[HN Gopher] Updating our inactive account policies
___________________________________________________________________
Updating our inactive account policies
Author : msla
Score : 93 points
Date : 2023-05-16 19:13 UTC (3 hours ago)
(HTM) web link (blog.google)
(TXT) w3m dump (blog.google)
| lakomen wrote:
| ... I'm about to explode.
|
| I have a very old youtube account which I can't recover, in fact
| there's 2 of them. They have content on them that I will never be
| able to reproduce, but I watch it from time to time for
| nostalgia.
|
| This post means that Alphabet will delete old legacy content on a
| huge scale. The world will be poorer for their culture. It will
| lose the ability to watch very old youtube videos.
| Efimeridopolis wrote:
| you are right but for your case, yt-dlp.
| somegent wrote:
| You can download youtube videos
| neltnerb wrote:
| I only use YouTube through these third party privacy tools.
|
| https://libredirect.github.io/
|
| I noticed that when you access YouTube videos through this you
| can just right click and download.
| Eumenes wrote:
| This seems pretty reasonable. Google is a for-profit company,
| hosting your shit, for free, indefinitely, isn't their
| prerogative. They should offer some one-time fee or small
| reoccurring charge to keep your stuff in hibernation mode or
| something. Like literally $1.
| lakomen wrote:
| Youtube is a defacto time travel machine when it comes to
| culture as video. You can watch videos from 2004 and earlier.
| It's the only platform that could allow itself to act against
| copyright laws. It's part of the cultural heritage of humanity.
| Eumenes wrote:
| Okay, what does that have to do with Google not maintaining
| history of the videos you watched? You can still bookmark
| links, download videos for offline use?
| sacrosancty wrote:
| [dead]
| JohnFen wrote:
| > Starting later this year, if a Google Account has not been used
| or signed into for at least 2 years, we may delete the account
| and its contents
|
| This is great news! I have a couple of Google accounts that I
| couldn't delete because I lost the login credentials. I
| appreciate that Google will go ahead and do that for me.
| jeffbarr wrote:
| I understand the risks of inactive accounts, but as I have
| pointed out here before these binary policies do not address the
| all-too-common situation where someone is forgetful and/or
| incapacitated prior to their death. These people have more
| important things to think about than their email and their
| photos,and the transition from alive to dead (to be blunt) can
| easily take more than two years. By the time that the estate and
| the executor has control of the account it can easily be too late
| to save precious memories.
| qingcharles wrote:
| I wish I could get into my old Google account. I unexpectedly
| went to jail for 10 years and when I got out I couldn't log into
| my account because my 2FA (phone) was gone. I had 10 years of
| email in there. Would love to find another way to authenticate
| myself.
|
| Looks now like it is all going to be hosed anyway.
| WeylandYutani wrote:
| I understand that 2FA is good but it can also be annoying when
| you've forgotten the email backup.
| vidar wrote:
| Surely there was some buildup to it :)
| lcnPylGDnU4H9OF wrote:
| "Unexpectedly" in this context might be referring to the
| actual event in which they traveled from their home to their
| cell, in which case the unexpected nature could easily
| prevent them from securing the Google account.
|
| I hardly think it matters anyway. Take out "unexpectedly" and
| their complaint is exactly the same. Suggesting that someone
| who went to jail shoulda/coulda/woulda taken steps to avoid
| being locked out of their Google account is not practically
| different from victim-blaming.
| stronglikedan wrote:
| It's very easy to be arrested, denied bond, be convicted, and
| serve your time, without ever leaving the jail/prison system.
| Especially if you're poor.
| arberx wrote:
| How do u unexpectedly go to jail for 10 years?
| [deleted]
| moritonal wrote:
| Well I doubt they expected to get caught ;)
| dist-epoch wrote:
| For example you are in Russia and are accused of being a US
| spy as retaliation.
| skissane wrote:
| Ideas:
|
| (1) sign up for Google Workspace subscription and then log a
| support ticket saying you want to migrate your old account to
| Workspace
|
| (2) hire a lawyer and get them to write a letter to Google
| asking nicely. If that doesn't work, you could have the lawyer
| escalate to threatening a lawsuit, filing a lawsuit,
| subpoenaing the account contents, asking for a court order that
| Google give you access to the account, etc - even if it turns
| out the law is on Google's side not yours, they may decide to
| fold just to make the issue go away
|
| (3) contact a journalist. Since you are a former prisoner,
| you'd need to find one with appropriate sympathies (pro-
| criminal justice reform, etc). If they make enough bad PR for
| Google, they may give you back your account in response.
| Probably depends also on what your conviction was, since some
| offenders the public finds it easier to sympathise with than
| others
|
| None of those methods is guaranteed to work, but they all have
| potential. It really depends on how much you want that account
| back, and how much time and money are you willing to spend on
| it
| grose wrote:
| I seem to have lost my old YouTube account. I used a username
| (not email) to login, and then I used that same email for a
| different account, and now YouTube doesn't let you log in with
| usernames anymore, so it's in limbo. Now it looks like they'll
| delete all my videos and there's nothing I can do about it.
| thund wrote:
| [flagged]
| crazygringo wrote:
| I'm seeing a lot of criticism here in the comments, but what's
| the alternative for free accounts? If you're not using it, how
| long is Google (a for-profit company) supposed to hold onto your
| data for free? 100 years? 50 years? 15 years?
|
| 2 years seems pretty reasonable to me for something provided by a
| for-profit corporation. And as other reporting has noted, they're
| not deleting YouTube videos (makes sense, since while nobody else
| views your e-mails, public videos are public).
|
| People here are saying, what about if you go to jail for more
| than 2 years, or you're in poor health for multi-year stretches?
| Then pay for a cheap Google One subscription, export your data
| with Takeout, or have a trusted friend log in once a year. These
| are lots of options.
|
| If this were a government-provided service then it would be one
| thing. But it's not, it's a for-profit company that gives you
| free products in exchange for ads. There are lots of options for
| keeping an account active. I see no reason why we should expect a
| company to keep providing storage for dormant accounts beyond 2
| years though.
| doodlebugging wrote:
| >I see no reason why we should expect a company to keep
| providing storage for dormant accounts beyond 2 years though.
|
| Remember when Google said they would hold on to everything that
| their users did on their site forever? People were concerned
| about the privacy implications, etc. and how a part of their
| lives that maybe they didn't want anyone to know about would be
| out there, probably for sale, forever.
|
| Well as far as I'm concerned Google made their bed and now they
| get to lie in it. Don't piss down my neck and tell me it's
| raining. They promised (or threatened, or noted) that they
| would hold onto it forever and that storage costs were
| manageable, etc. They need to be held to it.
|
| In my case that means they get to archive all my junk mail (a
| few hundred emails with account info for places I might never
| visit again) since that is the sole purpose of my gmail account
| and I haven't intentionally used google search in years since
| DuckDuckGo showed up as an option.
|
| This is actually funny to me. Life caught up with them and
| forever ended up being a much more normal, physically
| quantifiable time period that fit nicely in less than a human
| lifetime. But still, they should be forced to live up to their
| promises, or threats, etc.
| rippercushions wrote:
| > _Remember when Google said they would hold on to everything
| that their users did on their site forever?_
|
| Err, no? Would you have a cite for this?
| [deleted]
| cj wrote:
| Photobucket (remember them!) kept hundreds and hundreds of
| photos in my account with them despite complete inactivity for
| over a decade.
|
| I simply forgot the account existed, and remembered one day to
| find a ton of amazing decade old photos.
|
| There's something to be said for doing things that earn your
| company respect from consumers. Had photobucket deleted my
| decade old photos because I didn't log in frequently enough,
| I'd be pissed and wouldn't use them in the future. If a small
| photo storage company can afford to keep customer photos for
| decade+ with no login, I hope Google can store some text emails
| for at least 5 years.
|
| Re: the jail/health issue, making sure Google doesn't delete my
| account would (literally) be the last thing on my todo list if
| I were on my way to prison or a coma.
| pcthrowaway wrote:
| I have a google account I haven't been able to log into for some
| time, because even though I know the password, it flagged
| "suspicious activity" at some point and has required me to verify
| with a phone number I no longer have, from when I lived in the
| U.S. (I now live in Canada, but it _did_ let me log in from
| Canada when I first moved here)
|
| I was hoping that some day, someone would register that phone
| number and I'd be able to convince them to give me an
| authentication code, but it sounds like now the account will be
| deleted before this happens.
|
| This really sucks because I think that email was used to register
| with a bitcoin exchange that I may have some (formerly) tiny
| balance on. So effectively google has locked me out of an account
| that could have financial consequences, with no way for me to
| recover it.
| krackers wrote:
| >and I'd be able to convince them to give me an authentication
| code
|
| Unless you got to know them well (as in personally face to
| face), a stranger asking for a 2fa code would appear to be an
| elaborate phishing campaign.
| sacrosancty wrote:
| [dead]
| paraboul wrote:
| Account handles will not recyclable (for obvious security
| considerations). So this seems more akin to "permanently
| disabled" rather than "deleted"
| hackernewds wrote:
| Isn't this a vector for username squatting then?
| nkozyra wrote:
| How is this more a vector than it is now, though?
| xenago wrote:
| It has been reported that they will not be reusable for exactly
| that reason.
|
| https://9to5google.com/2023/05/16/google-account-delete/
| SoftTalker wrote:
| There's an argument that this should be done with domain
| names as well. Right now, anyone can buy an expired domain,
| set up a wildcard email address, and read any email that's
| still being sent to addresses in that domain.
|
| Conversely, if you take the advice of some to set up a
| personal domain for your email, you are basically committing
| to a lifetime obligation. If you later change your mind and
| let that domain expire, any future owners of that domain will
| receive any email that was sent to your old addresses.
| renewiltord wrote:
| Interesting. Is there a 302 equivalent for mail so I can
| start people getting off a particular address?
| kube-system wrote:
| And if you don't take that advice, you are committing to
| _someone else 's_ lifetime obligation. Or the extent of
| their funding/desire/or attention span.
| davchana wrote:
| Domains are like real estate. You may end up with a nuce
| prime real estate in cheap & do nothing. You bought a good
| domain long ago and not using it. You may buy a
| domain/property, raize everything & start from scratch. If
| you abandon a plot/property, domain, and not pay the dues
| (taxes) or registration fees, anybody can come & claim it
| through defined procedures.
|
| Same way I may buy a home & get mail. Tomorrow if I sell
| that home I need to do change my address with senders, and
| make sure to put forwarding (maybe keep the old domain for
| few weeks/ this year)
| rurp wrote:
| This is disappointing, albiet not that surprising. It's a good
| reminder to not rely on Google for long term storage of anything
| you care about. It's not uncommon for inidivduals in poor health
| to go through multi-year stretches of very limited activity,
| especially for elderly individuals. In the future, people in that
| situation, or their relatives, might be surprised to find a
| Google account they thought was secure no longer exists.
| JohnFen wrote:
| > It's a good reminder to not rely on Google for long term
| storage of anything you care about.
|
| Don't rely on any cloud/SaaS provider to do that. Seriously.
| bombcar wrote:
| It's not just poor health, there's an entire subclass of
| Americans who don't have internet access for 2 years+ - most
| anyone in the prison system.
|
| Now as a secret unmentionable for any 2+ year sentence: _lose
| access to all your google shit_.
| skissane wrote:
| They can give their password to a trusted friend/family
| member, and have them log in once every few months to keep
| the account active. Yes, it's a pain, what if they forget,
| etc, but it means a 2+ year sentence does not necessarily
| entail losing one's account.
|
| Could someone start a subscription paid service for the
| incarcerated - "we keep your accounts alive while you are
| inside"? More broadly, could provide other "manage your
| affairs for you while you are incarcerated" services. I
| suppose many incarcerated people would have no income or
| assets to pay for it, but some would, or their family might
| be willing to pay for it.
| vuln wrote:
| They have email, internet, social media and video chat in
| jail. It costs a lot of money but they have the ability to
| access the internet. The library has free or reduced cost
| internet but the tablet in the cell is the big bucks.
|
| https://en.wikipedia.org/wiki/Internet_in_prisons
|
| https://en.wikipedia.org/wiki/JPay
| echelon wrote:
| Seems like an opportunity (sadly) for a service to manage
| these things.
|
| Google isn't the only provider that would need regular
| logins. Twitter, Twitch, etc. have account inactivity
| policies.
| bombcar wrote:
| Hell, the local police will probably _happily_ login to
| your email whilst you 're in jail, just sign away your 4th
| and 5th while you're at it ...
|
| It's one more thing you have to know to think about -
| though if the system counts _automated_ logins as logins,
| then maybe fetchmail has a purpose again.
| tuukkah wrote:
| Yes, let's profit from their misery and invest some of the
| proceeds to lobby for policies that secure and further grow
| this customer segment. /s
| skissane wrote:
| You make it sound like the only possible motivation a
| person might have to start such a business would be to
| exploit the incarcerated.
|
| What if the founder is a former inmate, and says "I wish
| there was something like that available when I was on the
| inside?"
|
| Even if the business is officially classified as "for-
| profit", there's a big difference between a business
| seeking a living wage for its founders and employees
| versus one trying to make as much money as possible. In
| fact, it could even be owned by a charity - sometimes
| charities start 100% owned for-profit businesses, not
| because they want immense returns, but simply because
| sometimes the legal constraints on a charity can be too
| limiting, but a for-profit subsidiary isn't subject to
| them
|
| I have no interest in starting such a business myself,
| anyway.
| prophesi wrote:
| It's a large nation-wide industry, so I imagine at some
| point during the business's growth, the founder may be
| bought out, or the oversight of corporate management lets
| profit drive the decisions in its various departments.
| skissane wrote:
| It is possible if you design the corporate structure
| right to prevent that. See my other comment about the
| Scott Trust -
| https://news.ycombinator.com/item?id=35967694
| tuukkah wrote:
| I know this is HN but the first reaction to a broken
| system should be to fix it, not build a business on top
| of it.
| bombcar wrote:
| If someone did build this as a non-profit or something,
| they'd be in a very strong position to get to talk to the
| right people if it took off.
| sokoloff wrote:
| You can effect change in May 2023 if you start now on the
| business. When will you be able to effect change if the
| only strategy is "fix the whole system"? It won't be this
| year and probably not this decade.
|
| Which strategy gives a better outcome for someone
| incarcerated today?
| kerkeslager wrote:
| > You can effect change in May 2023 if you start now on
| the business.
|
| And in May 2033, you can lobby to keep the system broken
| so that you can maintain your business!
|
| Businesses solve one problem, and one problem only: how
| to get money into the business owner's pockets.
| kerkeslager wrote:
| > You make it sound like the only possible motivation a
| person might have to start such a business would be to
| exploit the incarcerated.
|
| Initial motivations are irrelevant. At some point, the
| motivations of a business reduce to "make money", and
| anyone or anything that gets in the way of that doesn't
| matter, including your ethics and initial motivations.
|
| There are lots of innocuous reasons why that happens. For
| example, you believe your business is doing good, right?
| So your business has to survive to _keep_ doing good. And
| you need to make money to survive. So surely it 's okay
| if you make it easy to pay for your service while you're
| in jail, perhaps by making deals with prisons to allow
| them to sign up in prison. Hm, that didn't work, prisons
| aren't doing it. Perhaps you can give prisons a cut of
| the sales for the service. And _voila_ , now you're
| profiting from slave labor because the prisons just
| automatically deduct it from prisoner's pay, which is
| already below minimum wage, for work they can't opt out
| of. Of course you don't know that, so you hire 10
| employees with your sudden influx of money and start
| expanding sales to more prison systems. And then you find
| out that your income stream is... not perfect, but now
| you've got a responsibility to your employees. McDonalds
| and JCrew do it, you're not doing anything worse than
| anyone else. And it's not _exactly_ slavery--they 're
| paid $1/hour (nevermind that a tampon in the commissary
| is $20). You're practically paying them, just with _a
| service_ rather than money, right? And your business is
| doing good, so you _have_ to do this, even if it 's not
| perfect, so your business can survive and continue to do
| good!
|
| The thing end-stage capitalist circles can't or won't
| understand is that if it's not this compromise, it's some
| other compromise or set of compromises. In any individual
| situation, doing good and making money might be
| compatible or incompatible, but there's only so many of
| those situations where you can choose good over money
| before your competitor knocks you out of the market.
|
| "When you sit down in the studio to make money, God
| leaves the room." -Quincy Jones
| skissane wrote:
| What about the corporate structure of the Guardian
| newspaper in the UK - a for-profit business 100% owned by
| a not-for-profit? The not-for-profit isn't allowed to pay
| dividends, so 100% of the profits are either reinvested
| in the business, invested in the not-for-profit's
| endowment, or donated to charity
|
| I mentioned more details about it in another comment -
| https://news.ycombinator.com/item?id=35967694
|
| This has some overlap with the structures used by OpenAI
| and Mozilla, but unlike OpenAI, the Guardian doesn't have
| any "capped profits", 100% of profits go to the not-for-
| profit owner. There are employee salaries to pay, and
| likely also some debt interest, but those are an expense
| not a profit distribution
| Wowfunhappy wrote:
| > if an account hasn't been used for an extended period of time,
| it is more likely to be compromised. This is because forgotten or
| unattended accounts often rely on old or re-used passwords that
| may have been compromised, haven't had two factor authentication
| set up, and receive fewer security checks by the user. Our
| internal analysis shows abandoned accounts are at least 10x less
| likely than active accounts to have 2-step-verification set up.
|
| Ah yes, because as we all know, the best way to prevent a robbery
| is to preemptively burn down the whole building. Good luck
| stealing from me after all of my belongings have been turned into
| a pile of ash!
| [deleted]
| thimkerbell wrote:
| Are there honest lawyers and honest lawyer referral services? Do
| email and web browsing still work for people who try to use them?
|
| My impression is that these are very much open questions.
| xenago wrote:
| Oof. The end of YouTube as we know it
| janosdebugs wrote:
| How so?
| bombcar wrote:
| There are many content creators on YouTube who have gone
| silent or died, two years from now all those videos will be
| lost like tears in rain.
| sphars wrote:
| In this article[0], it says that YouTube accounts with
| videos won't be deleted:
|
| > At the moment, Google is not planning to delete accounts
| with YouTube videos. (That would be tricky as some old
| abandoned clips might have historical relevance.)
|
| [0]: https://9to5google.com/2023/05/16/google-account-
| delete/
| [deleted]
| rurp wrote:
| For now.
|
| It feels like a small leap to go from deleting a person's
| photos, documents, and emails to deleting their videos.
| bombcar wrote:
| Which is contradicted by this blog, so who knows what
| they'll do (answer: the worst possible option at the
| worst possible time).
|
| Archive _everything_.
| amf12 wrote:
| > if a Google Account has not been used or signed into
| for at least 2 years, we *may* delete the account and its
| contents
|
| This is what this policy announcement says.
| toomuchtodo wrote:
| PSA: If you haven't engaged ArchiveTeam to back these up,
| feel free to. They have the tooling necessary to rapidly
| rip entire channels (and define a collection for them) for
| upload to the Internet Archive. Can't count on Youtube to
| persist or provide open-ish access forever.
| xenago wrote:
| Many (most?) classic viral videos from abandoned accounts
| will be deleted, if this policy comes into effect.
| blowski wrote:
| What benefit would Google get from removing popular videos?
| giantrobot wrote:
| Sociopath executives/upper management will get bonuses
| for "saving money".
| [deleted]
| chrisbolt wrote:
| > At the moment, Google is not planning to delete accounts with
| YouTube videos.
|
| https://9to5google.com/2023/05/16/google-account-delete/
| xenago wrote:
| A pity their actual announcement says otherwise
| jsnell wrote:
| This is announcing a change in the policy of which accounts
| are eligible for deletion. It doesn't mean that every
| eligible account will be deleted immediately, or even ever.
| The post says that they're starting with accounts that were
| only created but literally not used at all.
| waboremo wrote:
| Only at the moment, YouTube was included as part of the
| content they're going to delete from accounts as per the VP
| announcement.
|
| People should use this as a warning to save content they want
| to keep from YouTube that's particularly old and the account
| seems abandoned. Just in case Google isn't so lenient with
| the generous solution; unlinking YouTube accounts but keeping
| the video up.
| alpaca128 wrote:
| I already download any video I find valuable with yt-dlp.
| So many videos just randomly disappear or are difficult to
| find again because Google keeps mixing more and more
| irrelevant suggestions and shorts into search results.
|
| Disk space is cheap, and it can be nice to scroll through
| the folder now and then and rediscover some great content.
| neltnerb wrote:
| There's probably other cases of people like me deleting
| our videos to avoid Google trying to monetize things I
| don't want ads on.
| waboremo wrote:
| Very true. It really doesn't take much these days!
| pentagrama wrote:
| This can be bad for many cases, but also good for people who lost
| access to their accounts and finally that embarrassing YouTube
| videos and Blogger posts posted with they real names from 2005
| when they were 15 year olds will be erased from the internet.
| withinboredom wrote:
| This ... is not what is going on. When I worked at $bigcorp
| serving billions in traffic, what happened is that botnets would
| create accounts and leave them dormant for weeks/months/years
| (thousands of them), then start doing their bot thing. Account
| age says a lot when it comes to trust (usually) and spam
| detection. That's more than likely what they're seeing, not
| 'compromised' accounts.
|
| All this does is tell the spammers exactly how long they are
| going to be allowed to have 'sleeper accounts' for, the problem
| won't magically go away.
| vore wrote:
| I am sure Google of all companies has enough insight into
| account behavior to conclude this is the case for them. It's
| not like they can't verify it either: if the account previously
| had legitimate activity and is now compromised, it's not really
| a sleeper account.
| nullityrofl wrote:
| > This ... is not what is going on.
|
| I am reasonably confident that Google are more aware of what's
| going on with dormant accounts on their platform than you are.
| I previously worked at Google in Security and while it wasn't
| in user protection, I know they have quite a few signals for
| determining compromise. It's pretty trivial to see that an
| account that was in legitimate use for 5 years and then dormant
| for 5 vs one that was created and left dormant for 10.
|
| Yes, on Google and on other platforms, account age is a
| valuable reputation signal but it isn't the only one.
| hackernewds wrote:
| Exactly. If Google were to rely on activity, then the bots
| would simply post now and then akin to human behavior and
| remain active.
| withinboredom wrote:
| Yes, we saw the same thing. But when spot-checking the
| activity we realized it was super-low-effort legitimate
| activity. IOW, it could have been sweat shops or scripted
| bots going through some motions.
| nullityrofl wrote:
| I promise you Google is running user activity learning
| models that go well beyond spot checking the occasional
| account.
|
| Google deals with abuse creation accounts in the tens of
| millions.
| jsnell wrote:
| Are you suggesting that they're too incompetent to tell the
| difference between bulk account creation and hijacking, or that
| they're just lying about the reasons for why this change is
| happening? The former idea is pretty arrogant, the latter is
| unmotivated.
|
| Especially given you're talking of "thousands" of accounts, I
| suspect whatever problems mattered to you the most were not the
| same as those of Google's account system.
| danpalmer wrote:
| This could also just be a simplification for the purposes of
| this announcement.
|
| They mention this being mostly about security and preventing
| the use of hacked accounts, and they mention these dormant
| accounts that were only created and then went immediately
| dormant. It makes sense to me that they are in fact talking
| about this issue, just not explaining all the detail.
| TonyTrapp wrote:
| > This ... is not what is going on.
|
| I wouldn't discredit it so quickly. I have seen lots of old
| accounts being taken over on eBay lately for scam auctions. It
| seems to become more and more common. So this could very well
| happen with Google accounts as well. It makes them more
| credible for whatever scammy thing they are being used for.
| nkozyra wrote:
| I can't imagine a more bruteforce approach to a known pattern,
| then.
|
| If the only indicator you have for spam potential is [created
| an acccount] + [was inactive for some period], I can't imagine
| the other myriad spam vectors aren't getting hammered 24/7.
| UltimateEdge wrote:
| Does anyone know what the previous policy was?
| bombcar wrote:
| > To reduce this risk, we are updating our inactivity policy for
| Google Accounts to 2 years across our products. Starting later
| this year, if a Google Account has not been used or signed into
| for at least 2 years, we may delete the account and its contents
| - including content within Google Workspace (Gmail, Docs, Drive,
| Meet, Calendar), YouTube and Google Photos.
|
| Note the _may_. It is not a guarantee that they will delete!
___________________________________________________________________
(page generated 2023-05-16 23:01 UTC)