[HN Gopher] Updating our inactive account policies ___________________________________________________________________ Updating our inactive account policies Author : msla Score : 93 points Date : 2023-05-16 19:13 UTC (3 hours ago) (HTM) web link (blog.google) (TXT) w3m dump (blog.google) | lakomen wrote: | ... I'm about to explode. | | I have a very old youtube account which I can't recover, in fact | there's 2 of them. They have content on them that I will never be | able to reproduce, but I watch it from time to time for | nostalgia. | | This post means that Alphabet will delete old legacy content on a | huge scale. The world will be poorer for their culture. It will | lose the ability to watch very old youtube videos. | Efimeridopolis wrote: | you are right but for your case, yt-dlp. | somegent wrote: | You can download youtube videos | neltnerb wrote: | I only use YouTube through these third party privacy tools. | | https://libredirect.github.io/ | | I noticed that when you access YouTube videos through this you | can just right click and download. | Eumenes wrote: | This seems pretty reasonable. Google is a for-profit company, | hosting your shit, for free, indefinitely, isn't their | prerogative. They should offer some one-time fee or small | reoccurring charge to keep your stuff in hibernation mode or | something. Like literally $1. | lakomen wrote: | Youtube is a defacto time travel machine when it comes to | culture as video. You can watch videos from 2004 and earlier. | It's the only platform that could allow itself to act against | copyright laws. It's part of the cultural heritage of humanity. | Eumenes wrote: | Okay, what does that have to do with Google not maintaining | history of the videos you watched? You can still bookmark | links, download videos for offline use? | sacrosancty wrote: | [dead] | JohnFen wrote: | > Starting later this year, if a Google Account has not been used | or signed into for at least 2 years, we may delete the account | and its contents | | This is great news! I have a couple of Google accounts that I | couldn't delete because I lost the login credentials. I | appreciate that Google will go ahead and do that for me. | jeffbarr wrote: | I understand the risks of inactive accounts, but as I have | pointed out here before these binary policies do not address the | all-too-common situation where someone is forgetful and/or | incapacitated prior to their death. These people have more | important things to think about than their email and their | photos,and the transition from alive to dead (to be blunt) can | easily take more than two years. By the time that the estate and | the executor has control of the account it can easily be too late | to save precious memories. | qingcharles wrote: | I wish I could get into my old Google account. I unexpectedly | went to jail for 10 years and when I got out I couldn't log into | my account because my 2FA (phone) was gone. I had 10 years of | email in there. Would love to find another way to authenticate | myself. | | Looks now like it is all going to be hosed anyway. | WeylandYutani wrote: | I understand that 2FA is good but it can also be annoying when | you've forgotten the email backup. | vidar wrote: | Surely there was some buildup to it :) | lcnPylGDnU4H9OF wrote: | "Unexpectedly" in this context might be referring to the | actual event in which they traveled from their home to their | cell, in which case the unexpected nature could easily | prevent them from securing the Google account. | | I hardly think it matters anyway. Take out "unexpectedly" and | their complaint is exactly the same. Suggesting that someone | who went to jail shoulda/coulda/woulda taken steps to avoid | being locked out of their Google account is not practically | different from victim-blaming. | stronglikedan wrote: | It's very easy to be arrested, denied bond, be convicted, and | serve your time, without ever leaving the jail/prison system. | Especially if you're poor. | arberx wrote: | How do u unexpectedly go to jail for 10 years? | [deleted] | moritonal wrote: | Well I doubt they expected to get caught ;) | dist-epoch wrote: | For example you are in Russia and are accused of being a US | spy as retaliation. | skissane wrote: | Ideas: | | (1) sign up for Google Workspace subscription and then log a | support ticket saying you want to migrate your old account to | Workspace | | (2) hire a lawyer and get them to write a letter to Google | asking nicely. If that doesn't work, you could have the lawyer | escalate to threatening a lawsuit, filing a lawsuit, | subpoenaing the account contents, asking for a court order that | Google give you access to the account, etc - even if it turns | out the law is on Google's side not yours, they may decide to | fold just to make the issue go away | | (3) contact a journalist. Since you are a former prisoner, | you'd need to find one with appropriate sympathies (pro- | criminal justice reform, etc). If they make enough bad PR for | Google, they may give you back your account in response. | Probably depends also on what your conviction was, since some | offenders the public finds it easier to sympathise with than | others | | None of those methods is guaranteed to work, but they all have | potential. It really depends on how much you want that account | back, and how much time and money are you willing to spend on | it | grose wrote: | I seem to have lost my old YouTube account. I used a username | (not email) to login, and then I used that same email for a | different account, and now YouTube doesn't let you log in with | usernames anymore, so it's in limbo. Now it looks like they'll | delete all my videos and there's nothing I can do about it. | thund wrote: | [flagged] | crazygringo wrote: | I'm seeing a lot of criticism here in the comments, but what's | the alternative for free accounts? If you're not using it, how | long is Google (a for-profit company) supposed to hold onto your | data for free? 100 years? 50 years? 15 years? | | 2 years seems pretty reasonable to me for something provided by a | for-profit corporation. And as other reporting has noted, they're | not deleting YouTube videos (makes sense, since while nobody else | views your e-mails, public videos are public). | | People here are saying, what about if you go to jail for more | than 2 years, or you're in poor health for multi-year stretches? | Then pay for a cheap Google One subscription, export your data | with Takeout, or have a trusted friend log in once a year. These | are lots of options. | | If this were a government-provided service then it would be one | thing. But it's not, it's a for-profit company that gives you | free products in exchange for ads. There are lots of options for | keeping an account active. I see no reason why we should expect a | company to keep providing storage for dormant accounts beyond 2 | years though. | doodlebugging wrote: | >I see no reason why we should expect a company to keep | providing storage for dormant accounts beyond 2 years though. | | Remember when Google said they would hold on to everything that | their users did on their site forever? People were concerned | about the privacy implications, etc. and how a part of their | lives that maybe they didn't want anyone to know about would be | out there, probably for sale, forever. | | Well as far as I'm concerned Google made their bed and now they | get to lie in it. Don't piss down my neck and tell me it's | raining. They promised (or threatened, or noted) that they | would hold onto it forever and that storage costs were | manageable, etc. They need to be held to it. | | In my case that means they get to archive all my junk mail (a | few hundred emails with account info for places I might never | visit again) since that is the sole purpose of my gmail account | and I haven't intentionally used google search in years since | DuckDuckGo showed up as an option. | | This is actually funny to me. Life caught up with them and | forever ended up being a much more normal, physically | quantifiable time period that fit nicely in less than a human | lifetime. But still, they should be forced to live up to their | promises, or threats, etc. | rippercushions wrote: | > _Remember when Google said they would hold on to everything | that their users did on their site forever?_ | | Err, no? Would you have a cite for this? | [deleted] | cj wrote: | Photobucket (remember them!) kept hundreds and hundreds of | photos in my account with them despite complete inactivity for | over a decade. | | I simply forgot the account existed, and remembered one day to | find a ton of amazing decade old photos. | | There's something to be said for doing things that earn your | company respect from consumers. Had photobucket deleted my | decade old photos because I didn't log in frequently enough, | I'd be pissed and wouldn't use them in the future. If a small | photo storage company can afford to keep customer photos for | decade+ with no login, I hope Google can store some text emails | for at least 5 years. | | Re: the jail/health issue, making sure Google doesn't delete my | account would (literally) be the last thing on my todo list if | I were on my way to prison or a coma. | pcthrowaway wrote: | I have a google account I haven't been able to log into for some | time, because even though I know the password, it flagged | "suspicious activity" at some point and has required me to verify | with a phone number I no longer have, from when I lived in the | U.S. (I now live in Canada, but it _did_ let me log in from | Canada when I first moved here) | | I was hoping that some day, someone would register that phone | number and I'd be able to convince them to give me an | authentication code, but it sounds like now the account will be | deleted before this happens. | | This really sucks because I think that email was used to register | with a bitcoin exchange that I may have some (formerly) tiny | balance on. So effectively google has locked me out of an account | that could have financial consequences, with no way for me to | recover it. | krackers wrote: | >and I'd be able to convince them to give me an authentication | code | | Unless you got to know them well (as in personally face to | face), a stranger asking for a 2fa code would appear to be an | elaborate phishing campaign. | sacrosancty wrote: | [dead] | paraboul wrote: | Account handles will not recyclable (for obvious security | considerations). So this seems more akin to "permanently | disabled" rather than "deleted" | hackernewds wrote: | Isn't this a vector for username squatting then? | nkozyra wrote: | How is this more a vector than it is now, though? | xenago wrote: | It has been reported that they will not be reusable for exactly | that reason. | | https://9to5google.com/2023/05/16/google-account-delete/ | SoftTalker wrote: | There's an argument that this should be done with domain | names as well. Right now, anyone can buy an expired domain, | set up a wildcard email address, and read any email that's | still being sent to addresses in that domain. | | Conversely, if you take the advice of some to set up a | personal domain for your email, you are basically committing | to a lifetime obligation. If you later change your mind and | let that domain expire, any future owners of that domain will | receive any email that was sent to your old addresses. | renewiltord wrote: | Interesting. Is there a 302 equivalent for mail so I can | start people getting off a particular address? | kube-system wrote: | And if you don't take that advice, you are committing to | _someone else 's_ lifetime obligation. Or the extent of | their funding/desire/or attention span. | davchana wrote: | Domains are like real estate. You may end up with a nuce | prime real estate in cheap & do nothing. You bought a good | domain long ago and not using it. You may buy a | domain/property, raize everything & start from scratch. If | you abandon a plot/property, domain, and not pay the dues | (taxes) or registration fees, anybody can come & claim it | through defined procedures. | | Same way I may buy a home & get mail. Tomorrow if I sell | that home I need to do change my address with senders, and | make sure to put forwarding (maybe keep the old domain for | few weeks/ this year) | rurp wrote: | This is disappointing, albiet not that surprising. It's a good | reminder to not rely on Google for long term storage of anything | you care about. It's not uncommon for inidivduals in poor health | to go through multi-year stretches of very limited activity, | especially for elderly individuals. In the future, people in that | situation, or their relatives, might be surprised to find a | Google account they thought was secure no longer exists. | JohnFen wrote: | > It's a good reminder to not rely on Google for long term | storage of anything you care about. | | Don't rely on any cloud/SaaS provider to do that. Seriously. | bombcar wrote: | It's not just poor health, there's an entire subclass of | Americans who don't have internet access for 2 years+ - most | anyone in the prison system. | | Now as a secret unmentionable for any 2+ year sentence: _lose | access to all your google shit_. | skissane wrote: | They can give their password to a trusted friend/family | member, and have them log in once every few months to keep | the account active. Yes, it's a pain, what if they forget, | etc, but it means a 2+ year sentence does not necessarily | entail losing one's account. | | Could someone start a subscription paid service for the | incarcerated - "we keep your accounts alive while you are | inside"? More broadly, could provide other "manage your | affairs for you while you are incarcerated" services. I | suppose many incarcerated people would have no income or | assets to pay for it, but some would, or their family might | be willing to pay for it. | vuln wrote: | They have email, internet, social media and video chat in | jail. It costs a lot of money but they have the ability to | access the internet. The library has free or reduced cost | internet but the tablet in the cell is the big bucks. | | https://en.wikipedia.org/wiki/Internet_in_prisons | | https://en.wikipedia.org/wiki/JPay | echelon wrote: | Seems like an opportunity (sadly) for a service to manage | these things. | | Google isn't the only provider that would need regular | logins. Twitter, Twitch, etc. have account inactivity | policies. | bombcar wrote: | Hell, the local police will probably _happily_ login to | your email whilst you 're in jail, just sign away your 4th | and 5th while you're at it ... | | It's one more thing you have to know to think about - | though if the system counts _automated_ logins as logins, | then maybe fetchmail has a purpose again. | tuukkah wrote: | Yes, let's profit from their misery and invest some of the | proceeds to lobby for policies that secure and further grow | this customer segment. /s | skissane wrote: | You make it sound like the only possible motivation a | person might have to start such a business would be to | exploit the incarcerated. | | What if the founder is a former inmate, and says "I wish | there was something like that available when I was on the | inside?" | | Even if the business is officially classified as "for- | profit", there's a big difference between a business | seeking a living wage for its founders and employees | versus one trying to make as much money as possible. In | fact, it could even be owned by a charity - sometimes | charities start 100% owned for-profit businesses, not | because they want immense returns, but simply because | sometimes the legal constraints on a charity can be too | limiting, but a for-profit subsidiary isn't subject to | them | | I have no interest in starting such a business myself, | anyway. | prophesi wrote: | It's a large nation-wide industry, so I imagine at some | point during the business's growth, the founder may be | bought out, or the oversight of corporate management lets | profit drive the decisions in its various departments. | skissane wrote: | It is possible if you design the corporate structure | right to prevent that. See my other comment about the | Scott Trust - | https://news.ycombinator.com/item?id=35967694 | tuukkah wrote: | I know this is HN but the first reaction to a broken | system should be to fix it, not build a business on top | of it. | bombcar wrote: | If someone did build this as a non-profit or something, | they'd be in a very strong position to get to talk to the | right people if it took off. | sokoloff wrote: | You can effect change in May 2023 if you start now on the | business. When will you be able to effect change if the | only strategy is "fix the whole system"? It won't be this | year and probably not this decade. | | Which strategy gives a better outcome for someone | incarcerated today? | kerkeslager wrote: | > You can effect change in May 2023 if you start now on | the business. | | And in May 2033, you can lobby to keep the system broken | so that you can maintain your business! | | Businesses solve one problem, and one problem only: how | to get money into the business owner's pockets. | kerkeslager wrote: | > You make it sound like the only possible motivation a | person might have to start such a business would be to | exploit the incarcerated. | | Initial motivations are irrelevant. At some point, the | motivations of a business reduce to "make money", and | anyone or anything that gets in the way of that doesn't | matter, including your ethics and initial motivations. | | There are lots of innocuous reasons why that happens. For | example, you believe your business is doing good, right? | So your business has to survive to _keep_ doing good. And | you need to make money to survive. So surely it 's okay | if you make it easy to pay for your service while you're | in jail, perhaps by making deals with prisons to allow | them to sign up in prison. Hm, that didn't work, prisons | aren't doing it. Perhaps you can give prisons a cut of | the sales for the service. And _voila_ , now you're | profiting from slave labor because the prisons just | automatically deduct it from prisoner's pay, which is | already below minimum wage, for work they can't opt out | of. Of course you don't know that, so you hire 10 | employees with your sudden influx of money and start | expanding sales to more prison systems. And then you find | out that your income stream is... not perfect, but now | you've got a responsibility to your employees. McDonalds | and JCrew do it, you're not doing anything worse than | anyone else. And it's not _exactly_ slavery--they 're | paid $1/hour (nevermind that a tampon in the commissary | is $20). You're practically paying them, just with _a | service_ rather than money, right? And your business is | doing good, so you _have_ to do this, even if it 's not | perfect, so your business can survive and continue to do | good! | | The thing end-stage capitalist circles can't or won't | understand is that if it's not this compromise, it's some | other compromise or set of compromises. In any individual | situation, doing good and making money might be | compatible or incompatible, but there's only so many of | those situations where you can choose good over money | before your competitor knocks you out of the market. | | "When you sit down in the studio to make money, God | leaves the room." -Quincy Jones | skissane wrote: | What about the corporate structure of the Guardian | newspaper in the UK - a for-profit business 100% owned by | a not-for-profit? The not-for-profit isn't allowed to pay | dividends, so 100% of the profits are either reinvested | in the business, invested in the not-for-profit's | endowment, or donated to charity | | I mentioned more details about it in another comment - | https://news.ycombinator.com/item?id=35967694 | | This has some overlap with the structures used by OpenAI | and Mozilla, but unlike OpenAI, the Guardian doesn't have | any "capped profits", 100% of profits go to the not-for- | profit owner. There are employee salaries to pay, and | likely also some debt interest, but those are an expense | not a profit distribution | Wowfunhappy wrote: | > if an account hasn't been used for an extended period of time, | it is more likely to be compromised. This is because forgotten or | unattended accounts often rely on old or re-used passwords that | may have been compromised, haven't had two factor authentication | set up, and receive fewer security checks by the user. Our | internal analysis shows abandoned accounts are at least 10x less | likely than active accounts to have 2-step-verification set up. | | Ah yes, because as we all know, the best way to prevent a robbery | is to preemptively burn down the whole building. Good luck | stealing from me after all of my belongings have been turned into | a pile of ash! | [deleted] | thimkerbell wrote: | Are there honest lawyers and honest lawyer referral services? Do | email and web browsing still work for people who try to use them? | | My impression is that these are very much open questions. | xenago wrote: | Oof. The end of YouTube as we know it | janosdebugs wrote: | How so? | bombcar wrote: | There are many content creators on YouTube who have gone | silent or died, two years from now all those videos will be | lost like tears in rain. | sphars wrote: | In this article[0], it says that YouTube accounts with | videos won't be deleted: | | > At the moment, Google is not planning to delete accounts | with YouTube videos. (That would be tricky as some old | abandoned clips might have historical relevance.) | | [0]: https://9to5google.com/2023/05/16/google-account- | delete/ | [deleted] | rurp wrote: | For now. | | It feels like a small leap to go from deleting a person's | photos, documents, and emails to deleting their videos. | bombcar wrote: | Which is contradicted by this blog, so who knows what | they'll do (answer: the worst possible option at the | worst possible time). | | Archive _everything_. | amf12 wrote: | > if a Google Account has not been used or signed into | for at least 2 years, we *may* delete the account and its | contents | | This is what this policy announcement says. | toomuchtodo wrote: | PSA: If you haven't engaged ArchiveTeam to back these up, | feel free to. They have the tooling necessary to rapidly | rip entire channels (and define a collection for them) for | upload to the Internet Archive. Can't count on Youtube to | persist or provide open-ish access forever. | xenago wrote: | Many (most?) classic viral videos from abandoned accounts | will be deleted, if this policy comes into effect. | blowski wrote: | What benefit would Google get from removing popular videos? | giantrobot wrote: | Sociopath executives/upper management will get bonuses | for "saving money". | [deleted] | chrisbolt wrote: | > At the moment, Google is not planning to delete accounts with | YouTube videos. | | https://9to5google.com/2023/05/16/google-account-delete/ | xenago wrote: | A pity their actual announcement says otherwise | jsnell wrote: | This is announcing a change in the policy of which accounts | are eligible for deletion. It doesn't mean that every | eligible account will be deleted immediately, or even ever. | The post says that they're starting with accounts that were | only created but literally not used at all. | waboremo wrote: | Only at the moment, YouTube was included as part of the | content they're going to delete from accounts as per the VP | announcement. | | People should use this as a warning to save content they want | to keep from YouTube that's particularly old and the account | seems abandoned. Just in case Google isn't so lenient with | the generous solution; unlinking YouTube accounts but keeping | the video up. | alpaca128 wrote: | I already download any video I find valuable with yt-dlp. | So many videos just randomly disappear or are difficult to | find again because Google keeps mixing more and more | irrelevant suggestions and shorts into search results. | | Disk space is cheap, and it can be nice to scroll through | the folder now and then and rediscover some great content. | neltnerb wrote: | There's probably other cases of people like me deleting | our videos to avoid Google trying to monetize things I | don't want ads on. | waboremo wrote: | Very true. It really doesn't take much these days! | pentagrama wrote: | This can be bad for many cases, but also good for people who lost | access to their accounts and finally that embarrassing YouTube | videos and Blogger posts posted with they real names from 2005 | when they were 15 year olds will be erased from the internet. | withinboredom wrote: | This ... is not what is going on. When I worked at $bigcorp | serving billions in traffic, what happened is that botnets would | create accounts and leave them dormant for weeks/months/years | (thousands of them), then start doing their bot thing. Account | age says a lot when it comes to trust (usually) and spam | detection. That's more than likely what they're seeing, not | 'compromised' accounts. | | All this does is tell the spammers exactly how long they are | going to be allowed to have 'sleeper accounts' for, the problem | won't magically go away. | vore wrote: | I am sure Google of all companies has enough insight into | account behavior to conclude this is the case for them. It's | not like they can't verify it either: if the account previously | had legitimate activity and is now compromised, it's not really | a sleeper account. | nullityrofl wrote: | > This ... is not what is going on. | | I am reasonably confident that Google are more aware of what's | going on with dormant accounts on their platform than you are. | I previously worked at Google in Security and while it wasn't | in user protection, I know they have quite a few signals for | determining compromise. It's pretty trivial to see that an | account that was in legitimate use for 5 years and then dormant | for 5 vs one that was created and left dormant for 10. | | Yes, on Google and on other platforms, account age is a | valuable reputation signal but it isn't the only one. | hackernewds wrote: | Exactly. If Google were to rely on activity, then the bots | would simply post now and then akin to human behavior and | remain active. | withinboredom wrote: | Yes, we saw the same thing. But when spot-checking the | activity we realized it was super-low-effort legitimate | activity. IOW, it could have been sweat shops or scripted | bots going through some motions. | nullityrofl wrote: | I promise you Google is running user activity learning | models that go well beyond spot checking the occasional | account. | | Google deals with abuse creation accounts in the tens of | millions. | jsnell wrote: | Are you suggesting that they're too incompetent to tell the | difference between bulk account creation and hijacking, or that | they're just lying about the reasons for why this change is | happening? The former idea is pretty arrogant, the latter is | unmotivated. | | Especially given you're talking of "thousands" of accounts, I | suspect whatever problems mattered to you the most were not the | same as those of Google's account system. | danpalmer wrote: | This could also just be a simplification for the purposes of | this announcement. | | They mention this being mostly about security and preventing | the use of hacked accounts, and they mention these dormant | accounts that were only created and then went immediately | dormant. It makes sense to me that they are in fact talking | about this issue, just not explaining all the detail. | TonyTrapp wrote: | > This ... is not what is going on. | | I wouldn't discredit it so quickly. I have seen lots of old | accounts being taken over on eBay lately for scam auctions. It | seems to become more and more common. So this could very well | happen with Google accounts as well. It makes them more | credible for whatever scammy thing they are being used for. | nkozyra wrote: | I can't imagine a more bruteforce approach to a known pattern, | then. | | If the only indicator you have for spam potential is [created | an acccount] + [was inactive for some period], I can't imagine | the other myriad spam vectors aren't getting hammered 24/7. | UltimateEdge wrote: | Does anyone know what the previous policy was? | bombcar wrote: | > To reduce this risk, we are updating our inactivity policy for | Google Accounts to 2 years across our products. Starting later | this year, if a Google Account has not been used or signed into | for at least 2 years, we may delete the account and its contents | - including content within Google Workspace (Gmail, Docs, Drive, | Meet, Calendar), YouTube and Google Photos. | | Note the _may_. It is not a guarantee that they will delete! ___________________________________________________________________ (page generated 2023-05-16 23:01 UTC)