I operate on the realization that google will one day arbitrarily destroy my gmail account for absolutely no reason. At any time. Because. Due to reasons. Those reasons which include the knowledge I will likely never have anything clearly explained. Reasons I cannot appeal. At all.
This is what free gmail means to me. Same goes for youtube. Especially youtube. Videos can be deleted for no reason. Better keep copies.
Famous people have lost content on google and youtube. Blocked emails. Lost videos. etc etc. I'm a nobody. If famous, "important" people have their accounts "accidentally" deleted, what hope do I have? None whatsoever.
I have no idea what google would be like for paid accounts of my own but I was working with a company that did and the support wasn't terribly helpful during a email migration so I'm unimpressed. At least they responded to my emails after a few days.
Google is running a free service and have limited resources for customer support. I think everyone understands that. But why can't they make better use of that support using algorithms and data analysis?
For example, they probably get thousands of requests for account assistance. But they have full access to the emails in the account. And related metadata like age of account, volume of emails, other services used (Android apps released, Youtube videos created), and others. It should be simple to create an algorithm to prioritize the requests. So if an account was created a week ago and doesn't have much history? Low priority. An account is 10+ years old and has regular bank statement emails incoming? Highest priority.
And if that's too much work, just provide a paid option. Tell users that if their issue is really important, then pay some amount (such as $50) to get immediate urgent support. The user with a one week old account won't care enough to pay. The spam scammers obviously won't pay. But the user with all bank accounts, brokerage accounts, other important services going through their gmail account? They will likely pay to get assistance.
Instead every account gets the same shitty treatment. They could easily identify the important accounts to look into first using data analysis and algorithms. They're supposed to be good at this stuff! Or provide a paid option. Or do both. Only explanation I can think of is that it doesn't look good enough for a promotion so nobody at Google cares.
> I operate on the realization that google will one day arbitrarily destroy my gmail account for absolutely no reason.
No! We need to demand more from Google (or, at least our lawmakers). I have a business that relies on a Chrome extension to be on their web store.
Say I accidentally trip off something in their opaque machine learning algorithm that determines my extension (or even a YouTube comment!) breaks their terms of service. They would have the right to completely block my account and remove the extension. Effectively, wiping out how I make a living with a single automated bit flip.
It hasn't happened to me, but the people that share horror stories of how it happened to them scares the $#!7 out of me.
As the Internet gets more privatized and less "open", I just wish there was something that required a fair "trial" of my account being suspended. The balance of power online is slowly shifting and I feel there needs to be something protecting the rights of individuals (the public) online.
>I operate on the realization that google will one day arbitrarily destroy my gmail account for absolutely no reason. At any time. Because. Due to reasons. Those reasons which include the knowledge I will likely never have anything clearly explained. Reasons I cannot appeal. At all.
This sounds very much like the old-world Christian conception of "acts of God" re: natural disasters and the like.
The Catholic Church has the concept of saints, highly placed people that intercede with God on behalf of common people. For dealing with Google, modern people petition "influencers"
I operate on the realization that google will one day arbitrarily destroy my gmail account for absolutely no reason. At any time. Because. Due to reasons. Those reasons which include the knowledge I will likely never have anything clearly explained. Reasons I cannot appeal. At all.
You're dead right. So now, in addition to trying to exercise every day, and unpack another box from moving every day, I'm committing to moving one account email to Fastmail every day.
Famous people have lost content on google and youtube. Blocked emails. Lost videos. etc etc. I'm a nobody. If famous, "important" people have their accounts "accidentally" deleted
There have been far too many incidents where people who become virally infamous immediately have their accounts blocked or deleted mysteriously, followed by having them restored with no explanation. This indicates that Google/YouTube employs people who will arbitrarily abuse their power in the control of these valuable and highly private information resources, over whom Google/YouTube has too little actual control of oversight.
When you have something from the government like an ID card. They can't just turn it off. You have due process rights and right to appeal them turning off your ID card, etc. With private companies you don't have that. That's the danger of privatization of everything, due process rights go out the window.
Downvotable Material: There's a certain billionaire who wants to privatize the right to travel through a certain "passport" he's advocating. Will they just be able to turn you off and there will only be non-existent or unresponsive customer service that will just tell you that there are "reasons" why you're not in the system any more and they are a private company and can do whatever they want and buying their product is optional, when it really isn't. Hopefully, if this ever comes to pass, there will be extensive regulatory legislation like the Fair Credit Reporting Act to keep this sort of thing subject to due process and transparency. The global nature of this "passport" means that when in foreign countries with weak judicial systems they might still be able to arbitrarily terminate your account.
Has anyone done a social science research study to estimate the chances of losing a Google account?
This is an important number. 1% annual chance? bad deal. 0.01% annual chance? Maybe worth the risk. 0.0001%? Sure, I'm more likely to get hit by lightning.
Let's go even more general: I would be unable to download PlayStore apps without violating the EULA. Did you know my apartment building's washing machines are literally inoperable without an app? For every app, you need access to the app-store platform. I wouldn't care so much if it's optional. However, we are at the point where we can't use basic household appliances without apps...
I lost mine a few years ago, since then Google is an absolute no go for me.
Had it for a few years back then and never did anything bad or oblique with it, just used it as my secondary email account and also for deploying a small, harmless Chrome extension to the Chrome store.
So one day my wife bought a tablet and also registered a mandatory account. 1-2 days later my and her Google account was terminated. I mailed support and they told me they couldn't tell me the reason for terminating both accounts. No kidding. Tablet suddenly obsolete. All my emails gone.
Since then Google is a big red flag for me.
Addendum to clarify: They said they won't tell me the reason for terminating my account. I'm sure they could have told me if they wanted to.
the tablet part makes no sense, you can always create new Google account or just use tablet without google account, installing apps through aurora store or apkmirror would be minor annoyance though
A funny one: I am locked out of a former Gmail that forwards every email to my currently active address. This "forward everything" is not throughout IMAP/Pop but some Gmail feature.
One day I couldn't login anymore to the old account (maybe I typed the wrong password 3 times or maybe it was deemed inactive because I would never login?)
I try the recovery process once in a while with everything (code by SMS, code by recovery email, etc). Never works.
But I still receive every email sent to that account through the "forward everything" setup from XX years ago.
NB forwarding does NOT include "spam" email... i have all my Gmail accounts funnel into one and i check the spam buckets of all, every 4 weeks (otherwise Google turfs em). i usually find a few (rather important) false positives in that monthly sweep.
Further note that gMail filters at every step, eg this includes a downstream "archive" account. So there are false positives coming from a "known" [single source] good account and of already vetted emails...
i do wish there was a way to forward everything ... where everything meant everything ... filtering optional.
Ha I'm in the same boat as well. Locked out of my first ever Gmail account and thank the stars that I had this forward everything set up.
Every few months, I try the recovery process again to no avail. "Sign-in with Google" is very convenient so it'll be a pain to move to proton + outlook but c'est la vie
The same thing happened to me, I happened to notice and set up the forwarding the day I lost access to the account. I feel pretty lucky for that, it made leaving much easier.
I've got an old gmail address with pop3 enabled that my main gmail account pulls emails out of. Hadn't logged into the old address in a couple years because everything was working. One day I decided to rotate all of my passwords, got to that old gmail account and it refused to let me log in and wouldn't say why.
"No big deal" I thought, I use a password manager, have all historical passwords, have the 2fa device, same phone number, same address, I have access to the recovery email address, and pop3 still works so I know I have the current credentials. I'll just reset the password.
Nope, wrong. Even though I have every possible form of identification the account will not let me log in via the web interface and will not let me reset the password. I get stuck in a loop that eventually ends with "Thanks for verifying your email. Google couldn't verify that [email protected] belongs to you."
The pop3 functionality still works, but the password can never be reset and the web interface can never be logged into. I suppose this will continue until the day google decides to ax pop3 and imap, no doubt accompanied by a blog post with comments disabled explaining it's for our own good, at which point that address will be lost to the sands of time.
Thanks for that anecdote. I was planning on using the lockdown home office situation to finally buy some domain and set up my own email server.
I wasn't sure whether I should set up forwarding on my Gmail account or have the server fetch mail from it regularly. Was leaning towards the second option but I think now it's settled which option to choose.
Edit: Ok there's one more stupid scenario. Let's assume I do lose access to the Gmail account but forwarding still works. Now I'm in an accident and stay at a hospital and totally forget to pay the renewal fee for my domain. Boom, some domain squatter gets all my mails. Actually, that would even apply without Gmail in the mix. Sure I'd set up automatic payment for renewal but still, can I be a little paranoid here? ;-)
This also happened to me. I have a second email address I set up and set all forwarding to another Gmail. I've lost the password to the second account, but still receive all of the messages. it's not that I need to get into the account or use that email address. mostly I just want to make sure it's secure and nobody else can get into it.
Who knows... maybe someone else recovered it that he's using it as their primary address and I'm just getting copies of all their messages?
What troubles me about this is how casually we've moved everything to e-mail, on the assumption that everybody can get a "free" e-mail account, even tho the account isn't actually "free" and can be taken away from you without you doing much of anything wrong.
Very similar to how a phone-sim has kinda become the de-facto digital ID of most people.
In the long term, where does that leave people who can't afford a mobile phone/a paid e-mail account?
This is already somewhat of an issue with certain digital services that won't accept e-mail accounts from free providers that are too abused for spam.
What happens to the people who can't afford a paid e-mail account when billing and so many other services are moving to digital heavily depending on the availability of e-mail?
In contrast to that, I don't have to pay a monthly fee to have a physical mailbox at my door, but that won't get me far with most digital services.
This happened to me. I managed to log in to my childhood Email account (or rather, have it recreated since my dad owned the domain) and open the link from a password recovery email and google still refused to let me in even though I had been logged in on the same computer just minutes ago.
So because their authentication used some stupid heuristic combined with the “no reusing old passwords” thing I was forcibly deplatformed. I’m not making another account, I already wasn’t happy with google and that was enough to make me give them up.
The problem this article touches on is huge, because everybody who has a computer is affected and almost nobody takes the necessary precautions. Especially non-technical computer users can easily lose years worth of important data.
I've tried to set up contingency plans for the cases that I lose access to my:
- phone (which contains Google Authenticator with plenty of important logins; unfortunately some of my 2FA is still based on SMS)
- my laptop
- my Yubikey
- my wallet (with ids and a credit card)
due to theft, damage (house burns down) or simply loss.
Another under-appreciated risk: losing my memory (my master passwords are only in my mind - what happens if suffer a head injury and forget?)
Redundancy is one countermeasure: Have more than one bank account + stock portfolio, more than one credit card (servers might go down if a credit card is blocked) and physical devices (phone, laptop) in store to stay operational in case of an emergency.
Full machine backups + regular uploads "to the cloud" for raw data; occasional transfers to (multiple) external hard drives.
I don't think there is a way around a safe physical space with printed backup codes on it. Ideally not in the same house - maybe with a bank?
A list of instructions for numbers to call for account recovery or blocking. Which information will I have to provide?
In a similar vein: what happens to my data after I die? How would my (non-technical) family be able to access my pictures and writings? A digital inheritance would be prevented in my security set if I don't prepare.
This space is fascinating to explore, the zeros and ones people have stored on their devices are incredibly valuable to them and this treasure is poorly protected. Generally speaking: No backups, weak passwords, outdated software, old hard drives ... risks abound
Google surely has very capable security people, but right now my account there is the central vector of attack, most of my passwords can be reset through my email, a huge portion of my communication runs through Gmail, Whatsapp is backed up to my Drive, most of my pictures are on Google. It's probably a good idea to disentangle the situation a bit to be prepared for the case that Google's fortress gets breached one day.
Without compromising your security - I'd love to know how others approach their personal IT security challenges?
The article seems only to focus on what happens if you lose your ways to authenticate, but another possibility is getting caught in some weird ban wave like spamming emotes on a youtube stream when the streamer asks you to (https://9to5google.com/2019/11/09/google-account-bans-youtub...) (most of these bans seem to have been reversed, but I don't know if that would have happened without the publicity that came from a popular youtuber calling out google for banning his fans ...)
Google can at any time decide to require you to provide additional authentication. What year and month did you create your account? What previous addresses have you logged with google. There are about a dozen prompts to prove yourself to them.
Finally, spinning busy icon and... red text says you are denied. You are properly screwed.
I assume all ways of recovery by google failed. I would go the physical route. Take a megaphone, a big sign and go to one of the google offices in Zürich. First stand there and then slowly ramp up to attract more attention. At one point one googler must be willing to help or must be annoyed enough by me. It sounds extreme but it is my Plan B. My personal data includes all my pictures which are extremly valueable to me. I do pay for many google services including Google Drive and I expect them to support me.
"There is one more option for super paranoid people. Backup all your data."
I would argue that this should apply to everyone, not just the paranoid! The fact that most companies make this easier nowadays, like the linked Google Takeout, is actually a real, useful improvement.
If you backup regularly, you should also restore to test it works properly, and the reality is there is no decent way to restore a google takeout archive to another google account, or any competing service. The closest you'll find is a hodgepodge of scripts to incompletely restore some data...
It feels weird to see this called super paranoid, I've been backing up my data ever since my first PC went belly up on me. Didn't have much on it but lost some photos, so now I keep everything backed up and still break out into a sweat the moment my laptop starts making any unusual noise.
Technology isn't perfect so a backup is a must for anything of value: whether financial or sentimental. For a good example of why backups matter, look at the history of Doctor Who. They didn't leave any backups of parts of the original show because they figured those were pointless, re-recording on the physical copies instead. Now the old episodes of the show are being searched for across the Globe, I believe some were even found at some man's home in Brazil. Backups and archiving stuff is essential.
For me it would be an annoyance for sure, but I've been not-using Google stuff long enough that I wouldn't really care.
This is how I did that:
1. I self-host my email and most of my emails are exchanged via my self-hosted domain.
2. I use nextcloud for cloud storage with automatic upload of pictures, videos and call recordings from my phone.
3. I use ZFS for snapshotting and replication.
------
Regarding my google account... I took the habit of taking notes of my previous password when I change it with a new one. I also took note of my backup codes.
------
Regarding self-hosting email... It's surprisingly low-maintenance. My current mailserver was set up in 2014 and I've touched very little since then (considering it's been on for six years).
It does require some learning in the beginning, but a) email is so old that's very, very, very well documented and b) time spent learning is never wasted.
Nextcloud is just awesome. It does have its quirks and an SSD would definitely help, but I've been running it off a cheap machine (~115€ dell optiplex 7010, 2nd gen i5, 8gb ram, 250gb HDD system disk + 2TB HDD data disk) and only had occasional problems (don't try and push too much stuff at the same time or postgress will basically kill itself if it can't keep up -- upload files to the data folder instead and let nextcloud rescan such folder).
ZFS is the real game changer. Hourly snapshots are extremely fast and cheap and make it easy to sync your precious data to another location (in case something goes wrong).
------
Sometimes I stop and think about how exploitative and predatory modern internet services providers are.
Most TOSes clearly state that they can terminate your service for any reason. Which is generally understandable but also mean that all of your data could be gone so fast...
The cloud isn't really the safest thing to put your stuff into.
When I set up my corporation, a couple of years ago, I set up a Google account for it.
For some reason, it won't let me in. I am pretty sure that I have the correct password (I use a very well-known wallet app), but it's entirely possible that I borked the process.
Google won't help me to unlock it. I have to use a gmail account (the one I set up) to get reminder links, and I can't figure out why it isn't honoring my secondary email account (my corporate email, which works fine).
It really isn't a big deal (to me). It prevents someone else from registering as my company. It does mean that I won't be doing any corporate business with Google, but that's fine. I don't write the kind of software that uses their services.
"One of my other Google accounts actually have been inactive for so long that Google doesn’t trust me when I enter the password and there’s no way to recover."
Hm. That probably means I have lost my Google account. The last time I logged in was in 2013.
The funny thing about giant tech companies and your personal data is they do their best to convince you they are a great place to store your intimate details and secrets. They can be trusted.
But on the flip side, these companies are incredibly paranoid and secretive with their own data. They all run their own mail internally and do not (in general) store sensitive data on each other's clouds.
I think this is super important for companies like, for example, Facebook and Uber, to maintain utter secrecy of their internal data, because they know they have a lot to hide.
Anyways, the vibe is "Trust us, but we won't trust you". Yuck.
It's reached the point where five or so agencies have a de-facto oligopoly over our digital life and the t&c are written almost totally in their favour. I took a .zip of my digital life last year, and I intend renewing it periodically.
What's the point of removing old addresses? I mean I'm all for privacy, but forward all your old accounts to one funnel account and ensure you never lose that data.
Unfortunately, it's not available for GSuite accounts. I suppose the rationale is that organizations don't have the same requirements as individuals, but that's not the only use case for GSuite : any individual (like me) who set up legacy GSuite to use GMail with a custom domain is out of luck.
[+] [-] sfgweilr4f|5 years ago|reply
I operate on the realization that google will one day arbitrarily destroy my gmail account for absolutely no reason. At any time. Because. Due to reasons. Those reasons which include the knowledge I will likely never have anything clearly explained. Reasons I cannot appeal. At all.
This is what free gmail means to me. Same goes for youtube. Especially youtube. Videos can be deleted for no reason. Better keep copies.
Famous people have lost content on google and youtube. Blocked emails. Lost videos. etc etc. I'm a nobody. If famous, "important" people have their accounts "accidentally" deleted, what hope do I have? None whatsoever.
I have no idea what google would be like for paid accounts of my own but I was working with a company that did and the support wasn't terribly helpful during a email migration so I'm unimpressed. At least they responded to my emails after a few days.
[+] [-] bit_logic|5 years ago|reply
For example, they probably get thousands of requests for account assistance. But they have full access to the emails in the account. And related metadata like age of account, volume of emails, other services used (Android apps released, Youtube videos created), and others. It should be simple to create an algorithm to prioritize the requests. So if an account was created a week ago and doesn't have much history? Low priority. An account is 10+ years old and has regular bank statement emails incoming? Highest priority.
And if that's too much work, just provide a paid option. Tell users that if their issue is really important, then pay some amount (such as $50) to get immediate urgent support. The user with a one week old account won't care enough to pay. The spam scammers obviously won't pay. But the user with all bank accounts, brokerage accounts, other important services going through their gmail account? They will likely pay to get assistance.
Instead every account gets the same shitty treatment. They could easily identify the important accounts to look into first using data analysis and algorithms. They're supposed to be good at this stuff! Or provide a paid option. Or do both. Only explanation I can think of is that it doesn't look good enough for a promotion so nobody at Google cares.
[+] [-] fbelzile|5 years ago|reply
No! We need to demand more from Google (or, at least our lawmakers). I have a business that relies on a Chrome extension to be on their web store.
Say I accidentally trip off something in their opaque machine learning algorithm that determines my extension (or even a YouTube comment!) breaks their terms of service. They would have the right to completely block my account and remove the extension. Effectively, wiping out how I make a living with a single automated bit flip.
It hasn't happened to me, but the people that share horror stories of how it happened to them scares the $#!7 out of me.
As the Internet gets more privatized and less "open", I just wish there was something that required a fair "trial" of my account being suspended. The balance of power online is slowly shifting and I feel there needs to be something protecting the rights of individuals (the public) online.
[+] [-] xkcd-sucks|5 years ago|reply
This sounds very much like the old-world Christian conception of "acts of God" re: natural disasters and the like.
The Catholic Church has the concept of saints, highly placed people that intercede with God on behalf of common people. For dealing with Google, modern people petition "influencers"
[+] [-] stcredzero|5 years ago|reply
You're dead right. So now, in addition to trying to exercise every day, and unpack another box from moving every day, I'm committing to moving one account email to Fastmail every day.
Famous people have lost content on google and youtube. Blocked emails. Lost videos. etc etc. I'm a nobody. If famous, "important" people have their accounts "accidentally" deleted
There have been far too many incidents where people who become virally infamous immediately have their accounts blocked or deleted mysteriously, followed by having them restored with no explanation. This indicates that Google/YouTube employs people who will arbitrarily abuse their power in the control of these valuable and highly private information resources, over whom Google/YouTube has too little actual control of oversight.
[+] [-] narrator|5 years ago|reply
Downvotable Material: There's a certain billionaire who wants to privatize the right to travel through a certain "passport" he's advocating. Will they just be able to turn you off and there will only be non-existent or unresponsive customer service that will just tell you that there are "reasons" why you're not in the system any more and they are a private company and can do whatever they want and buying their product is optional, when it really isn't. Hopefully, if this ever comes to pass, there will be extensive regulatory legislation like the Fair Credit Reporting Act to keep this sort of thing subject to due process and transparency. The global nature of this "passport" means that when in foreign countries with weak judicial systems they might still be able to arbitrarily terminate your account.
[+] [-] lqet|5 years ago|reply
I would add (free) Github to that list.
[+] [-] lonelappde|5 years ago|reply
This is an important number. 1% annual chance? bad deal. 0.01% annual chance? Maybe worth the risk. 0.0001%? Sure, I'm more likely to get hit by lightning.
[+] [-] oakpond|5 years ago|reply
[+] [-] foolofatom|5 years ago|reply
[+] [-] narrator|5 years ago|reply
[+] [-] nor-and-or-not|5 years ago|reply
Had it for a few years back then and never did anything bad or oblique with it, just used it as my secondary email account and also for deploying a small, harmless Chrome extension to the Chrome store.
So one day my wife bought a tablet and also registered a mandatory account. 1-2 days later my and her Google account was terminated. I mailed support and they told me they couldn't tell me the reason for terminating both accounts. No kidding. Tablet suddenly obsolete. All my emails gone.
Since then Google is a big red flag for me.
Addendum to clarify: They said they won't tell me the reason for terminating my account. I'm sure they could have told me if they wanted to.
[+] [-] chapium|5 years ago|reply
[+] [-] vbezhenar|5 years ago|reply
[+] [-] t0astbread|5 years ago|reply
[+] [-] jedimastert|5 years ago|reply
Low level random tech-support? Probably not.
[+] [-] Markoff|5 years ago|reply
[+] [-] jknz|5 years ago|reply
One day I couldn't login anymore to the old account (maybe I typed the wrong password 3 times or maybe it was deemed inactive because I would never login?)
I try the recovery process once in a while with everything (code by SMS, code by recovery email, etc). Never works.
But I still receive every email sent to that account through the "forward everything" setup from XX years ago.
[+] [-] emanuensis|5 years ago|reply
Further note that gMail filters at every step, eg this includes a downstream "archive" account. So there are false positives coming from a "known" [single source] good account and of already vetted emails...
i do wish there was a way to forward everything ... where everything meant everything ... filtering optional.
[+] [-] Infinitesimus|5 years ago|reply
Every few months, I try the recovery process again to no avail. "Sign-in with Google" is very convenient so it'll be a pain to move to proton + outlook but c'est la vie
[+] [-] swiley|5 years ago|reply
[+] [-] ShinyObject|5 years ago|reply
I've got an old gmail address with pop3 enabled that my main gmail account pulls emails out of. Hadn't logged into the old address in a couple years because everything was working. One day I decided to rotate all of my passwords, got to that old gmail account and it refused to let me log in and wouldn't say why.
"No big deal" I thought, I use a password manager, have all historical passwords, have the 2fa device, same phone number, same address, I have access to the recovery email address, and pop3 still works so I know I have the current credentials. I'll just reset the password.
Nope, wrong. Even though I have every possible form of identification the account will not let me log in via the web interface and will not let me reset the password. I get stuck in a loop that eventually ends with "Thanks for verifying your email. Google couldn't verify that [email protected] belongs to you."
The pop3 functionality still works, but the password can never be reset and the web interface can never be logged into. I suppose this will continue until the day google decides to ax pop3 and imap, no doubt accompanied by a blog post with comments disabled explaining it's for our own good, at which point that address will be lost to the sands of time.
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] iforgotpassword|5 years ago|reply
I wasn't sure whether I should set up forwarding on my Gmail account or have the server fetch mail from it regularly. Was leaning towards the second option but I think now it's settled which option to choose.
Edit: Ok there's one more stupid scenario. Let's assume I do lose access to the Gmail account but forwarding still works. Now I'm in an accident and stay at a hospital and totally forget to pay the renewal fee for my domain. Boom, some domain squatter gets all my mails. Actually, that would even apply without Gmail in the mix. Sure I'd set up automatic payment for renewal but still, can I be a little paranoid here? ;-)
[+] [-] kshannon|5 years ago|reply
Who knows... maybe someone else recovered it that he's using it as their primary address and I'm just getting copies of all their messages?
[+] [-] freeflight|5 years ago|reply
Very similar to how a phone-sim has kinda become the de-facto digital ID of most people.
In the long term, where does that leave people who can't afford a mobile phone/a paid e-mail account?
This is already somewhat of an issue with certain digital services that won't accept e-mail accounts from free providers that are too abused for spam.
What happens to the people who can't afford a paid e-mail account when billing and so many other services are moving to digital heavily depending on the availability of e-mail?
In contrast to that, I don't have to pay a monthly fee to have a physical mailbox at my door, but that won't get me far with most digital services.
[+] [-] swiley|5 years ago|reply
So because their authentication used some stupid heuristic combined with the “no reusing old passwords” thing I was forcibly deplatformed. I’m not making another account, I already wasn’t happy with google and that was enough to make me give them up.
[+] [-] mxschumacher|5 years ago|reply
I've tried to set up contingency plans for the cases that I lose access to my:
- phone (which contains Google Authenticator with plenty of important logins; unfortunately some of my 2FA is still based on SMS)
- my laptop
- my Yubikey
- my wallet (with ids and a credit card)
due to theft, damage (house burns down) or simply loss.
Another under-appreciated risk: losing my memory (my master passwords are only in my mind - what happens if suffer a head injury and forget?)
Redundancy is one countermeasure: Have more than one bank account + stock portfolio, more than one credit card (servers might go down if a credit card is blocked) and physical devices (phone, laptop) in store to stay operational in case of an emergency.
Full machine backups + regular uploads "to the cloud" for raw data; occasional transfers to (multiple) external hard drives.
I don't think there is a way around a safe physical space with printed backup codes on it. Ideally not in the same house - maybe with a bank?
A list of instructions for numbers to call for account recovery or blocking. Which information will I have to provide?
In a similar vein: what happens to my data after I die? How would my (non-technical) family be able to access my pictures and writings? A digital inheritance would be prevented in my security set if I don't prepare.
This space is fascinating to explore, the zeros and ones people have stored on their devices are incredibly valuable to them and this treasure is poorly protected. Generally speaking: No backups, weak passwords, outdated software, old hard drives ... risks abound
Google surely has very capable security people, but right now my account there is the central vector of attack, most of my passwords can be reset through my email, a huge portion of my communication runs through Gmail, Whatsapp is backed up to my Drive, most of my pictures are on Google. It's probably a good idea to disentangle the situation a bit to be prepared for the case that Google's fortress gets breached one day.
Without compromising your security - I'd love to know how others approach their personal IT security challenges?
[+] [-] tsbinz|5 years ago|reply
[+] [-] justinclift|5 years ago|reply
Tip 1b: Make sure your password manager isn't using your Google account for authentication. :)
[+] [-] chapium|5 years ago|reply
Finally, spinning busy icon and... red text says you are denied. You are properly screwed.
(My experience a few years ago)
[+] [-] faebi|5 years ago|reply
[+] [-] nikanj|5 years ago|reply
[+] [-] oarsinsync|5 years ago|reply
[+] [-] chrisma0|5 years ago|reply
[+] [-] londons_explore|5 years ago|reply
If you backup regularly, you should also restore to test it works properly, and the reality is there is no decent way to restore a google takeout archive to another google account, or any competing service. The closest you'll find is a hodgepodge of scripts to incompletely restore some data...
[+] [-] BelleOfTheBall|5 years ago|reply
Technology isn't perfect so a backup is a must for anything of value: whether financial or sentimental. For a good example of why backups matter, look at the history of Doctor Who. They didn't leave any backups of parts of the original show because they figured those were pointless, re-recording on the physical copies instead. Now the old episodes of the show are being searched for across the Globe, I believe some were even found at some man's home in Brazil. Backups and archiving stuff is essential.
[+] [-] nicbou|5 years ago|reply
[+] [-] znpy|5 years ago|reply
This is how I did that:
1. I self-host my email and most of my emails are exchanged via my self-hosted domain.
2. I use nextcloud for cloud storage with automatic upload of pictures, videos and call recordings from my phone.
3. I use ZFS for snapshotting and replication.
------
Regarding my google account... I took the habit of taking notes of my previous password when I change it with a new one. I also took note of my backup codes.
------
Regarding self-hosting email... It's surprisingly low-maintenance. My current mailserver was set up in 2014 and I've touched very little since then (considering it's been on for six years).
It does require some learning in the beginning, but a) email is so old that's very, very, very well documented and b) time spent learning is never wasted.
Nextcloud is just awesome. It does have its quirks and an SSD would definitely help, but I've been running it off a cheap machine (~115€ dell optiplex 7010, 2nd gen i5, 8gb ram, 250gb HDD system disk + 2TB HDD data disk) and only had occasional problems (don't try and push too much stuff at the same time or postgress will basically kill itself if it can't keep up -- upload files to the data folder instead and let nextcloud rescan such folder).
ZFS is the real game changer. Hourly snapshots are extremely fast and cheap and make it easy to sync your precious data to another location (in case something goes wrong).
------
Sometimes I stop and think about how exploitative and predatory modern internet services providers are.
Most TOSes clearly state that they can terminate your service for any reason. Which is generally understandable but also mean that all of your data could be gone so fast...
The cloud isn't really the safest thing to put your stuff into.
[+] [-] ChrisMarshallNY|5 years ago|reply
For some reason, it won't let me in. I am pretty sure that I have the correct password (I use a very well-known wallet app), but it's entirely possible that I borked the process.
Google won't help me to unlock it. I have to use a gmail account (the one I set up) to get reminder links, and I can't figure out why it isn't honoring my secondary email account (my corporate email, which works fine).
It really isn't a big deal (to me). It prevents someone else from registering as my company. It does mean that I won't be doing any corporate business with Google, but that's fine. I don't write the kind of software that uses their services.
[+] [-] Animats|5 years ago|reply
Hm. That probably means I have lost my Google account. The last time I logged in was in 2013.
[+] [-] londons_explore|5 years ago|reply
Check your password here: https://haveibeenpwned.com/Passwords
For very old accounts, they'll normally force you to add a phone number or recovery email address though.
[+] [-] etaioinshrdlu|5 years ago|reply
But on the flip side, these companies are incredibly paranoid and secretive with their own data. They all run their own mail internally and do not (in general) store sensitive data on each other's clouds.
I think this is super important for companies like, for example, Facebook and Uber, to maintain utter secrecy of their internal data, because they know they have a lot to hide.
Anyways, the vibe is "Trust us, but we won't trust you". Yuck.
[+] [-] robin_reala|5 years ago|reply
[+] [-] ggm|5 years ago|reply
[+] [-] brnt|5 years ago|reply
The only use I occasionally get out of it is a shared document with somebody.
[+] [-] adamhearn|5 years ago|reply
[+] [-] whalesalad|5 years ago|reply
[+] [-] renaudg|5 years ago|reply
Unfortunately, it's not available for GSuite accounts. I suppose the rationale is that organizations don't have the same requirements as individuals, but that's not the only use case for GSuite : any individual (like me) who set up legacy GSuite to use GMail with a custom domain is out of luck.
[+] [-] askvictor|5 years ago|reply