Ask HN: Should we own the free stuff we pay for?

&gt; lost access to paid services that I had set up with social login<p>I signed up to Quora with my Facebook account, back in the day. Deleted Facebook in 2013 and lost access to my Quora account, with no possible way to recover it.<p>I haven&#x27;t used a social login since. In my case, it was fairly harmless, but it made me realise how dangerous social login is. Every time there&#x27;s a signup, I look for &quot;signup with email&quot;. It&#x27;s the safer option. And if you can, use your own domain for email (Google&#x27;s paid email offering supports this, as does Fastmail and countless other email providers). That way if your email provider decides to flip you off, you switch DNS records and you&#x27;re up and running somewhere else, and everything keeps on running.<p>But: If you don&#x27;t have a copy of emails then you lose all saved emails, so make sure you have a backup strategy in place.

Google is simply not a very reliable business partner for tech. I have a decade worth of experience in the Danish public sector, where I’ve had plenty of great experiences with both Amazon and Microsoft. I know that a lot of people would prefer things to be open source, but part of what you pay for in an Enterprise Organisation is availability of support. When AWS first entered the European market, most of what they sold in the support side was rather automated. Which just couldn’t compete with what Microsoft sells, where Seattle will call you with updates every hour on the hour if you’re a big enough customer. This is a big part of why Azure managed to capture the market share it did under the nose of AWS, the other part being that once you buy Office365 well… Anyway, I’ve never seen a huge tech company change their ways as quick as Amazon did, and today they’re actually ahead of Microsoft in terms of compliance with EU legislation and Enterprise support.<p>Google mean while has the same business-to-business support that it does for private customers like the author here. For some services it’s because Google doesn’t care, but they do care about Education and they still can’t figure out how to readjust to be a valuable business partner even when they actually want to sell you something.<p>So my best advice to anyone using Google services would be to find a better vendor as quick as possible. It’s completely ridiculous that you can lose your business account over someone replying to a spam mail.<p>Just imagine if Microsoft kicked the Danish government out of Office365 every time one of our employees did something silly in their emails. I know there is a difference between us as individuals and the Danish governed, but the point in trying to make is that there isn’t, not to Google at least. So maybe they are just a terrible vendor?<p>This is all anecdotal by the way. I haven’t seen anyone complain about getting locked out of their azure essential subscription, so in my eyes that is simply a safer way to pay for g-suite type services than g-suite. That being said, I do personally host my domain and DNS stuff on their own separate accounts at their own separate vendors, both privately and professionally, exactly because you want that stuff to remain unaffected by everything else.

When you put it this way, it&#x27;s really quite remarkable how tenuous our hold is on even paid for digital services.<p>There is really nothing you could do with a car to prompt the car maker to take it from you. And the state will only take it if you break the law in particularly dangerous ways.<p>When it comes to other possessions it&#x27;s even harder for anyone to take them away from you. If I take a kitchen knife and stab someone with it I will go to prison for sure, but I don&#x27;t think they will take the knife away. They definitely won&#x27;t ban me from buying knives.<p>But when it&#x27;s a digital service, even something as crucial as a banking service, it&#x27;s seen as normal that you can lose them for posting offensive things on twitter. Perhaps it&#x27;s because we haven&#x27;t had these digital services for long enough to consider them as really belonging to us, so we accept that they can be taken away at the slightest provocation.

In sensible jurisdictions, a tenant cannot be kicked out for non-payment of rent without a court order. That&#x27;s right, a <i>debtor</i> who <i>owes</i> money to another cannot be booted without an independent government body approving it.<p>So it&#x27;s not inherently wrong to say a user of a free service should have some rights. In some situations, it&#x27;s not fair to pull the rug out under people.<p>I think that there will come a point where we need to have independent tribunals governing the behaviour of large web services. That point will probably be reached 5 years ago.

No, you&#x27;re not overreacting :) it sucks.<p>In theory, you agreed to all the ways they can screw you over when signing up. In reality of course no one can be reasonably expected to understand the full ramifications of multi-page terms of service.<p>I&#x27;m happy that EU is pushing this ownership argument forward. GDPR seemed unreasonable just a few years ago, now it&#x27;s the new standard. I also don&#x27;t think it&#x27;s the final destination. We&#x27;re moving towards more regulation, but that&#x27;s expected in any mature industry.<p>However, this specific topic to me isn&#x27;t as much about ownership as it&#x27;s about redundancy and diversification.<p>Of course it&#x27;s not a good idea to build your whole identity on some corporate identifier (@gmail.com, @icloud.com...). Of course your business income shouldn&#x27;t be based on a single platform (e.g. youtube demonetization, facebook news). These problems could&#x27;ve been forseen even without the benefit of hindsight.<p>There&#x27;s no such thing as absolute ownership anyway. Even your money or real estate belongs to you within the framework of modern banks and governments. Doesn&#x27;t mean this ownership isn&#x27;t meaningful, just that there are always limits and gotchas.<p>The most meaningful thing you can do is own as much of your digital surface area as you can. Having everything under your own domains will get the most bang for your buck. I don&#x27;t bother with self-hosting, but for someone else that would be a must. Your mileage may vary.

Phone number porting is a thing due to regulation. I&#x27;m looking forward to having email address porting legislation, one day.<p>For full porting, there&#x27;s a long road ahead, starting with regulating domain names, which email addresses depend on. However, as long as the domain name _de facto_ remains in the possession of the original provider, this is technically possible, already.<p>Email address porting might even be possible without a persistent domain&#x2F;DNS entry. After phone numbers get ported, the _sender_ (of sms, or a call) caches the new routing, and the original carrier doesn&#x27;t know the ported phone number is getting a call in the new carrier&#x27;s network. I&#x27;d be interested in discussing this sort of thing for well established internet services (such a central authority already exists, ICANN, but perhaps legislators can come up with a non-US authority for emails)

Apologies for going meta here:<p>Could I urge that posters follow the site convention of prefixing the title with with Ask HN, Tell HN, etc. for posts that don&#x27;t link to an external source? There are currently two such posts in the top 30.<p>HN is primarily for discussing external articles, and I&#x27;d suggest that this post should have been submitted as such.

This was an issue 10+ years ago and I&#x27;m shocked it still exists. In the early days of Google+, some people lost their accounts for not having &quot;real names&quot;. Whether or not you agree with a real names policy (I don&#x27;t), you should <i>never</i> lose access to your Gmail or Google Photos or Youtube channel because of it.<p>Even though this didn&#x27;t happen to me I learned that my Gmail is too important to lose so I can&#x27;t use that account for anything else and that&#x27;s dumb and shortsighted of Google.<p>It says a lot that this hasn&#x27;t been fixed in 10+ years to safeguard your Gmail account in particular. Uploading an offending image (which could be an ccident) to Google Photos shouldn&#x27;t terminate your AdWords account.

An important tip if you intend to send everything to gmail.<p>Do NOT send everything to gmail via forward. Every bit of spam you forward is going to count against your domain name. I had someone who did this on a community server and it wrecked our rating for a while.<p>Instead, have gmail pick up your email via pop3. This will avoid the &quot;spam origin&#x2F;relay&quot; problem of forwarding.

A lot of us have also been caught out by Google announcing they are forcing free G-Suite Legacy users to upgrade.<p>Here is where I am heading (having given the matter much thought and some testing, trial and error)<p>Free Gmail&#x2F;Cal account as I enjoy the software<p>My own custom domains with any registrar<p>Paid Fastmail account storing all my emails to all my domains&#x2F;aliases at Fastmail<p>All Fastmail messages forwarded to Gmail<p>Mail from Gmail sent through Fastmail&#x27;s smtp servers<p>This gives me the mail&#x2F;cal app I like and the freedom to move. I don&#x27;t have a problem with paid. Google are forcing Workspace on me when all I want is email with custom domains.

Buy a domain (I bought lastname.contact) and subscribe to Fastmail or a similar paid-for service. You can then use anything@lastname.contact and if your email service provider drops you, you can switch to another and not care about your contacts trying to reach you or updating the email address of all your online accounts. I couldn&#x27;t be happier with the switch (I was using Protonmail before, and Gmail a long time ago). I still use my work g-apps account (only) for the Play Store on my Android phone.

Are you overreacting? In my opinion, depending on how long the suspension lasts, you may be, though not necessarily. You sent unsolicited bulk e-mail. That <i>is</i> spam. It is possible that your mail helped some people, but anyone who had set up their own filtering to prevent the original mail from coming through would then only see it because of your followup, and additionally the &quot;To&quot; list may well have been spoofed as well and not reflect who the original mail was actually sent to. Google have a responsibility to prevent spam from being sent through their systems, and if this suspension is the minimal they can do to stop your spam, it was the right thing for Google to do, and you would see the same with a lot of other e-mail providers as well. However, if this suspension lasts beyond the point where you are clearly aware of it and can make sure you do not repeat that, then no, as far as I am concerned you will no longer be overreacting and should look to avoid Google in the future.

A couple of years ago I set up a mail server with my domain to forward everything to gmail. I now give everyone these addresses instead of my underlying gmail one. Yes, Google can still suspend my account for any number of reasons with little to no recourse. But this way I retain the ownership of the front door. If Google does do that, I can reconfigure my server to store incoming mail or to forward it somewhere else.<p>Social login is more complicated. I usually set up multiple different social logins for every account to make it more redundant against this sort of thing.

There is a general problem with poor customer service. In the past, I think most people had the belief that you had to have good service to keep customers and if you didn&#x27;t, you lost work and possibly eventually the business.<p>Nowadays, so many services are so sticky that it is not the case that a business has to give good service and also unrealistic to expect people just to go somewhere else if they don&#x27;t like it.<p>In a different but related example, I am remortgaging. The new lender has their own conveyancer who should be handling things. The conveyancer is really slow, doesn&#x27;t respond to emails or phone calls for an update and if they don&#x27;t sort things by the end of this month, I will need to pay another $500 on my mortgage payment. What can I do? Go elsewhere? Not at this rate, I cannot afford to wait another 2 months to apply for another mortgage and I could even end up with the same conveyancer. The Lender isn&#x27;t interested because it is waiting for the conveyancer and the only person who will be out of pocket will be me. Others have had entire sales fall through because the same conveyancer took so long.<p>So what I was thinking was a new law that you are not allowed to advertise or take on any new customers unless your TrustPilot score is above 4. A bit Black Mirror but it might just work ;-)

Free services are fantastic, until they break. Or until you get banned. There&#x27;s people who get their Microsoft banned for no reason, without notice. The reason is some kind of ML algorithm found (rightfully or not) CP in their data, which could have been some public Discord or WhatsApp group or could have been a troll beating the checksum mechanism (it exists for both the Microsoft and Apple one). Good luck getting to talk to a human, and good luck getting your account back. Which includes your Windows Store acquisitions, your Windows&#x2F;Office licenses, your Xbox games. Everything. I see Black Friday sales for family OneDrive. You&#x27;d have 5x 1 TB for 60 EUR a year, a good deal, right? Except I don&#x27;t trust my data there, even encrypted. I don&#x27;t vouch for my backups containing no bogus data, given it also includes something like browser cache or Discord&#x2F;Telegram&#x2F;WhatsApp backups. The solution is quite simple for techies: don&#x27;t rely on cloud; DIY. For the rest of the world, competition would hopefully lead to better product. And this is all about Microsoft. Not Google, they&#x27;re abysmal when it comes to support (for their free tiers).

&gt; what is an identity?<p>PGP is a good solution, and in general the crypto space has the right idea in my opinion. I like the idea of using cryptographic key pairs to sign messages and prove identity, but the learning curve makes it impractical for general use.<p>The best place to start is owning a domain you control, at least that way you can manage your own facade.

You can&#x27;t compel a company to provide you with a service. That&#x27;s a little too close to slavery for society&#x27;s taste. If a company doesn&#x27;t provide you with a service you agreed to, you can get damages from a court, but you have to use such services as your contract agreed.<p>It stinks to end up on the wrong end, but that&#x27;s part of the cost of getting such massive benefits for free. If you want something more reliable or with better customer service, you have to pay for it.<p>You don&#x27;t own phone numbers, emails, names, PO boxes, or addresses. You have them within a legal framework, and you can lose them in that framework. Software products may treat them as unalterable identifiers, but none of them are. Things should always be able to be changed.

The Decentralized Identity Foundation is attempting to build a standard so you can own your own identity that’s independent of any centralized provider: <a href="https:&#x2F;&#x2F;identity.foundation&#x2F;" rel="nofollow">https:&#x2F;&#x2F;identity.foundation&#x2F;</a><p>That helps you ‘own’ who you are, but doesn’t stop someone like Google from refusing to work with you in case they think you’re a spammer (though your DID can provide enough evidence that you aren’t).

&gt; I paid for it, so technically, don&#x27;t I own it?<p>There&#x27;s a lot of scenarios where you wouldn&#x27;t want purchase of service to transfer ownership. People providing services have rights too. You don&#x27;t get to do whatever you want with their brand, trademark, copyright. And you don&#x27;t get to expect more service than is promised, or that you won&#x27;t have your service taken away if the service owner doesn&#x27;t want to deal with you anymore.<p>So you ask, well how can I be protected as a user of services? And the answer is: competition, being an informed consumer, and the occasional regulation.<p>&gt; Do we own our identities? Do we own our phone numbers, emails, handles, PO boxes, addresses?<p>Those are all great examples of why there is no simple answer.<p>You do not own your phone number, but you do have the right to transfer it between carriers, thanks to regulation. You don&#x27;t own your own email address, but you can rent a domain name and do what you want with your email address while you&#x27;re renting the domain. You don&#x27;t own your handle unless it is your real name and you go to court to protect it. You don&#x27;t own a PO box, but you can rent it while you pay for it.<p>Ownership is often just a matter of possession. Who possesses your email address? Who possesses your PO box? Hell, who possesses your <i>house</i>? The land it&#x27;s on? The access people have to it? The impact it has on neighbors?<p>Identity and ownership are complex ideas that are involved in many different levels of our society. As much as people want it to be simple, it just isn&#x27;t. And the world is not going to get less complicated.

&gt; But what if I get reported on my domain name? What if that gets suspended or blacklisted too?<p>Forget about all NFTs-as-scam-overpriced-jpegs, but this is <i>exactly</i> what web3&#x2F;blockchain-based domains are for. Take a look at <a href="https:&#x2F;&#x2F;ens.domains" rel="nofollow">https:&#x2F;&#x2F;ens.domains</a> or <a href="https:&#x2F;&#x2F;unstoppabledomains.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;unstoppabledomains.com&#x2F;</a>

Sorry for the harsh attitude here.<p>You work as devops engineer for 15y and you reply-all to spam emails?

1. You are not overreacting. You have simply woken up to the truth in the online world. For others like Phone numbers and Address you do ( or should do ) have some protection under the rule of law.<p>2. Google has been like that since.... its inception? Which is why I have been Anti-Google ( one way or another ) since around 2004? Google just doesn&#x27;t care. It is not in their DNA to care.

Why doesn&#x27;t Google just rate limit suspected gmail accounts to incoming only and demand that the user identifies for continued use with strikes as on youtube..?<p>I&#x27;ve commented negatively about Google before, and this seems like a very harsh punishment based on what I assume is a rule&#x2F;ML based anti spammer policy with no humans in the loop.

I had my first experience with this recently in which my Netlify account I was using to host a small local community &#x2F; volunteer project was automatically flagged and suspended after I logged in. DNS for the project was also hosted there and when an account is suspended all DNS records are wiped and sites are immediately taken offline, so even things not hosted there (backend and mail server) were also down. I don&#x27;t use it for any professional work (and likely never will after that) and was on a free plan so maybe on a paid plan it&#x27;s different. I&#x27;m just glad it happened with that project where it didn&#x27;t matter and not something critical.<p>I would also recommend buying a domain for your email, that&#x27;s what I did a few years ago and point it to Protonmail. It&#x27;s not self-hosted but at least I can always point the domain somewhere else.

In the early days, I was thepimp@hotmail.com. One day, my account was suddenly suspended because of the handle, no other reason, all data permanently gone, no backsies.

&gt; Two days later, my google account was suspended. Apparently, my account was being used to send unwanted e-mails. Ha! I just became a spammer.<p>The issue is... if you see a mob&#x2F;protest, Usually the police ask you to leave the place - allow them to take care of the issue. Even if your &#x27;attempts&#x27; to resolve&#x2F;negotiate&#x2F;help people are very kind, the LE always says that is not your job.<p>Spam filtering is Google&#x27;s job. Not yours.<p>It is possible quite a few people, marked your email as SPAM and therefore you got flagged.<p>This may sound like victim blaming but please do not take up these tasks unless you know what you are venturing into.<p>Even <a href="https:&#x2F;&#x2F;www.419eater.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.419eater.com&#x2F;</a> advice is to stay away from these people (for safety).

&gt; Do we own our identities? Do we own our phone numbers, emails, handles, PO boxes, addresses?<p>I don’t think anything you listed a typical individual owns.<p>Even street addresses change.

IANAL, but it would be interesting to hear from one. My <i>opinion</i> is that your data is a currency. You <i>spend</i> it in exchange for goods. So, I believe that, yes, you <i>should</i> own the services you have paid for with data.

I got into the exact same problem a few years ago. So, I wrote email backup app: <a href="https:&#x2F;&#x2F;thehorcrux.com&#x2F;why-i-built-horcrux-app&#x2F;" rel="nofollow">https:&#x2F;&#x2F;thehorcrux.com&#x2F;why-i-built-horcrux-app&#x2F;</a><p>I still use Google Apps at this point as it&#x27;s pretty convenient compared to standing up my own server. However, I make sure my email address is on my own domain. <a href="https:&#x2F;&#x2F;thehorcrux.com&#x2F;about&#x2F;" rel="nofollow">https:&#x2F;&#x2F;thehorcrux.com&#x2F;about&#x2F;</a>

How long has the debate been going about personal privacy? Do you think it didn&#x27;t apply to business or corporate entities? Ensuring you are in full control of your passwords was already a thing, but logic suggests being in control of your identity (your login identity) is every bit as important. The reason websites want to use your email address as a logon is they can on sell it.They can aggregate all your data under the username and cross link it. You got it for free. Those services you paid for you actually still have, you just can&#x27;t access them because you used a free service to handle the security. (google, Facebook, twitter handled the verifying it was you and they do it for free - it just cost you your privacy) Sadly, you actually got exactly what you paid for security wise. If you had used your phone number as a logon (don&#x27;t laugh google is doing that too) then all your privacy is out the window because even transitory email accounts can be cross link and you are now fully identifiable. No? Well how often have you changed phone numbers? When you start again, get at least 4 email addresses. 1 private 2 banking&#x2F;financial 3 all the other stuff 4 business (perhaps another one for business don&#x27;t care) Manage them yourself so you can delete or add as the spam&#x2F;junk overwhelms.

<a href="https:&#x2F;&#x2F;www.gnu.org&#x2F;philosophy&#x2F;essays-and-articles.html" rel="nofollow">https:&#x2F;&#x2F;www.gnu.org&#x2F;philosophy&#x2F;essays-and-articles.html</a>

You could even argue that you should own your &quot;free&quot; services, since you pay for them indirectly (through buying products of companies that buy ads, and by watching ads).

&gt; Do we own our phone numbers, emails, handles, PO boxes, addresses?<p>I&#x27;d argue no, and that it should stay that way, and that it needs to become more apparent that we don&#x27;t own those things.<p>Just because I am using a certain phone number today does not mean that I&#x27;ll be using it tomorrow, or still have access to it. It should therefore not be used for identification, even less authorization. Hell, it shouldn&#x27;t even be a requirement to have a phone number.

also, if you fail to renew your domain, it should not go to someone else tomorrow (or even in a year, ... decade, maybe)

Another day, another story about losing access to Google. At what point do we legislate that there has to be a path back for what has essentially become a utility that we can&#x27;t live without.<p>I know a lot of the comments here are &quot;Never again, I only use email&quot;. I fall into that camp personally, but it&#x27;s hard to expect that kind of discipline from others.

Every service that lets you sign up with Google, Facebook, whatever should require a secondary authentication method, period.<p>They should be very aware that this could happen and their customers need a backup, that’s on them.<p>As for emails, contacts, photos, downloads, that’s on us. We need backups like you have but the vast majority of users wouldn’t even know where to begin with this.

&gt; I&#x27;m not going to start hosting my email server,<p>You don’t have to. I use Fastmail on my own domain. Purchasing domain is a one time hassle.

Daily reminder to set up automatic forwarding of all email from you Gmail address to a secondary address. I use ProtonMail.

Gmail itself is a scam.<p>It took me a while to realize how fucked up this &quot;free service&quot; was.<p>We&#x27;ve collectively ben pwned by Google, big time.

You are not overreacting.<p>I&#x27;ve always thought we were excessively tailoring to ease of use rather than efficiency. Recently I started questioning that idea. We should have probably designed everything with security and stability as the nr 1 priority. If it doesn&#x27;t need to be implemented in software it probably shouldn&#x27;t be. Add a few extra chips to the mobo or have some pci card.<p>Government probably shouldn&#x27;t be running things like a messaging services but it can offer infrastructure to facilitate it. An actual court for disputes, violations and crimes would be expensive but its probably worth it. No bans until you get your day in court.<p>Even in extreme cases where you [say] want to discontinue the email service you&#x27;ve provided. We could have laws that force you to auction the domain and force the new owner to continue the service for same price. OR compensate the (free) users for damages.

This is kind of the big issue with technical people not being involved on some civic issues. We might not be able to join the mass of people with every little political opinion on abortion, healthcare, education, etc, but we could outline very specific technical platforms that Congress needs to pass.<p>Case in point, any “free” service that can be used as 2FA authentication, or receive communication from at least one important life service (banking, your school, your job, etc) should fall under consumer protection. They must offer phone support and address any account closures and offer a variety of methods of retrieving the account&#x2F;data. We got FINRA laws like this in finance.<p>^ That won’t change the world, but it would change <i>one</i> thing, that we all understand and can get behind. We could do stuff like this, and mobilize everyone.

The significant risk of the way Google operates is there isn&#x27;t much firewalling of the services. If one piece decides you&#x27;re a scammer, that account can lose access to everything... And they&#x27;ll tie other accounts to the offending one and lock those too.<p>Relying on Google is a single point of failure.

&gt; But I lost access to paid services that I had set up with social login, besides all Google&#x27;s services ( GCP, firebase, youtube premium, google one, subscriptions paid through play store, google ads, etc, etc).<p>So you gave Google total control over your entire online presence, tying a bunch of things you depend on into a tight bundle that would all get banned at once. And, by including so many things, you created more opportunities for something you did with one of them to trigger a ban of all of them.<p>&gt; The google stack is very convenient,<p>... except when you get totally shut down for no reason. Which is an <i>absolutely predictable consequence</i>.<p>You have a very strange idea of convenience.<p>&gt; and it&#x27;s 2022, I&#x27;m not going to start hosting my email server,<p>This reads to me as &quot;I&#x27;m unwilling to take even the most trivial steps to solve the problem&quot;.<p>&gt; But what if I get reported on my domain name? What if that gets suspended or blacklisted too?<p>That is a risk, but, at least as of today, it&#x27;s much, much harder to get a domain name shut down than to get something like a Google account shut down.<p>Nonetheless, you should probably be isolating things that are really important to you under separate domain names unless they NEED to be tied together.<p>&gt; Do we own our phone numbers, emails, handles, PO boxes, addresses?<p>The user agreements for most of those will say no. The standard on the Internet right now is &quot;We can cut you off for any reason whatsoever and you have no recourse&quot;. It&#x27;s right there in black and white. And it&#x27;s been that way forever. Maybe it&#x27;s wrong. Maybe there should be legal changes. Maybe there should at least be changes in common expectations. But at the moment, that is how it works.<p>So don&#x27;t become overdependent on any of them, and don&#x27;t set up a situation where losing one also loses others. This is pretty basic stuff.

I also lost access to a previous gmail account - I changed my password with a random generated one, and god (and a google engineer) knows why, I lost access. No amount of appealing would return my access, even if I was wiling to show my national ID card and stuff.<p>Anyway. About your plan with the email server. We ran such a thing for an organisation in Romania. You&#x27;ll be surprised how many times our emails ended up in Gmail&#x27;s spam folders (other providers too, but gmail runs an especially harsh algorithm for spam filtering), even though we had DKIM, SPF and all that jazz setup. You will most likely be locked out of most people&#x27;s reach, unless you use one of the largest providers. So maybe government regulation is the only realistic way out.

Have a personal domain name and use it for email. That way you are not dependent on the provider. It&#x27;s like owning land, if you don&#x27;t have a domain name and do not own the infra or pay for the services you are just a &#x27;peasant&#x27; with no rights.

You are not overreacting.<p>Google’s aversion to paying humans to provide customer service is actually a plus in most cases, as that means the nonexistent humans cannot be social-engineered into hijacking your account as is all too easy at cellular carriers. But having dependencies on as arrogant and high-handed a company as Google (or Apple for that matter) is asking for trouble.<p>Hosting your own email means getting a domain name from a DNS hosting provider, sadly that is also a weak point of vulnerability. I’ve been doing this for 20 years now, but I wouldn’t be confident that a determined attacker couldn’t take me out despite U2F 2FA with my DNS provider.

I do the same with my own domains and I&#x27;m similarly a Google slave. (huge shout-out to niftylettuce&#x27;s <a href="https:&#x2F;&#x2F;forwardemail.net&#x2F;" rel="nofollow">https:&#x2F;&#x2F;forwardemail.net&#x2F;</a>)<p>That said, I&#x27;m planning to migrate to either self hosted or a paid service which is not run by algorithms and where customer supports exist (in that regards big tech is terrible: facebook, google, paypal = worthless customer support).<p>I completely agree with your premise though: Ideally everyone should have their own server providing a personal site and mail and maybe even hosting a decentralised social network.

&gt; The google stack is very convenient, and it&#x27;s 2022, I&#x27;m not going to start hosting my email server, but I&#x27;m in need of a foolproof and long lasting solution to online identity. And I&#x27;ve started by purchasing a domain name for 10 years and having a &#x27;catch all and forward to gmail&#x27; rule setup. So I can just forward it all to somewhere else in case I lose my gmail again. But what if I get reported on my domain name? What if that gets suspended or blacklisted too?<p>I imagine that&#x27;s less likely to happen? Otherwise I&#x27;m on the same boat :D

&gt; And I&#x27;ve started by purchasing a domain name for 10 years and having a &#x27;catch all and forward to gmail&#x27; rule setup.<p>This is the easiest way to do this since most domain registrars have a forwarding option. Cloudflare recently introduced Email Routing, which has been working well for me.<p>&gt; But what if I get reported on my domain name? What if that gets suspended or blacklisted too?<p>Usually IPs or blocks of IPs get reported for spam, not domains. So in case the SMTP server you use starts to see a drop in reputation you can always change to another one without affecting your deliverability.

Social sign in means all your eggs were in one basket. Google tries very hard to encourage you to do so.<p>You weren&#x27;t wrong to do so, but the convenience&#x2F;risk bet hasn&#x27;t worked out for you. For most people it works out fine -- i.e. car driving risks.<p>I use a different email host, and only use user&#x2F;pass logins, no social. It&#x27;s fiddly, and you&#x27;ll need a good password manager (not chrome) but that&#x27;s the cost of not being exposed to this risk. Only you can decide if its worth it, very few people have the skills for it to even be an option.

<i>You could argue that gmail is not a product that I own, but I paid for it, so technically, don&#x27;t I own it? ... Should we own the free services that we&#x27;ve paid for with money and data?</i><p>I really don&#x27;t see how, so this reads as hand wavey to me. Also, keep in mind, even if we&#x27;re taking claim of payment at face value, you paid <i>something</i> for it, but that doesn&#x27;t mean you&#x27;ve paid in full &amp; paying for something doesn&#x27;t imply ownership (like leasing a car, renting an apartment, etc).

That&#x27;s the reason why paying for a domain and custom e-mail adresses is the best option in my opinion.<p>Changing infrastructure &#x2F; hosting can be done quickly for myself if necessary.<p>Apart from that, knowing that every e-mail I get or send is being processed by google and potentially read by US authorities simply makes me cringe - even though there&#x27;s nothing special in my e-mails.<p>I&#x27;d love to self host e-mail and love to read HN posts about it, but I think self-hosting e-mail can become a time sink quite easily.

I am also worried by this. I have paid one subscription, nest aware&#x2F;protect&#x2F;camera&#x2F;doorbell, youtube premium, pixel phones, assistants, have taken advantage of their photo backup that came with phones.. The prejudice of them closing my account would be in the 3,000$+ range just in now useless hardware. That is not counting the logistical nightmare. I firmly believe we need governmental protection.

You make a good point. Your address is yours because you own&#x2F;rent said property and the address is associated to that. Your phone number also can be yours because you have the ability to transfer it from one service provides to the next. Email should be the same but the problem with email is that it is tied to a domain. Has anyone thought of a way to decouple emails from the TLD?

Huh. I would have never thought that was a risk. It’s the sort of thing I would do. Thanks for the warning.<p>My highest likelihood interpretation is that a bunch of fools marked <i>your email</i> as spam rather than the initial spammer.<p>I think it’s hard to help most people drawn from the total population in an async context because of the 50% being less than median intelligence problem.

In particular for “free, paid by data” services, things won’t change unless there is regulation enforcing ownership. Because email is the central hub for managing identities, I’d therefore always opt for paid services with a proven track record, and also not use social logins.<p>Personally I use my own registered domain for email and would encourage anyone to do so.

Maybe don&#x27;t send spam?<p>Here&#x27;s what you should do when you spam: Ignore it. A reply only lets the spammer know there&#x27;s a live account at the other end.<p>Next time, do a whois on the domain the email came from, see if there&#x27;s an abuse contact and forward them the email, letting them know there&#x27;s malicious actors on their system.

Suspended for how long?

No, you&#x27;re not overreacting since it happened to you. On the other side, you are also overreacting. Take a walk.<p>This being said, since you got a scare, maybe it&#x27;s a good time you buy a 2nd domain from another registar and handle accordingly.<p>PS: how does one find a good domain name?

This is why I want to pay for an email provider but I&#x27;m in argentina with very little access to dollars so they all seem too damn expensive to me. I wouldn&#x27;t trust a local company or something like that we are too scummy in bussiness.

happy to be corrected on this anecdata, but it seems to me that the common thread among nearly all (i can&#x27;t say with certainty, all) of these locked-out-of-Google disaster reports is that the victim was using a free Gmail&#x2F;Google account as one of the central cog in their digital life&#x2F;social&#x2F;single sign-on to personally-vitally-important sites&#x2F;services.<p>pay google the 12 bucks or whatever per month to get a paid account, with actual service people you can call on the phone so if something bad happens, yes you can raise a merry stink about it.<p>become an actual customer! it really works

&gt; Should we own the free stuff we pay for?<p>We should own our own stuff. Your email is your own data. No company should have the right to arbitrarily destroy or block your access to your data. Whether that service is free or paid for is irrelevant; offering a service for free isn&#x27;t a license to rob and destroy.<p>I&#x27;ve argued this point multiple times (e.g [0]). Business who host your data should treat your data as your property and take responsibility for it. They don&#x27;t have right to destroy it or put it through a virtual shredder any more than your landlord or car service should take your property to the junkyard.<p>I also consider it a security issue [1]; if you can&#x27;t access your data (or worse: it&#x27;s gone all of a sudden), security has failed. No, destroying data isn&#x27;t the same as securing it. Google has poor security. Security should protect your data and your access to it.<p>[0] <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=30242824" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=30242824</a><p>[1] <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=30055397" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=30055397</a><p>Unfortunately law seemingly hasn&#x27;t quite caught up with the idea of digital property.<p>Notice that Google&#x27;s automatic suspensions may very well be illegal under GDPR. This was discussed here recently [2]. Having been rejected a credit card application (an example of a decision that should&#x27;t be made automatically, under GDPR [3]) and lost access to a gmail account, I can say the latter was much worse.<p>[2] <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=30138669" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=30138669</a><p>[3] <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=30140312" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=30140312</a><p>I host my own email these days, and I am my own domain registrar. If someone wants to take away my domain, they have to take it up with my government.

Lesson 1: don’t build your mansion on someone else’s property.<p>Lesson 2: don’t use gmail. At least, don’t use it for anything you actually care about.

As an example, I think it&#x27;d be nice if eventually Spotify decided to offer wood-engraved machine-readable BitTorrent QR-code links to each of the albums you have in your profile; effectively available in perpetuity and on-demand by placing them into an appropriate reader with cached storage and Internet connection -- no need for huge capacity in either of those. The engravings could be available on a large delayed timescale to provide for healthy forestation and materials gathering.

How did you get your Gmail account back?

OP - create a new email address and add it to your profile. A Googler might see this and reach out to help.

I do see this overall situation being at least partially consequence of the early internet community thinking that internet could live outside any traditional structures and especially laws. There was this strong sense that we could forge a new ultra-liberal virtual world, free of the shackles of the physical world. In retrospect that way of thinking now feels pretty naive. That led to outright hostility towards any ideas of government-rooted electronic identity programs, or anything resembling that.<p>The reason I think government identities are significant here is two-fold. Firstly it left an vacuum for identities that email, despite its obvious shortcomings, then filled. Secondly, weak unconnected identities provide poor means of dealing with abuse.<p>Sibling threads discuss how kicking people out of e.g. banking or rental involves some legal processes or something comparable. But in those cases both the barrier of abuse is higher because usually there are real consequences, and doing whatever legal process is more practical because the other party is not just some John Doe. In contrast the scale of abuse something like Gmail faces is pretty staggering, and the ability for the operator (Google) to do anything about it is somewhat limited, so it is somewhat understandable how they ended up so trigger happy with bans.<p>I posit that if we were able to implement real consequences to the actual abusers, then we well-behaved users could have stronger standing to demand better treatment for ourselves and we would be less likely to face the current level of opaque algorithmic bans.<p><a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Technolibertarianism" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Technolibertarianism</a>

That is a very big loss as one should not use social logins in all sign-ups.

One thing to consider is the possibility of using multiple separate e-mail accounts from different providers.<p>Currently i have about 10 different e-mail accounts:<p><pre><code> - one for development related things and communities - one for newsletters, various online platforms and so on - one for throwaway purposes, lower importance things like video game accounts - one for university related things (it stayed after graduation) - a few separate accounts (and corresponding Google account) for various phones or other devices, as necessary - some standby accounts if i ever need them, some from different providers to check mail denylisting - a personal address that&#x27;s mostly for contacts through my website or my self-hosted automation messages </code></pre> There are some others, as well as each platform for automation has a separate account as well (e.g. GitLab, Zabbix, Nextcloud, ...), though most of those are on the same self-hosted mail server. Of course, deciding how to structure everything is one&#x27;s own choice, in my case it&#x27;s just historical cruft and loosely defined boundaries of how much i care about any particular item.<p>That said, mail servers that are easy to set up are a godsend (for example: <a href="https:&#x2F;&#x2F;github.com&#x2F;docker-mailserver&#x2F;docker-mailserver" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;docker-mailserver&#x2F;docker-mailserver</a>), as long as you also have one of the larger walled garden alternatives for public communications, should there ever be delivery problems.<p>It&#x27;s not like Google deciding to ban all of my accounts at once (though fingerprinting, or based on IP because i don&#x27;t care to set up some sort of an advanced proxy to access all of them from different VPNs) wouldn&#x27;t be problematic, but this way at least the impact would be minimized.<p>Plus, with software like Thunderbird and something like KeePass for strong randomly generated passwords, managing everything is really low effort. Of course, this also lends itself nicely to avoiding social logins and creating a separate e-mail based account wherever applicable, for a bit more control, rather than keeping all of your eggs in the same basket.<p>As for those who will inevitably say that this is too hard or complicated to be practical: i invite you to try setting up your own mail server with the help of the provided link on a 5$&#x2F;month VPS, things have really improved in the last few years! Of course, creating new Google accounts (or for other platforms) might be a bit more cumbersome with modern verification steps etc., but it&#x27;s not like it&#x27;s impossible either.<p>Sometimes i wish we could do the same for personal identities, e.g. a list of aliases that could be issued through some government org. for particular purposes and revoked as necessary. For example, i wouldn&#x27;t want a leak of some shopping site result in my personal data being compromised in regards to my online banking or my physical address, in any capacity whatsoever.

Don&#x27;t wake the gods.

&gt; free stuff we pay for<p>Did you actually pay for it? With money? Or was it free?

social logins are a dark pattern, don&#x27;t use it

yeah, we really need a decentralized identity service.

The way I see it is that folks are becoming peasants or serfs. They are doing it voluntarily, and are almost solely motivated by convenience. Google (and the rest) talk and act like obsequious servants (one outfit even called themselves &quot;Ask Jeeves&quot; after the greatest fictional valet in English literature!) but they are more like drug pushers: they do not actually care about you, they just want your money&#x2F;data. The free stuff they give you is not altruistic, it&#x27;s to hook you.<p>I know that a lot of good and earnest people work at Google (and the rest) but that doesn&#x27;t change the nature of the beast. If anything it makes it more pathetic that these good people are powering the corporations that are subjugating the masses. They are the ones that hear the sad stories on the back channels (official support is nearly useless, by design!) and intervene with the &quot;Powers that Be&quot; to fix problems here and there. But by easing the pain of some people they reinforce the dependency of all users. (I could go on about the psychological impact of intermittent rewards and capricious authority on conditioning people to obey, but I&#x27;m not an expert and anyway it&#x27;s really depressing.)<p>So, we have been hoodwinked by pushers, we have voluntarily given up our let&#x27;s call them &quot;rights and responsibilities&quot; to these unelected quasi-anonymous semi-authoritarian organizations that are not beholden to us directly in pretty much any way, and we are &quot;fine, just fine&quot; with it right up until they flush our digital lives down the toilet.<p>&gt; Should we own the free services that we&#x27;ve paid for with money and data?<p>No. What are you a commie? Seriously though, you own what you own, you didn&#x27;t pay for anything, and what do you want to actually do anyway? Pass laws that claw back some of your autonomy? Why give it up in the first place? Convenience. Bottom line: you&#x27;re looking for ways to make other people pay for your laziness.<p>&gt; Do we own our identities?<p>Both ownership and identity are abstract mental concepts. In contrast, rights, laws, contracts, Terms of Service, etc. are all part of the vast and ancient mechanisms we employ to manage real world assets and relationships. You can talk back and forth all day but in the end &quot;get it in writing&quot;.<p>&gt; Do we own our phone numbers, emails, handles, PO boxes, addresses?<p>Again, these are mostly philosophical concepts. If you want to discuss them in concrete terms we have to talk about laws, etc. For example people found it desirable and convenient to be able to be reached by the same phone number even if they switch carriers, so we got enough clout together to make some laws about it, and compelled carriers to support it.<p>So we <i>can</i> pass laws to, in effect, create new kinds of &quot;owning&quot;.<p>But again, the way I see it is that you&#x27;re using these FAANG systems out of convenience or because they give you something you want and you don&#x27;t care that they have you by the &quot;short hairs&quot; right up until they jerk the rug out from under you. Yet, rather than abandoning these systems and using something else, you want to pass laws to make them do what you want them to do. In other words, rather than rewarding the folks who are trying to do right by you by using their systems, you want to keep using and even <i>improve</i> the system that is exploiting you, even if you have to do it against the &quot;will&quot; of the corporation supplying the systems&#x2F;services.<p>Is that right?<p>&gt; What do you use for identity?<p>Cryptography. (I originally wrote &quot;<i>Fucking cryptography</i>, duh!&quot; but then I thought that might be a little over the top and changed it.)<p>I use ssh keys mostly.<p>&gt; And what are your thoughts on this?<p>To recap: to me you seem like a lazy fool who should have known better. You seem to want a legal solution (&quot;ownership&quot; is a legal concept) rather than just using some other service(s) that won&#x27;t screw you over.<p>&gt; Am I overreacting?<p>Yes. People are hard at work building &quot;identity&quot; services that work under your own control. You should avail yourself of their efforts, stop using exploitative &quot;services&quot;, and get on with your life.

I&#x27;m curious about blockchain solutions for this.<p>Public blockchains have potential to be part of the solution. Imagine the following:<p>- Decentralized file hosting using IPFS<p>- Decentralized login using ENS &#x2F; Ethereum Name Service<p>- Email service gives you a UI on top of your data, plus an outbound server for relaying to&#x2F;from non-blockchain email accounts<p>Overall, you end up with portable data thanks to IPFS, and a login through ENS to whatever UI you want to use&#x2F;pay for.<p>This seems like a win to me. Haven&#x27;t seen anything yet that pulls this together but the pieces are there. Maybe someone here wants to prototype it.