I wish they'd let me recover my original -- I lost my TOTP generator, and the codes I'd written down in a paper notebook were rejected. I even hunted down the electronic copy in case there was a transcription error -- seemed like some failure in their systems was causing me to lose access despite having followed proper procedures.
Lost a decade and a half of correspondence dating back to my teenage years. I had imported my phone number I'd had since I was 16 into voice, and it doubled as my Signal number. I even had a Gsuite subscription so I could use their (admittedly decently) UI to power my firstname @ lastname dot com email address.
I will never use their services again, I was really digusted by this failure.
I still think about my lost address that I obtained when Gmail was invite only. My family still occasionally CCs it and it drives me nuts, I would pay money to at least have it shutdown so they don’t think I received an email. I had email forwarding to another address when stolen and immediately after it was stolen it had the weirdest messages, I tried multiple ways reaching out to google and it still bugs me I was unsuccessful. I’d love the their of my account to at least have it shutdown
I got mine when it was invite only too, I had it a very long time.
I use protonmail now -- I think the "free" model enables providers to shrug and go "hey you don't pay us" (if there is support at all -- I've never been able to speak to a human about this issue)
>I think the "free" model enables providers to shrug and go "hey you don't pay us" (if there is support at all -- I've never been able to speak to a human about this issue)
I also have paid services a lot of money where customer service was nonexistent until I did a credit card chargeback or raised an issue with government regulators.
I'm trying to figure out exactly what I want to push my state legislature to encode into law with regards to customer service minimums that would cover anyone doing business in the state, free or paid.
I had something kinda similar happen to my hotmail account. While I didn't lose access to it, I lost more than a decade of correspondence dating back to my teenage years. The reason was that Microsoft at some point required you to "login" once every 30 days. It seems they only counted logins through their web interface or something like that, so even though I was receiving emails daily, I didn't trigger a "login" in their system. They then deleted all my emails, but I could still login.
> I will never use their services again, I was really digusted by this failure
Isn’t this inherent to not choosing an account-recovery method?
The flip side to allowing account recovery at Google’s discretion is lessened security for everyone. (Obviously not black and white. And I agree Google should have flexibility for old accounts. But it’s an odd thing to reject a major provider over.)
They did have a method to recover their account that they tried, though - they said that they used the account recovery codes, but that they were rejected. (Those would be the codes that Google gives you when you initially set up 2FA.)
If you use a password manager like Keepass, you should still be able to log into your other accounts if you lost access and at least with financial institutions you can call, ask that no changes be made with without coming into the branch and showing ID.
This is so useful. a Gmail account is so much more than just an email account at this point. my first gmail account was made when anonymity and cool email was more of trend than your actual name - so i based upon my favorite book in 2006. 20 years later the account is tied to my oft used primary google voice number so lingers even with obscure and hard to spell email.
i could gave moved my google voice number, but it seems like a convoluted process and have had my number since about Grand Central acquisition.
in my experience, in/out porting with google is super quick and works great. It costs $20.00 IIRC. I port my primary phone number around to avoid unlawful surveillance, handy tool in the bag.
You can take this to an extreme (like I do) and use a different email address for every party with whom you communicate. It makes it rather obvious who leaked your email address, and also easy to shut them out (looking at you ActBlue!). It also leads to some amusing personal interactions. I once rebooked a cancelled flight on JetBlue at the ticket counter. When the agent saw my email she said “wow, you must really like JetBlue.” I just nodded but I was laughing inside because it’s definitely the opposite!
Stay tuned I have a pretty cool project I plan on launching very soon. It takes the email alias to the next level, using them as meta tags to actually allow users to trace the source of shady data exchanges. I'm working on the guide and I'm hoping to actually start a community effort here to hold companies accountable for responsible use of PII
Everybody knows name+something@ maps to name@ so it’s trivial for bad actors to strip the plus part and just spam you directly, losing the per-correspondent distinction.
I love this feature and wish something like it would come to Gmail.
I can't rely on iCloud Mail anymore due to its overly aggressive silent spam filtering. Not great if you're trying to log into an account, and you can't receive the recovery emails for that account.
;) I was a by-invitation-beta in 2004, trust me. Even then spammers knew about the +1234 trick too. The earliest throwaway forwarders suffered from explosive growth and spam netblocks and their queue times varied greatly. The golden age of Viagra and recruiters selling prospect lists to randos. I retreated to gmail for the SPOP and because my original address was Tech Contact for 100+ domains from 1994-2000. Thousands a week. If I was smart I'd have used it as a honeypot to feed a spam blocking service.
That would have been nice to have during transition. Creating a new account and updating 3rd parties was a huge pain and never got close to 100% completion.
Seems useful. But what I really want is a way to merge google accounts, over the course of history I created 3 of them and would really prefer just a single one
Could this be a sign that Google is starting to think again?
For an organisation that often does deeply intelligent things, they spend such a lot of time treating their users unnecessarily poorly because obvious implications seem not to occur to them.
I think they know about them they just don’t care enough to spend money on fixing them. They are still primarily an ad company today and their users are still primarily the product not customers.
I never really had this issue because I used Google Suite with a domain. (That’s what it was called back then.)
So I can have email aliases under that domain, and even choose the alias for outgoing email.
However! This creates an extra security hole. Once I was SIM-swapped (when the attacker calls up a phone company and convinces them to redirect sms to their SIM). I had used it as a second factor at GoDaddy and had to act fast. GoDaddy had already allowed the attacker to authenticate with the sms (dumb!) and port the domain name. I realized what was happening only because the attacker sent “test” emails to my email at the domain. Had they not done that, I might have been none the wiser. I called GoDaddy and got them to cancel it, thankfully. Otherwise they’d have reset passwords armed with email AND phone number.
Since then I use the non-SMS SECOND FACTOR on most services, as NIST had been recommending
for a decade now.
I personally recommend using a username+alias@gmail.com which gmail and others support, with a different but easy-to-remember alias per site, so social attackers can’t even correctly say your email to the dude on the phone.
Michael Terpin, a guy I know, got $27 million dollars in crypto stolen a decade ago by a SIM Swapper and sued AT&T for it. Not sure if he won… he moved to Puerto Rico to avoid taxes and brought Brock Pierce and other crypto bros with him LOL.
I wish they'd let me recover my original -- I lost my TOTP generator, and the codes I'd written down in a paper notebook were rejected. I even hunted down the electronic copy in case there was a transcription error -- seemed like some failure in their systems was causing me to lose access despite having followed proper procedures.
Lost a decade and a half of correspondence dating back to my teenage years. I had imported my phone number I'd had since I was 16 into voice, and it doubled as my Signal number. I even had a Gsuite subscription so I could use their (admittedly decently) UI to power my firstname @ lastname dot com email address.
I will never use their services again, I was really digusted by this failure.
I still think about my lost address that I obtained when Gmail was invite only. My family still occasionally CCs it and it drives me nuts, I would pay money to at least have it shutdown so they don’t think I received an email. I had email forwarding to another address when stolen and immediately after it was stolen it had the weirdest messages, I tried multiple ways reaching out to google and it still bugs me I was unsuccessful. I’d love the their of my account to at least have it shutdown
I got mine when it was invite only too, I had it a very long time.
I use protonmail now -- I think the "free" model enables providers to shrug and go "hey you don't pay us" (if there is support at all -- I've never been able to speak to a human about this issue)
>I think the "free" model enables providers to shrug and go "hey you don't pay us" (if there is support at all -- I've never been able to speak to a human about this issue)
I also have paid services a lot of money where customer service was nonexistent until I did a credit card chargeback or raised an issue with government regulators.
I'm trying to figure out exactly what I want to push my state legislature to encode into law with regards to customer service minimums that would cover anyone doing business in the state, free or paid.
I had something kinda similar happen to my hotmail account. While I didn't lose access to it, I lost more than a decade of correspondence dating back to my teenage years. The reason was that Microsoft at some point required you to "login" once every 30 days. It seems they only counted logins through their web interface or something like that, so even though I was receiving emails daily, I didn't trigger a "login" in their system. They then deleted all my emails, but I could still login.
> I will never use their services again, I was really digusted by this failure
Isn’t this inherent to not choosing an account-recovery method?
The flip side to allowing account recovery at Google’s discretion is lessened security for everyone. (Obviously not black and white. And I agree Google should have flexibility for old accounts. But it’s an odd thing to reject a major provider over.)
They did have a method to recover their account that they tried, though - they said that they used the account recovery codes, but that they were rejected. (Those would be the codes that Google gives you when you initially set up 2FA.)
op said they had recovery codes but they didn’t work.
Yikes. This post is an unsettling reminder that gmail is a single point of failure in my personal and financial security.
Email services in general. My worst nightmare is my email provider (which isn't Google) going dark and losing access to everything.
If you use a password manager like Keepass, you should still be able to log into your other accounts if you lost access and at least with financial institutions you can call, ask that no changes be made with without coming into the branch and showing ID.
You can use a custom domain with most providers, so when they go dark you can at least migrate to another one.
That is moving the point of failure to the domain registrar. Which is probably less likely, but you are always relying on someone.
This is so useful. a Gmail account is so much more than just an email account at this point. my first gmail account was made when anonymity and cool email was more of trend than your actual name - so i based upon my favorite book in 2006. 20 years later the account is tied to my oft used primary google voice number so lingers even with obscure and hard to spell email.
i could gave moved my google voice number, but it seems like a convoluted process and have had my number since about Grand Central acquisition.
in my experience, in/out porting with google is super quick and works great. It costs $20.00 IIRC. I port my primary phone number around to avoid unlawful surveillance, handy tool in the bag.
Boss move that I learned under great difficulty: a new temporary gmail alias for every jobsearch.
You can take this to an extreme (like I do) and use a different email address for every party with whom you communicate. It makes it rather obvious who leaked your email address, and also easy to shut them out (looking at you ActBlue!). It also leads to some amusing personal interactions. I once rebooked a cancelled flight on JetBlue at the ticket counter. When the agent saw my email she said “wow, you must really like JetBlue.” I just nodded but I was laughing inside because it’s definitely the opposite!
Stay tuned I have a pretty cool project I plan on launching very soon. It takes the email alias to the next level, using them as meta tags to actually allow users to trace the source of shady data exchanges. I'm working on the guide and I'm hoping to actually start a community effort here to hold companies accountable for responsible use of PII
I'm interested. How does it differ from using:
name+service@gmail.com or service@myowndomain.com
...to figure out where the spam originated?
Everybody knows name+something@ maps to name@ so it’s trivial for bad actors to strip the plus part and just spam you directly, losing the per-correspondent distinction.
It might be an iCloud+ feature only, but if you're on a Mac - you've already got the ability to generate virtual email addresses on the fly.
https://support.apple.com/en-us/105078
I love this feature and wish something like it would come to Gmail.
I can't rely on iCloud Mail anymore due to its overly aggressive silent spam filtering. Not great if you're trying to log into an account, and you can't receive the recovery emails for that account.
Hm interesting, do you want to tell why this helps out a lot perhaps?
;) I was a by-invitation-beta in 2004, trust me. Even then spammers knew about the +1234 trick too. The earliest throwaway forwarders suffered from explosive growth and spam netblocks and their queue times varied greatly. The golden age of Viagra and recruiters selling prospect lists to randos. I retreated to gmail for the SPOP and because my original address was Tech Contact for 100+ domains from 1994-2000. Thousands a week. If I was smart I'd have used it as a honeypot to feed a spam blocking service.
iCloud Hide My Email is pretty good for this.
myjobapplicationhasbeendenied-1582-timesalready@gmail.com will certainly end well.
That would have been nice to have during transition. Creating a new account and updating 3rd parties was a huge pain and never got close to 100% completion.
Seems useful. But what I really want is a way to merge google accounts, over the course of history I created 3 of them and would really prefer just a single one
an here I am still grinding on a mid-90s iname.com handle
Could this be a sign that Google is starting to think again?
For an organisation that often does deeply intelligent things, they spend such a lot of time treating their users unnecessarily poorly because obvious implications seem not to occur to them.
I think they know about them they just don’t care enough to spend money on fixing them. They are still primarily an ad company today and their users are still primarily the product not customers.
I never really had this issue because I used Google Suite with a domain. (That’s what it was called back then.)
So I can have email aliases under that domain, and even choose the alias for outgoing email.
However! This creates an extra security hole. Once I was SIM-swapped (when the attacker calls up a phone company and convinces them to redirect sms to their SIM). I had used it as a second factor at GoDaddy and had to act fast. GoDaddy had already allowed the attacker to authenticate with the sms (dumb!) and port the domain name. I realized what was happening only because the attacker sent “test” emails to my email at the domain. Had they not done that, I might have been none the wiser. I called GoDaddy and got them to cancel it, thankfully. Otherwise they’d have reset passwords armed with email AND phone number.
Since then I use the non-SMS SECOND FACTOR on most services, as NIST had been recommending for a decade now.
I personally recommend using a username+alias@gmail.com which gmail and others support, with a different but easy-to-remember alias per site, so social attackers can’t even correctly say your email to the dude on the phone.
Michael Terpin, a guy I know, got $27 million dollars in crypto stolen a decade ago by a SIM Swapper and sued AT&T for it. Not sure if he won… he moved to Puerto Rico to avoid taxes and brought Brock Pierce and other crypto bros with him LOL.