> They’ve all basically hit the brick wall of Google suggesting that at their scale, nothing can be done about such “edge” cases.
The thing is that at scale your “edge” cases are still millions of people. Companies love the benefits that come from scale, like having a billion people use their service, but they never seem to be capable of handling the other parts that come with it :(
What I don't understand is why there isn't some kind of paid escalation option. I fully understand why they don't provide free human support for a billion unpaid users, but couldn't there be a $50 "OK, we will actually take a look at your issue" option? Surely that wouldn't be a money loser. Hell, you could outsource it.
It seems instead that they just don't even want to touch it.
If that actually becomes a paid service, it must legally bind Google to provide some formal results out of it, or people that paid can now sue Google for something like negligence. Then Google can't conveniently hide all the details about of why accounts got banned when people demand in court. It's a whole can of worm for Google for morsel amount of revenue.
This exists… if you know a googler. I got locked out of my 14ish year old account due to the AI deciding I was no longer the rightful owner even with TOTP codes, SMS, and printed backup codes. I asked a friend who works at Google, and there’s an internal form they can fill out to recover an account. I received a non-template response less than 30 minutes later with a link to reset my password.
Because it would look like "Google is holding my account hostage unless I pay them".
I can't believe I'm writing this, but this is where a middleman could help. Companies can pay a fixed subscription to become "Google Gold Partners" and get privileged access to tech support resources. Users with issues don't pay Google directly, they pay those companies to solve their issues with Google products. In this way Google is still incentivized to solve problems as quickly as possible.
Interestingly, many people already pay for Gmail (or rather Google one) for extra capacity. Yet, I'm pretty sure they get the same support experience. I think it's just not worth for them to change, given that everyone seems ok with the current approach (that lady and a few others obviously aren't, but I don't think they really even make a dent in Google's reputation)
If you pay there is some identity attached to the account so it might actually possibly to recover the account, as opposed to ‘I don’t have the password nor devices previously used or any other recovery mechanism’
100% this. It seems so obvious. If edge case escalation is uneconomical, price it so it's not.
I once lost a Google account because of their "the password is not enough, we'll randomly decide what is" policy. It's very unpleasant to get to that "make another account" page, and realise it's all gone.
I'd have happily paid money to go through identity verification and so on to get it back. Its sad they're just leaving this money on the table, hurting both themselves and their customers.
Because that can be seen as a money making opportunity by one of their executives in future and the number of accounts that would need support could rise.
The trick is regulation. A huge difference between the wildly profitable tech companies and most other large companies is that everyone else has to have customer service departments... large departments providing hundreds or thousands of jobs and salaries helping users with the product.
Very simply, Google and the like should be required by law to have customer service adequate to support user needs in every language they operate. Problem solved.
In the case of a free GMail account, the user who doesn't get the support they need can get a full refund.
In all seriousness, how does it even make sense to regulate expensive customer support for a free product?
If you do, you may not have any free products anymore. But perhaps we'd be better off having decent customer support with no free products.
As for paid products, it does make some sense to have some minimum customer support, but I'll be surprised if there's a proper way to word the legislation to achieve what we want it to achieve.
I don't pay anything for my bank account, but there will absolutely always be a human at the bank I can talk to about problems. It's also not as if users aren't paying for Gmail, business users are paying for it with currency, regular users with data.
Such legislation isn't theoretical or difficult, India already has their new IT law rules:
>The IT rules 2021 provide for creating avenues for grievance redressal apart from Courts and ensure that the Constitutional rights of Indian citizens are not contravened by any Big-tech Platform by ensuring new accountability standards for SSMIs.
>During the extensive public consultations on the ITRules, the Minister of State for Electronics & Information Technology and Skill Development & Entrepreneurship, Shri Rajeev Chandrasekhar had articulated the stand of the Government that - safety and trust of every Digital Nagrik, and robust grievance redressal system to ensure accountability of all Internet platforms offering a service or product, was an unambiguous goal and that all grievances must be 100% addressed.
>The Grievance Appellate Committee (GAC) is a critical piece of overall policy and legal framework to ensure that Internet in India is Open, Safe & Trusted and Accountable. The need for GAC was created due to large numbers of grievances being left unaddressed or unsatisfactorily addressed by Internet Intermediaries. GAC is expected to create a culture of responsiveness amongst all Internet Platforms and Intermediaries towards their consumers.
> I don't pay anything for my bank account, but there will absolutely always be a human at the bank I can talk to about problems. It's also not as if users aren't paying for Gmail, business users are paying for it with currency, regular users with data.
Not only this, but most banks have to be members of a consumer arbitration body, or need to be overseen by an ombudsman.
But this still wouldn't stop any bank from using their contractual rights to terminate a relationship if it may be unprofitable or risky to them.
> In all seriousness, how does it even make sense to regulate expensive customer support for a free product?
It makes sense because email addresses have become the defacto gateway to our entire digital lives. Losing access to an email causes significant financial and emotional stress. It should be treated like an essential utility. There needs to be a minimum level of service even if the product is free.
Everyone pays for Google, just not necessarily via their credit card.
And to be blunt: Considering the vital nature of email to modern communications and livelihood, if free email cannot include a method to regain access, free email should not exist. The amount of damage Google just not caring about people's problems causes is immense.
Gmail is not free. You may not be paying for it with cash money, but you are paying for it with your privacy, and you’d better believe they profit from having your data.
> You may not be paying for it with cash money, but you are paying for it with your privacy, and you’d better believe they profit from having your data.
Truth. People using Gmail can pick one of the options below:
A) "If you are not paying for the product, then you are the product"
B) "If you’re not paying for it; you are the product"
When Google was first starting, savvy techies were aware of aggressive sociopath companies (e.g., Microsoft), and also that Google would probably be very powerful.
Maybe Google had some of that savvy and that's why they instituted "Don't Be Evil".
With all the supposedly smart people and resources that Google has, you'd think they could somehow figure out how not to be the cause of marginalizing people while dismissing them as "edge cases".
Google seemed to change around the time they bought DoubleClick. That was around the time they stopped making anything new which was good, because they stopped making products which the people who worked there personally wanted to use and started making products which they needed to sell ads.
I’m sure that you don’t see people looking out for users for the simple reason that the money guys won and the way you get rewarded is by viewing your customers as cattle.
In a somewhat underhand way, they removed the motto from the company and moved it onto their employees. Something like "Googlers shouldn't do evil". I'm sure HR and the legal teams preferred this shift from corporate mission to employee guideline. This might or might not be completely unconnected with subsequent high profile stories of Google employees being sacked on ethical, labor organisation and culture war grounds.
Its possible there's more of a business reason. Was it in response to censorship in repressive countries, or a response to concern about tracking, data etc.
I have a very old account that I still use for some email forwards to my main account. Even though I can verify all the other requirements, since I haven’t logged into that account with a machine it recognizes that I still have, apparently I will never be able to log into the account. Literally nothing can be done because google would rather take the easy way to handle this.
I have an account that I made in 2005 that can't get past the circle of login nonsense even though I can provide verification codes when it emails the "backup account". What's the point of the secondary account if you can't use it to log in?
There are now email addresses of some friends from my youth (before I wised up and stopped letting my Google account hold important data) forever locked away where I can't get to them. I'd probably have to work at Google to have any chance at all of recovering.
I’ve (slowly) begun to make an archive of all my Google data so it will be less-awful should something ever happen. Your story scares the crap out of me because I (already) have an account that I’ll never be able to access again either - c’est la vie but it still stinks to know that a large part of my life is locked behind a metaphorical prison.
If it is just email, it is more ergonomic to setup a local POP client like Thunderbird to download the emails. You don't have to use it to send email, just configure once and bring it up regularly to fetch the emails. I have a full copy of my gmail mailbox this way (already moved banking/govt services to fastmail anyway).
Yeah, this is what I do for email as well. Lets you seamlessly transition your backup to another service if/when you stop using gmail too. Though I use imap rather than pop, so that I don't end up with duplicates or other weirdness. (I keep incremental backups of the drive where the email is stored, so I'm not worried about a situation where both the cloud and backup copies get wiped.)
Here's the difference between IMAP and POP3. IMAP is a cloud service client, and POP3 is a store-and-forward, more or less. When you configure IMAP, you're operating on files on the server, and some or all of them may be cached, but the client will want to synchronize state with the server at all times. With POP3 you can specify "Leave on server" or "Delete from server". The POP client simply connects once and downloads everything (or everything that's new) and then you definitely have local copies of all those messages.
POP3 is good for use cases where you're rapidly migrating out and you want to wipe the messages clean, server-side. Or, if you believe the server will play hijinks with your messages or folders in some way, POP3 will give you a snapshot from time of download.
For me, I just used google takeout to generate a giant 18gig zip and then I downloaded it. I do that once a year. It takes a long time to download, but it’s actually fairly quick and I wouldn’t describe it as a slow process.
As a counter-example, I haven't had an entirely successful Google Takeout export in at least a couple of years, using their service to schedule the exports automatically every two months.
I always have a failure with Google Fit data, which reports 'Service failed to retrieve this item' on the same JSON file every time. I assume this is something corrupted at their end.
It's not that uncommon for my exports to intermittently show failures with other services -- for example, my latest export, taken on April 20th, also failed to include one of my YouTube videos, with the same 'Service failed to retrieve this item' error. That video is usually included successfully, so I'm guessing this was a glitch.
Nothing major, but I can well believe that others also experience regular errors, although I'm sure we're in the minority.
It's been about a year since my last round (so it is probably time to do another backup) but there were a few services that were flaky. It wasn't even me auditing for missing data, the takeout page would notify you that some data failed to be packaged up.
Why does it matter if it's slow or fast? Because it's easy, regardless.
You just click the boxes for the services you want, it e-mails you when it's ready minutes/hours later, and you download the file(s) at the speed of your internet connection.
Considering it has to zip up many gigabytes of data from various sources, it works at an entirely reasonable speed.
The idea that it's too slow to be of value is a reason not to use it makes no sense.
Do you just not make backups of your data at all, because backups take hours?
I have a similar story with a major ISP. I had their service 20 years ago but eventually switched to a different provider. They let me keep my email address, however, and I set it to auto forward to my new address. I have long since lost the ability to log into that original account, but it is still happily forwarding emails to this very day. They are always scams or junk. :P
Actually, there are opinions that Google exploits locked out accounts, to extract and sell all of its data (to include gov't organizations). It appears while the person still has access to the account, there are limits to how Google can exploit the data it contains.
When the account is locked out, after a set period of time, Google can do whatever it wants with such data without limitations. The number of locked out accounts, in which Google has and could totally and fully exploit, is likely staggering and beyond what many can imagine.
This answers a question I have idly wondered- if I have setup email forwarding, but get locked out of the account, will Google continue to forward the address? So, probably best to configure it while I can.
Given the difficulty people talk about recovering an account to which they've lost the password or recovery methods, it seems like Google ought to periodically ask you to verify that your recovery e-mail and phone number and 2FA device are still correct. It seems like that would basically solve the problem in most cases.
So I kind of find it strange that I use Google services extensively, and yet I can't recall ever receiving a reminder of that kind. But maybe other people are?
Since Google seems to anecdotally make it impossible to recover an account if you don't have access to your old phone number or another logged-in device, it seems like it should be a bit more proactive in ensuring things like a phone number are kept up-to-date?
Obviously that won't help when people don't touch an account for years, but it would help in cases like this story, where people actively use an account on a device for years but without ever having to regularly put in a password.
> it seems like Google ought to periodically ask you to verify that your recovery e-mail and phone number and 2FA device are still correct. It seems like that would basically solve the problem in most cases.
I get prompt to verify my recovery email ~once a year. You guys don't ?
I don't but Google might be able to figure out I'm active enough (e.g. it can tell I pick up on Google Voice calls at my recovery number, and am always logged in with lots of devices) that it doesn't bother.
So stories like this make me assume that Google isn't sending them out enough. But maybe it does? Then is there a question of people's responsibility if they ignore them?
The cynic in me suspects that they probably tried this and discovered that they will lose a percentage of logged-in accounts and how much that costs their revenues/bottom-lines.
Seriously though, even apple does this - where they periodically ask you for your pin/password on phones with fast biometric logins every 1-2 weeks as a memory refresher.
For google: I think they should do a memory refresher too. Once you've confirmed that you remember it, they can stop bugging you for some time. And if a logged-in user can't remember it, then don't log the user out, give them time to save important things.
I have several accounts and Google will only show remiders for those I barely log in. It even used to send reminder emails but that seemed to stop after I marked them as spam.
My wife lost her life’s email despite knowing the password. Google didn’t recognize the device, asked to verify using a phone she doesn’t have access to anymore. Despite knowing her login and controlling the recovery email, she couldn’t login. Everything was tied to her email. She lost access to many other accounts connected to the gmail as a well. Lost contacts, lost YouTube account, and on and on. It was honestly traumatic for her, and maddening because she has the password.
Do not use Google for email. Just pay $5/mo for an email service that won’t ruin your life for no good reason.
> My wife lost her life’s email despite knowing the password. Google didn’t recognize the device, asked to verify using a phone she doesn’t have access to anymore. Despite knowing her login and controlling the recovery email, she couldn’t login.
A friend of mine has encountered this with the TOTP authentication code method. During a move from the US to Europe, they lost their phone. Google let them log in to their regular account no problem, but a second account they use infrequently for a social group got locked out when they tried logging a month after the move. The TOTP secret key string is stored in their password manager and Google doesn't say that the password or TOTP key is incorrect, simply that "for your security, you must complete an additional step" by confirming in an app they no longer have.
Maybe I have been doing IT for too long, but knowing the username, password, and any[0] second factor should always be enough. Surprising users with something else, that they might not have, is unacceptable.
0 - I'm willing to forgive if a second factor was recently enabled; maybe the scammer got in and added a new phone number or backup email account or generated emergency access codes. But, configured more than 14 days ago? Must work.
Yes… but in Fastmail’s case when I encountered an issue I had a “We appreciate your feedback on your use case. We'll take it into consideration for future product planning.” (which is all I was really asking for) from Neil Jenkins, of JMAP fame, within three messages of mine, starting at the standard support form.
Hey it’s your email, trust Google with it if you want. Just know if you ever run into a situation there is no support and they will not help you regain access.
I had a youtube account JimmyRcom with about 21 million total views, I already had 2 stikes already from bogus copyright strikes I never appealed, over 15 years or so. I updated my videos with coinbase referral links. It got picked up as spam and I had my youtube deleted. This also meant the years of favorites, collections, my kids favorites got deleted. All appeals failed. I offered money for a blocked youtube but I get my favorites back. Still wish I could get it back, it hurt quite a bit losing everything. After my kids finally get into school, and the corporate grind cooled down a bit I really wanted to get back making videos
I fully expect to someday lose access to my gmail account because I regularly delete cookies and I won't give them a phone number. If they won't accept a password as proof of ownership on an account, then the account will someday be dead.
So, I have this issue as well, but I found a way around it.
Add the google account to an old android phone you don't use (maybe even an emulated android would work) and it skips all the verification stuff simply because it's on a phone. That way you can keep it logged in and change things even if you can't log in via a browser.
Part of the issue is the account is not dead, in the way many people think. Once you are locked out, after a period of time, Google can do what it wants with it. Which may include looking over or extracting any data from it, then selling it to whoever they like. And where those other entities may be storing your information (or continuously updating a profile about you), for their purposes and however long they like.
So the account is "dead" to you, but not necessarily to Google or at least not until they extract what they want from it (and have sold it to whoever).
There isn't, and of course they will not spell it out. Read Google's policies (https://policies.google.com/privacy?hl=en-US). Google makes it very clear they collect a tremendous amount of data when the account is active, and reserves the right to retain data as necessary for business or legal purposes, security, fraud and abuse prevention, or financial record-keeping.
It's data on their servers that they control, that no longer has a user. The data then can fall into any of the categories mentioned above, to include the possibility of transfer to 3rd party entities. That they may eventually delete it, is different from how they may have used it or to what entities they may have sent portions to.
Google is attempting to migrate my account to Passkeys, which doesn't work at all for me. Despite spending significant time trying to get it to work I cannot get a passkey that works on my iOS device, and without it it seems impossible.
And yet Google keeps trying to log me in using it.
I had a similar experience with an Android. Even though I never approved the use of my phone, Google account security showed it was registered already.
The prompts went away when I explicitly removed it as a sign in option.
I also had to explicitly disable "skip password when possible".
I pay for Google One for this reason and ultimately account recovery due to theft if it came to it. I've never had to reach out to Google but supposedly of you are a paying customer customer service does exist. I know that the FI infrastructure has CS you can reach as I talked to them back when fi first launched and I did some promotion flipping to get a pixel. I'm probably gonna pay for Microsoft's offering it seems you can't just buy hotmail anymore and instead have to pay for the whole office + storage subscription. Same reasoning though I want CS I can reach at my email provider and I want to know they still exist in 20 years if email still exists.
A few weeks ago, I was in a similar situation, I needed to read an email on an old account. I typed my email, my password and then an error, it was blocked for some reason, it asked me to check my recovery email, except that email was never validated (there was a mistake in the domain extension). It should never have blocked an account with a valid password when the recovery email was never validated. I successfully talked to human support, they told me they could do nothing about it. It magically unlocked a few months later, if you lost your account, keep trying, one day you may access it
> It should never have blocked an account with a valid password when the recovery email was never validated.
Should it not? Accounts get "blocked" because of reasonable suspicion that they're compromised. It's not just something they do to annoy you. The overwhelming majority of these situations are surely just password attempt exhaustion. You or someone else tried a little too hard to log in with a bad password.
So... your solution is to disallow that security layer for people who have typos in their emails and never went through the recovery process? That sounds like it's going to hurt and not help.
I mean, yes. It sucks to lose access to an email account. It sucks immensely more to be hacked. And to some extent those requirements are in conflict. There are tradeoffs to be made.
Weird, I’ve had the exact opposite problem. Added a recovery email years ago before Google required the recovery email to be verified. Then I needed to recover the account, but I was not allowed to do so as the recovery email wasn’t verified. Despite the fact I was never asked to verify it in the first place. What’s the point of a recovery email if it can’t be used to recover the account?
> When her ancient iPad finally died, she tried to add the gmail account to her new replacement iPad. However, she couldn’t remember the password in order to login.
There are of course no details on how exactly the iPad died, and it's possible it's been thrown away already, or that it has been remotely disabled, etc.. But I'm very sure that the iPad can be repaired, or at least that the data on the iPad can be recovered. If the problem is that it doesn't "turn on", maybe spend a couple hundred dollars and send it to e.g. Northridge Fix.
If you get an old iPad, you can't (re)install modern apps.
Apple has forced app developers to upgrade their apps, which has revoked support for older iOS versions.
I ran into this over Christmas when trying to help someone who had been using an old "The New iPad" (I think the iPad 2) but had lost the charger cable.
We charged it up, it powered on and reconnected back to their wifi. They had to re-sign in to Apple, but was unable to install any of the Google apps.
This is the 6th month that I lost access to my gmail account because I forgot my password (I was forced to change it prior to that, and I changed my devices). I lost access to many services from McDonald reward program to bank account (which I can recover I think). I just think it is such a bad idea to use email for accounts. I have migrated to iCloud email because it has a reasonable recovery process I can trust. I think the default option for accounts should be phone numbers, anything else is not great.
In the past I have been using iCloud to manage my passwords, but since gmail was my primary, I had the password for many years, I was able to remember it, didn't think it was necessary to use keep this particular account in iCloud. Then 2FA was introduced then forced on my account, I was also forced to change my password because Google was tightening its security (I don't remember exactly), I think that's when it went wrong. The funny thing with Google is that the recovery option should be my phone, somehow it is not enough for Google.
The worst in all of that is that when it is for nefarious purpose, like government access or spying, they don't have issue to have an employee giving access...
In theory yes, in practice Google will stonewall you just as usual and none of the regulators is interested in enforcing the GDPR enough to get this pushed through, so in practice you're still out of luck. Here's a real-life example: https://ruben.verborgh.org/facebook/
We seriously need some stronger consumer-protection laws in those areas. We live in a digitalized World. To some degree those accounts are a part of peoples lifes! Companies should not be able to simply take those away without any good reason and any way of legal recourse.
You most certainly can and they have to provide you the data. GDPR is about you as an individual and the login itself is irrelevant. Chances are you'd most likely hit the same wall when talking to the customer support.
And a related PSA: never use "login with Google" or the like. You're exposing yourself to a severe cascade risk for the sake of saving a a little time.
> And a related PSA: never use "login with Google" or the like. You're exposing yourself to a severe cascade risk for the sake of saving a a little time.
> And your email should be on your own domain.
Underrated comments, right here. I use login with Google for nonessential things, and own my email domains.
The only things I'd add are that you should own both your email domain and the domain for your recovery email, AND that you should be backup files and photos to another service/location.
80/20 solution: People want to use the gmail interface, so the ideal solution is to use a custom domain and point it there. You can still lose all that email but you don't lose the ADDRESS, so all the accounts that you use to login can be redirected to another email platform.
Archived all my old mail in a paid service. Still use the google one for the easy one tap login at many places. But if possible I added the other account too. Some places you can link logins together with regular email password.
> I recognize that there are many different kinds of google users. Some folks [...] need maximum security.
(un?)fortunately this is not exactly true. While it's true that some folks do need "extra security", the steps in discussion here are fortunately still applicable for the general population. We as a society have decided (correctly) that leaking your private photos, conversations and data is an unacceptable risk, and punish the companies strongly for it. So companies cannot just make it less secure.
Auth is a complex topic with many gotchas, and there is just no way around it. It's like saying you'd like to drive a car without a license, sure taking the license is "hard", but if you want to drive it's what you've got to do. But only there's a hundred cars actively trying to crash into you and steal your goods.
> We as a society have decided (correctly) that leaking your private photos, conversations and data is an unacceptable risk, and punish the companies strongly for it.
On what planet do companies get punished strongly for leaking PII? It happens to me multiple times per year and if I'm lucky I get a pittance from a class action suit years later. The executives who raked in huge bonuses cutting security don't get punished and the company stock price rarely suffers beyond a blip when the leak is first disclosed.
Punish companies is not the same as you getting compensated. It happens (at least in EU) harsher with the GDPR, so yes it's fairly recent, but so is security online (just 10 years ago not even half of the sites used HTTPS).
There's dozens of high-profile fines every year due to data mishandling from Europe, just a quick search:
> Data protection supervisory authorities across Europe have issued a total of nearly EUR1.1 billion (USD1.2 / GBP0.9 billion) in fines since 28 January 2021, according to international law firm DLA Piper.
If you think those fines are strong punishments you are, frankly, delusional. Those figures are a drop in the bucket and are regarded by the companies in question as little more than the cost of doing business. Start putting CTOs in handcuffs and I'll consider it a strong punishment.
Edit: Also, just to be clear, the reason I brought up class action lawsuits is not because I think all punishment will result in remuneration for those affected, but because in those cases the class action lawsuits were the only consequence the companies in question faced.
Yes, I believe fining a company 1-10% of their annual revenue (not profit) is a strong fine (for this kind of crime!). The kind of issues I'm discussing here, involuntary data leaks, we are trying to make them change their ways, not to bankrupt them or have them leave the market altogether. These fines escalate (the next bigger than the previous) and can be repeated as needed, so if they don't change their ways they WILL be fined into oblivion. But the main goal is for them to change the way they deal with data and security.
> Start putting CTOs in handcuffs and I'll consider it a strong punishment.
But we are discussing companies, which take decisions to maximize profit for their shareholders; I would also agree with putting CEOs/CTOs in handcuffs under the right circumstances.
The latest Facebook one is literally 10% of their revenue (in Europe), how is that laughable? That's a big chunk of money, if you add two zeros to them that's probably more than their lifetime revenue.
This class of users is also some of the most easily scammed.
These folks, who need "less security", are the exact same who will tell a stranger their password over the phone simply because they said they worked for Google. Scammers can use data from an email account to write convincing fake communications that lead to folks losing their life savings.
Teaching folks that their data isn't important enough to turn on security, is teaching them to fall into scammer's traps.
security against leaks needs to happen at the backend. security to access an account doesn't protect against leaks of the database. it protects against personal data or identity theft, which is not something companies get punished for
They are unfortunately all related in multiple complex ways; for example password strength is important against leaks if the data is encrypted. Some times a leak happens through admin accounts, so if you have a single sign in system then security to access those is important.
I've said it once, and I've said it again for well over a decade. The only google account recovery is creating a new account in 5 minutes. If doing that does not restore the full extent of the purpose for which you were using google's services, you're doing it wrong.
Google accounts serve one purpose: if you are trying to use a google resource that requires an account. Example: save some marked places on google maps.
I can't think of other examples. As the article states, google's explanation for their user-hostile policies, is that at their scale, there is no other option. The other option is, provide services at a scale you can support, and if going larger is not affordable, then you are not able to go larger.
Imagine going into a store. You purchase a microwave. You get it home, open the box, and in the box is a dead cat. You take it back to the store, and there's no one to talk to and no customer service desk. You walk back out of the store with your dead cat in the box, and when you show the receipt to the guy in the store, he accuses you of stealing a microwave because the receipt is from yesterday. No, he won't look inside the box, there's another customer walking out whose receipt he needs to check.
Then they ban you from all their stores for trying to steal a microwave, because they have you on camera walking.
You write a letter to corporate, and they tell you that at their scale, they cannot have a customer service desk, or hire another receipt checker.
The thing is, there's actually no real reason to use google for anything. You don't need to ban it from your life, you just don't use it for anything that needs an account with data you need to keep. I use google products for maps and to chromecast to my tv. I use it for search. When I get a new machine or browser, that account just gets recreated because I don't bother storing their password or login name. Like for this site.
I have had a Google account for quite a while. I got a fairly early Gmail account when it was apply for an invite only. I had a G+ account that was taken around the back and a single shot heard. That was well after my home page of links thingie was unceremoniously put down (I can't even remember what that was called).
I would not dream of actually putting anything useful into a Google account. The most basic of due-dil process should ring an alarm bell enough to awaken the dead.
Entrusting your corporate data to Google is playing a form of Russian Roulette. Do ensure you have local backups. I understand why unprofitable products get dropped by Google - my company does the same thing. However, I'm not running a hyper-scaler cloud. A common misconception about the cloud is that you simply divest all responsibility and shove your stuff into it and all will be well.
I've had better luck over the years with google drive to store my documents than a physical backup drive. But the thought of losing access to my account scares me
You will always need backups, regardless of where your primary storage is. These backups could be local or remote.
You have to decide how important your data is. You might divide it into a few categories and decide what you can or cannot afford to lose for each category. For example your password database and family holiday pics are often more important than nearly everything else! Then you decide how much money to throw at all this. It's all a big risk assessment thing.
If you will insist on cloud then please use two of them or one and a local backup system. For really important stuff you can buy a brand that you have heard of 128GB USB stick for about £13 (just checked on Amazon). That's bugger all cash! Buy 10 of them.
Please take responsibility for your data. Use cloudy stuff for convenience but do not lose sight of who really is responsible for it - you.
it depends on what your remotes are, and what your risk profile is. consider the problem that your internet access may go down and you are cut off from all your backups, unless one of those is your parents house where you can get to without internet.
I touch my backups less than once a month and I lose internet less than once a month so I think I'd just shrug if those overlapped and I didn't have local backups.
depends on where you host your data. a decent provider will include a few terabytes of traffic per month. and since you won't have a lot of people accessing that data, your traffic won't exceed that of a moderately popular website.
But that's my point, to answer the question asked. You're mirroring between two cloud providers, one cuts you off and you need to egress all your data ASAP from that provider, to a new one. If you have your primary local, you just push to the new provider free.
Example: my work places all our files, including your docs and desktop folder, on OneDrive. There is a local cache, but they don't actually let you do a full sync to local to minimize egress
Example: they replaced my laptop, I had about a TB of data generated on the old one. It's all in OneDrive. I power up the new laptop. I can't just sync everything to it - they disable that via policy. Every time I open something for the first time, it downloads. So if I wanted to say, copy all my crap to AWS. Now I have to Egress the whole thing from Azure.
Now, imagine you have more than a TB. Not arguing either way - just answering the question.
sure, i understand that. but it suggests that OneDrive may be convenient but ends up being expensive for lots of data. i have a root server, which means more work to set up, but i get 10TB traffic per month included in the hosting price. i am more likely to get in trouble with my local ISP if i download more than 1TB than with my hosting provider.
anyways, we obviously both agree that having a local copy is a good idea either way, and i appreciate your additional examples of the problems that one can run into with a remote only backup
I unfortunately can't answer that. My work gives me double-digit TB OneDrive, and if I need personal stuff on there, I put it in a password-protected 7z file. I don't actually use it all that much though. I just rsync between two laptops in the background and a copy of everything gets pushed to my phone when I plug in to charge at night. I only have about 500GB of data that I care about not losing - like a dump of all my emails in a pst going back 7 years, and some photos and personal video. Rsync does it all w/ 3 copies on local devices, and I don't think about it.
The thing is that at scale your “edge” cases are still millions of people. Companies love the benefits that come from scale, like having a billion people use their service, but they never seem to be capable of handling the other parts that come with it :(