|7 years ago|reply

If I know anything about corporations, that's because of a due diligence check. Your name or credit card or face matched someone else, or they thought you have connections to sanctioned countries, or your finances are dodgy.

Even for spam they wouldn't block you like this right weather. It's due diligence.

[+] DoofusOfDeath|7 years ago|reply

> "Pursuant to our terms, we cannot reactivate your account, nor provide details as to why it was closed."

Am I correctly interpreting their statement as saying that they're constrained by their own self-imposed policies?

[+] CommanderData|7 years ago|reply

Imagine your Github repos gone because Microsoft thought you violated TOS.

Well now that's just an eventually.

[+] joeax|7 years ago|reply

I've been thinking a lot about this (after hearing about the Airbnb guy [1] the other day) as it pertains to the cloud i.e. Azure, GCP. I'd hate to be a company that spends hundreds of thousands moving its infrastructure to the cloud, then suddenly without warning it's all terminated without cause or explanation.

On a side note, as a published author on Amazon, I've heard horror stories in the usual author forums of Amazon doing the same to authors, pulling all their novels off their site without warning and terminating their account. Amazon does have some remediation pathways (unlike the AirBnB guy), and many authors had their accounts restored after weeks or months of perstering support (although the damage is done).

[1] https://news.ycombinator.com/item?id=17523056

[+] tootahe45|7 years ago|reply

My account got suspended and kicked me off a month ago by simply accessing the forwarding section of my Microsoft account. Tried it on another account and same thing. To this day i am confused about that, and how some of these big companies with the toughest entry requirements make the dumbest crap.

[+] withinrafael|7 years ago|reply

Did you have pirated material in OneDrive? Did you pirate Windows, Office, or any other Microsoft software?

I'm thinking content scanning or Microsoft Account telemetry.

[+] skt5|7 years ago|reply

I don't think that this matters as much unless you've shared it & Microsoft got some sort of DMCA notice.

By any chance, did you have child nudity (ex: photo of child bathing, etc.) on your OneDrive? If so, I wonder if PhotoDNA picked it up (see https://www.neowin.net/news/man-arrested-after-microsoft-fin...).