If you lose access to your gmail account, you also lose access to changing your password on any service that makes you do so through an email link - I know of some services that don't even let you change your account email without clicking on an email authentication link.
So not only is there the always-lingering possibility of losing your google account to automated shutdowns, you can also lose access to services that you use that use authentication through email, quite an uneasy thought.
It's crazy to cede over ones entire identity to a free "best-effort" service.
I make it a point to have my emails on my own domain. I use Google Apps and then use my own IMAP backup app (http://thehorcrux.com/). In case something goes wrong, I intend to move providers and restore the emails back.
There are also a few command line tools like http://gmvault.org/ if you love tinkering.
But the reality is that people need to start diversifying or risk:
"A few minutes into my Google-less existence, I realized how dependent I had become. I couldn’t finish my work or my taxes, because my notes and expenses were stored in Google Drive, and I didn’t know what else I should work on because my Google calendar had disappeared. I couldn’t publicly gripe about what I was going through, because my Blogger no longer existed. My Picasa albums were gone. I’d lost my contacts and calling plan through Google Voice; otherwise I would have called friends to cry."
"My data was intact save for the last thing I’d worked on–a spreadsheet containing a client’s account numbers and passwords. It seems that Google’s engineers determined this single document violated policy and locked down my entire account. My request to get that document back is still pending."
So you can't keep files you need to secure in Drive? Blown away by this. And the access to the entire ecosystem based on one document. This is not good. With that logic if there is a DCMA request or problem with a video on youtube the whole site should just shut down.
I hope this gentleman is wrong. I really do.
To combat this, I wouldn't be surprised if Google had software that tried to detect this (maybe look for spreadsheets of username/passwords), and shut down the accounts associated with it.
> Google told me for the first time that it reserves the right to “terminate your account at any time, for any reason, with or without notice.”
No one reads the ToS / AUP, but this shows why it's a problem. It was not the first time Google told this guy; he was told in the legal documents that he agreed to when he signed up.
Yes, Douglas Adams had it right.
> "But Mr Dent, the plans have been available in the local planning office for the last nine months."
> "Oh yes, well as soon as I heard I went straight round to see them, yesterday afternoon. You hadn't exactly gone out of your way to call attention to them, had you? I mean, like actually telling anybody or anything."
> "But the plans were on display ..."
> "On display? I eventually had to go down to the cellar to find them."
> "That's the display department."
> "With a flashlight."
> "Ah, well the lights had probably gone."
> "So had the stairs."
> "But look, you found the notice didn't you?"
> "Yes," said Arthur, "yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard'."
https://www.gnu.org/philosophy/who-does-that-server-really-s...
The problem with these web services is that they allow a single service provider to screw you over on a whim. Why put yourself in that situation? Why leave yourself vulnerable to unscrupulous competitors and governments who might try to copy your files without permission, because some service provider was more concerned about complying with warrants and monetizing your data than about security? Stay in control of your data, and you will not be posting these sorts of stories to HN.
Keep a backup on media you own. Or, at the very least, mirrored across different providers.
There is a "must be this tall to ride" limit on the Internet, and that is your own IP and the ability to act as a peer on the network.
If you don't meet those requirements, you are just a consumer. You're eyeballs that someone else is renting out. You're a digital serf.
I'm running mine off a Synology DiskStation that sits at home. Mobile clients for Android and iOS. Sync clients for Windows, Mac and Linux (plus source code if you want to write your own): http://owncloud.org/sync-clients/
You could point OwnCloud at the same folder as Dropbox. Both monitor the same folder. Double backup.
http://www.lifehacker.com.au/2013/04/how-to-set-up-your-own-... http://jamieflarity.com/technology/owncloud-and-email/
If by strange you meant "bad", then I agree with you.
(i.e that the person should have a copy of their data).
* We use Google/Gmail only for mail hosting, not for calender or cloud storage.
* Google apps with our domain.
* We have also an account at Yandex.
* DNS service from DynDNS, MX ttls set to 3600 seconds (1 hour, it could be less)
* For virtualization, we have a i7 machine with 2x1 TB disks (Raid-1).
* For webmail, calender, sharing etc we use Zimbra ( open source version ).
* Everyone has an internal email ( x@office.domain.com ) and external gmail account. Zimbra syncs itself with gmail.
* When somebody sends email , depending user, zimbra send it using gmail or relay.
* At 3 a.m. system automatically shut down Zimbra , takes backup on usb 3 hdd (~100Gb, arround 40 mins) and brings up it again( I know, there is a room for improvement, like rsyncing /opt/zimbra directory ). We change usb disks everyday or two and store other disk at somewhere outside the office.
So,
- If Gmail "dumps" us, we can change our MX to Yandex, stuggle couple hours and then continue to work.
- If local server burns, users can continue to work using Gmail while we build & install new one.
We tried rackspace email hosting but it had problems ( some mails doesn't delivered, some incoming mails lost etc ). Fastmail was/is expensive comparing current infrastructure and it could be viable if we have more than 30 persons.
P.S. : I'm not saying this solution is perfect or it's the only way to do, i'm just sharing.
</shamelessplug>
I made a choice that day and I still stick to it:
I split my Google identity.
My original Gmail account is still in use and I use that for anything social, for any settings and preferences... i.e. the non-essential stuff: Google+, Chrome Sync, Android Play Store, and Google Currents.
A Google Apps account deals with anything that I care to keep and is on my private domain: Gmail, Calendar, Contacts, and Drive.
I then used sync control in Android to turn off everything that each account won't use. And in Manage Domain on the Google Apps I disabled G+ and anything social.
For me it's a risk limitation exercise.
Should Google lock my Gmail, I lose things I don't care about. I keep backups (Gmail offline + Grive) of my Google Apps domain, and should that get locked I can change the DNS, setup my own email and restore the backup via IMAP.
I get to benefit from Google services without a large exposure to risk should something happen.
Sure, you could just set up your own email server but why go through the hassle? There's a real opportunity here, my mother doesn't know how to set up her own email provider, neither does my aunt. A good email provider will make it really easy to do everything related to email with advanced spam filtering capabilities and will run a very tight ship.
A man can dream.
Web access is usually terrible though. If you're lucky, they provide roundcube, which is ok, but certainly inferior to Gmail. If you use IMAP and some desktop client, this might not be a problem.
The hard part is the calendar and contacts. I don't know of any CalDAV or CardDav provider. Your best bet is probably some hosted Exchange solution, which provides ActiveSync.
My point isn't about the nature of the data that was stored, my point was the economic reliability of the tool being used to store it. In other words, you want the provider to have some significant incentive not to screw you if your livelihood depends on it.
"A few minutes into my Google-less existence, I realized how dependent I had become. I couldn’t finish my work or my taxes, because my notes and expenses were stored in Google Drive, and I didn’t know what else I should work on because my Google calendar had disappeared. I couldn’t publicly gripe about what I was going through, because my Blogger no longer existed. My Picasa albums were gone. I’d lost my contacts and calling plan through Google Voice; otherwise I would have called friends to cry."
And that list of losses can be expanded if you use other Google tools.
Personally, I just don't get it. I was using various forms of email before Google even existed. I settled on Outlook and self-hosted email on Linux a long time ago. Oh yes, MS Office for docs, calendars, etc.. Perfect? Nope. But nobody can flip a switch and take it all away overnight.
I simply could not fathom running any of my businesses with this kind of daily risk. Any one of your employees could trigger a Google account shutdown and cost you dearly.
What's the problem here? Are MS license fees too expensive when compared to loosing all of your data overnight?
As for the other non-MS Office services offered by Google, well, there are tons of alternatives, free and paid.
I was lucky enough to learn this lesson about three years ago when a client's account was shut down merely for moving about two hundred domains to a an "AdSense for Domains" service they used to offer. Bam! Three days later their entire account is shutdown, AdWords, AdSense, Gmail, Docs, everything. Wow. New user too.
From that point forward I made a few decisions I have yet to violate:
- Use Google Search if you must
- Use Google Analytics if you must
- Use Google AdWords if you must
- Do not base a business on Google AdSense.
Your entire revenue stream could evaporate overnight.
- Do NOT use ANY OTHER Google service, no matter how enticing or
convenient it might be. Consider what the cost to your business
might be if that new sparkling offering on the table
is pulled away without notice or recourse.
- Do not build a business on a foundation someone else has full control over.
If I were running an investment firm I would have a clause in my contracts requiring that no business-critical services are to be hosted by Google on any companies we'd invest on. Talk about playing with fire. Invest millions into a venture and Google pulls their data backbone from right under them? Crap! Screw that.
- Reliability. The electric transmission net was shit at this time. Blackouts each week, sometimes each day were typical
- Cross-transmission i.e. a shared transmission net instead of one net per provider, so you could switch without much hassle if your provider failed you
- Better contracts to guarantee that you will get your electricity and that a company cannot dump you without notice
AFAIK they can't just cut your power one day because you tripped some arbitrary secret metric.
The only thing left to be desired is support for tagging in Roundcube. Thunderbird has it, but it would be nice to have it in the web interface, too. There's a ticket for it in the Roundcube tracker[2] but it doesn't seem to receive much attention yet.
Personally I hope that with the recent closures of Google services more people choose to run their own services with free/open source software. With VPSes and modern tools this is cheaper and easier than ever, and if we want the web to remain free and open, it's much better to have some diversity and decentralization, instead of placing everything in the hands of Google and Facebook.
[1] https://patrick-nagel.net/blog/archives/389 [2] http://trac.roundcube.net/ticket/1485799
(Of course I have to keep a backup of all the mail, but that's as easy as having some client download it.)
"Free email, with 1 GB of email storage? Neat". "Nice fast web-browser, nice features? Neat!" etc etc.
People on HN do AB testing for button colours in an effort to reduce friction to the lowest possible. It's not that surprising that people think "it wont happen to me".
See also people who never make backups until they learn the lesson that first time they lose everything.
A. Does anyone have a valid story were the user actually lost everything, for good?
B. Assuming it's possible the risk of catastrophic failure by losing Google can still be lower in a risk assessment than the cost of redundancy or of making each part independent. Especially in a startup where there is already risk everywhere.
1) A hands-off, hassle-free service that connects to all your Google 'properties' and backs up everything every hour, on the hour, and allows easy importing into a selection of similar replacement services if/when the Googleplex smites me down.
2) See 1).
You can download CloudPull from: http://www.goldenhillsoftware.com/
CloudPull is free for a single account. For $9.99, you can upgrade to get premium features including support for up to ten Google accounts.
John
Now when a problem arise, just stop using GMail and use Roundcube directly.
Search: DuckDuckGo, Bing, Ask, Wolfram Alpha, Yandex, Baidu
Scholar: TODO
Patent:TODO
Image: Bing
Shopping/price compare:
Photos (Picasa): Flickr, SmugMug
YouTube: Vimeo
News: Yahoo, TODO
Mail: Yahoo, Hotmail, Thunderbird, Fastmail
GDrive (storage): Spideroak, Dropbox,
Documents: Microsoft, Zoho, OpenOffice
Calendar: Zoho, Hotmail, AOL Calendar, 1Calendar, Outlook, Thunderbird, 30 boxes
Chrome (Browser): Firefox, Opera, Safari, Chromium with Chromatic
Google+: Facebook, Twitter, Identica, Diaspora, LinkedIn, Foursquare
Maps
routing: OSRM, Bing (=Yahoo), MapQuest, GraphHopper ;)
local search: Yelp, Bing (no API!)
mobile: TomTom
Google Streetmaps/Earth: Bing 3D
News: Netvibes (full of google search ;)), Yahoo, Twitter, breakingnews
Reader: Netvibes, liferea (Linux only)
Alerts: Netvibes
Translation: Microsoft
Analytics: Piwik
AdWords: TODO
Google Books: nothing found!?
Google Sites: Wikispaces, Zoho
Google Talk/Hangout: skype, talkyoo
Blogs: Wordpress, tumblr
Code: GitHub, SourceForge, BitBucket
Groups: SourceForge
Checkout/Wallet: TODO
Google Apps: Amazon
Speech Recognition: Nuance
Google Voice: PhoneBooth
Google TV: Apple TV, Samsung, LG, ...
Chrome OS: it's Lubuntu!
Smartphone (Android): iPhone, Nokia, BlackBerry, Ubuntu
Play Store: Apple Store
music: spotify, itunes
Self-driving car: BMW, Audi, Volvo, Mercedes-Benz, Toyota, Nissan, ...
ToDos for Google: Offline routing, Own Games, Porn, Ebay, Amazon clone
If there isn't then what you're doing is called "taunting".
The Data Liberation Front lists which services can be backed up, and how to do it: http://www.dataliberation.org/
It supports Gmail, Google Contacts, Google Calendar, Google Drive (formerly Docs), and Google Reader. By default, the app backs up your accounts every hour and maintains old point-in-time snapshots of your accounts for 90 days. All the data is available in standard file formats.
http://en.wikipedia.org/wiki/Data_redundancy
We have a term for what you're describing already - Backups
Or, there's Git, which is even better.
What I'm getting at is that we are the first line of defense when it comes to our data.
I'm sure you've heard the colloquialism, "don't keep all your eggs in one basket?"
You don't own what you can't control. Even if your name is on it, even if you've given it to everyone, even if you use it on a million other accounts as a means of access and an identity, you don't really own it.
This is why, I still keep a contact@domain for professional work while saving all my personal stuff on Gmail locally via POP.
The nice thing about HN (or the bad thing; depends on your perspective) is that it doesn't need an email. I wish more watering holes were like that. Alas, people are flaky with passwords and need resetting from time to time.
Everything was backed up. My passwords were safely stored. But it was going to take some time to get to them.
I did have my Google password, so I logged in. I was on a different computer, a different OS, a different network. I was asked to enter my Google Authenticator number, and then BAMM I got access to everything.
I realised just how scary the Google 'Save passwords' thing is.
I trust Google, and I know they have smart people working on security.
We've seen similar where someone having their Google account hacked lost access to everything.
This should be part of your back up / disaster planning. I guess there's a niche for a single page check-list of what people should be storing 'just in case'.
So Google really closes accounts?!?
Wow...
But honestly, what the fuck are governments doing?
I mean, companies like Google, Facebook, Paypal etc. are de-facto monopolies and should NOT be able to refuse service to anyone, much less ban existing users!
In general, any company pulling such obvious "dick moves" needs punishment.
What's the point of having a government and a law system if it cannot even enforce such basic stuff?
The point is it's not just data that is lost and of what is, not everything is easily backed up on local storage.
I think there's a case to be made for self-providing your own dial tone as well, given how simple and cheap that has become, but I can't push that as I haven't even done it myself...
I'm quite happy paying for a service because when it breaks, I can reasonably expect the problem to resolve itself.
If I host my own mail, when it breaks I'm up shits creek until I fix it. Which depending on my schedule, could take a week.
Probably dies on the platform of "people don't have good broadband".
Generally, in common law countries, if you're not paying Google for the services, the legal system won't help you. Since you gave no consideration for the services you got, there's no legal contract, so you can't even enforce their own terms of service against them.
(In theory, an action in tort for negligent provision of services can succeed against a provider you didn't pay - but in practice, that'd fail for a number of reasons in this situation (in England anyway)).
As soon as you're paying for services, the whole thing changes. You've suddenly got the contract law at your back, and with that comes whatever laws govern unfair terms in consumer contracts, and the supply of services to consumers, in your jurisdiction. You're in a vastly better position, legally.
You might want to take a look at some policies from others in the industry to get a more accurate picture of this landscape.
These policies are constructed as such to mitigate litigation, which the author concedes. Regardless I'm glad this instance had a happy ending.
It’s also worth mentioning the the paid tier of Google Apps operates under completely different TOS: http://www.google.com/apps/intl/en/terms/premier_terms.html
Those too should be very careful to not get regulated by an angry mob. I'd say well deserved.
For instance, I host most of my business on AWS. We recently had a compromised server that delivered malware to some of our Web visitors resulting in Google completely blacklisting our site, and ultimately resulting in AWS sending us a threatening notification that we were violating their terms of service by serving malware and we could be terminated at any time.
Within an hour of finding out the root cause we cleaned up the malware issue, but we spent the next 24 hours trying to get Google to remove the blacklist and kept our fingers crossed that AWS wouldn't just terminate all our 17+ instances and ask questions later - effectively putting us out of business.
Welcome to the cloud!
All of these widely used and are subject to loss of service, arbitrary account shutdown, data loss, and data theft. None of them are really trustworthy, particularly not as a primary data store, so I find it odd that the commenter rants about Google - the problem is trusting any corporation with control over your data.
The interests of a corporation and an individual are not likely to coincide in the long term. Google is not evil, they're just a corporation like any other.
The handful of times I've had issues, I usually take to twitter, and it magically gets resolved within a day... I'm overly tethered to google at this point. via Andriod and Google Voice alone, it's been a difficult weekend with the issues GV seems to have had since Friday. I've recently cloned my dropbox to both google drive, and skydrive... which gives me a little security.
For the past two years, I've been using my gmail address more, and my own domain email less, because the gmail ui has been more convenient... without igoogle/reader I don't think that's as much the case, but if I lost my email (logins for other sites) I'd be boned... I recently had to re-enable a domain on my mail server just to change an old account on a site I needed to recover. Not cool/fun.
But I strongly believe search needs to be decentralized. Something like P2P. I mean it's like basic healthcare rights (or right to live) on the Internet. Without search most of the Internet is blocked for you and this mostly lies in a few corporate behemoths; no, I let me correct it - that's just one!
Or are there already services like that? I don't think DDG can simply read from Google indexes and give us the results or maybe they can but it still is dependent on indexes by Google which shuts accounts without notice and it's gone for good if you don't know anyone inside or your story is picked up from the Internet.