> If you want to keep photos from your Google Drive, for example, it's best to sign in to that particular service.
> That's because the tech company says it "reserves the right to delete data in a product if you are inactive in that product for at least two years. This is determined based on each product's inactivity policies."
Put all your data in "the cloud", give up control, and be subjected to the whims of big tech. It would be cool to know when the above was sneaked in to the ToS. As a normal person, I'm getting pretty sick of the deal changing every day. I can run my own server for everything (and do), but most people I know can't because the tech industry refuses to build anything decent that "just works" locally.
As for the above quote, every photo should be governed by the ToS that was active when the photo was uploaded. Adhesive ToS strategies should be illegal.
GP is basically saying that the upkeep of a local server should be less than it is. And that if server upkeep isn't as easy as it should be, that's because the people whose duty it is to provide that have shirked their duty, and they are to blame.
Personally I'm happy that he doesn't include me in the set of shirkers to be blamed.
I just checked my local network website, I started running it in 2021, but havent touched it since mid 2022. I might have checked to see if the computer(raspi4) is on since then, I can't remember why I would have done this, maybe to show a friend.
Somehow not only is the computer still on(How? shouldnt a power outage have turned this off at some point?), but the server still is working perfectly.
I genuinely don't understand, but its recording sound and temp data as we speak. To be fair, I did mess around in 2021 to ensure things were robust since I was working on an Embedded project at the time.
> the tech industry refuses to build anything decent that "just works” locally
If a significant number of users were willing to pay for this, I’d gladly build it… evidence would suggest that very few people actually care strongly enough to open their wallets though :(
> Put all your data in "the cloud", give up control, and be subjected to the whims of big tech.
I try but I wish I could make more people understand the implications of this. If your data is in any "cloud", it is entirely at the whim of those companies whether you can lose access permanently at any moment.
For any data that you actually care to be able to access in the future with some reasonable assurance, you must have either a local copy in your control or an enterprise-level support contract with SLAs with the cloud provider. The latter is expensive so for personal use of personal data, local copy is the only practical answer.
I have something in Dropbox from many years ago which I don't remember. It tomorrow I found I couldn't login to my account since it was deleted, yes I would wonder what I lost, but I would also acknowledge that I wasn't actually using that data and had some forced spring cleaning. It's ok really.
2 years is a long time to not login to a single Google service given their reach, let alone the one that might have data like Drive. Speaking on principal, not reality , for a free service that costs the end user $0 and the provider >$0 makes absolutely no sense to complain.
I'm probably being too simplistic, but that sounds like most commercial NAS solutions (depending what you are trying to do past "local version of Google Drive").
It's sad. There are some blogspot owner who are in jail (like for political or religion reasons), they can't access Google so their blog and accounts might get deleted forever.
Most people in jail will have lost much more than just a blog. We really need to have some more perspective here, memories of when sites just disappeared completely all the time may help though.
I’m rather annoyed that Google has locked accounts behind phone based 2FA, before this move. Tie your phone number to all your accounts, or they get deleted.
I suspect that the reason for WhatsApp, Signal, Google & co's insistence on requiring a legacy phone number for account creation is that linking it to the user's profile is the easiest and cheapest way to associate it to an individual person for legal compliance, linking it to a national jurisdiction.
Yes it helps with KYC, but it also helps with fake accounts. People/groups that want to do fraudulent activity on Google have many of pre-created accounts to do their various schemes. It likely helps limit that.
Plus, if an account is associated with a phone number, it will help with account takeover issues.
It is more like phone based 1FA at this point. My Google account cannot be recovered at all even though I know the password and still control the recovery e-mail because at one point I made the mistake of adding a (now inaccessible) phone number.
Hell, I have diligently backed up recovery codes and security question answers to dozens of services... including Google and banks... and many of these providers require my phone number or their already activated mobile app to log in.
I'm not sure how long that would last. Services already typically block anything that isn't a mobile number for sign ups. Sometimes they even block pre-paid mobile numbers.
You don't need to use a phone for 2FA, at least not in my experience (never connected mine). It can be with a hardware key instead (yubikey, etc). They don't make it very clear in the UI process, but it definitely has worked for me.
That said, not a fan of forcing 2FA if people don't want it.
I feel like this move by google is incredilby irresponsible. Imagine the amount of people who used gmail to sign up for third party websites whose accounts can now be compromised via password reset.
A googler told me that's approximately why — long-disused accounts were overrepresented among abused accounts. In particular he mentioned that accounts that hadn't been used in a long time were much more likely than the average to have a poor password.
To crack down on abuse, they try to force the affected users to become aware of their accounts.
do you imply that once google deletes an account, somebody else can sign up for that gmail account, and thus may gain access to 3rd party websites? I don't think google allows username recycling. once deleted, it remains unavailable.
They want to close accounts with poor security (i.e. no 2FA enabled). These accounts has a higher risk of being compromised and used to get access to whatever they control
Saving space and removing hassle of managing data that is not being used (and likely will never be used)? I think 18 months is way too little but I think the decision is valid
I have a google account that I use only for this purpose, I never really log on to it directly. I'm not even 100 percent certain of the password at this point. I guess I'll just make a new one.
It is a shame I can not rely on e-mail anymore as a second factor for totally any website, because what is following next is a phone number as a required second factor.
Mobile numbers are the obvious choice for large tech companies. They provide a pretty good user identifier for tracking and advertising purposes. And they allow outsourcing the hard parts of verifying a user to some one else. It isn't much wonder why they went this route and usually fall back to it even if you've setup something else.
Yeah. The worst thing to happen is if you get a new phone with a new number. Oh my. I was locked out of so many accounts, including my bank account. It's not easy to reset a phone number you no longer have access to.
What's so dystopian about it? Is this just the weird Anglo-Saxon cultural thing of ID cards being way worse than passports and state IDs for incomprehensible reasons?
Because increasingly, we don't own or control our phones. Carriers can push any software they like to it, or can be compelled to. Operating system vendors can add, remove or edit features that can restrict our freedoms or for pernicious purposes. App developers have had free reign over tracking our use, despite changes to the rules from big app stores. Simply viewing an image or opening an SMS can trigger a remote code execution, giving our device to an attacker who never knew us, saw us, or targetted us.
Everything in your wallet is yours, it doesn't change unless you make the change. No-one can decide what the contents do or what they are, how they watch you or report your behaviour. The contents of a wallet are free.
>Because increasingly, we don't own or control our phones. Carriers can push any software they like to it, or can be compelled to. Operating system vendors can add, remove or edit features that can restrict our freedoms or for pernicious purposes. App developers have had free reign over tracking our use, despite changes to the rules from big app stores. Simply viewing an image or opening an SMS can trigger a remote code execution, giving our device to an attacker who never knew us, saw us, or targetted us.
None of that seems to have anything to do with a digital ID.
I don't think IDs are dystopian but having so much of our identity and information inside expensive closed-source surveillance devices is somewhat dystopian. The happy path works great but the failure modes are a pain in the ass and it's part of why people lose their shit over lost/broken/stolen phones.
Because of the app wants to “un-person” you all they have to do, intentionally or unintentionally is set a flag in a database and now you cease to have an identity.
Even if phones were $0 people would be upset because it's all the passwords, accounts, login credentials, second factor, photos (are they backed up!?), call history, etc. Too much is tied up in these things.
They're too expensive and stuff on them too important to test that feature. Apple marketing claims they are, so... Anyway I think most of the cases when iphone falls into the water is when it sinks in it forever.
With increasing backlash and criticism, I’m guessing that Google will be forced to backtrack on this and provide more leniency, just like it had on the legacy (free) Google Workspace accounts.
> You'll have to take an extra step if you want to hold on to content from a specific product that you haven't used in some time. If you want to keep photos from your Google Drive, for example, it's best to sign in to that particular service.
> That's because the tech company says it "reserves the right to delete data in a product if you are inactive in that product for at least two years. This is determined based on each product's inactivity policies."
I fail to understand why one needs to access every service on the platform to avoid losing data. All of them are tied to one Google account. Logging in to one (like Gmail) should ensure that Google Drive data shouldn’t be deleted. This is just stupid policy!
Large companies offering ad-supported “free” products cannot and must not be trusted. If you have some money and time, you can choose a different provider for email. Pick from (in no particular order) runbox.com, posteo.de, mailbox.org or mailfence.com. They’re quite cheap compared to other popular paid email providers and also support IMAP so that you can own your data and migrate if needed. If you need a lot of mailboxes for a fixed price, you can try migadu.com or mxroute.com (the latter hosts data in the U.S.).
For other services, the migration path is either complex and/or costly or impossible. Still, moving out should be explored.
> I fail to understand why one needs to access every service on the platform to avoid losing data.
One doesn't. That's just NPR's insane interpretation of "reserving a right" meaning that your data is definitely going to be deleted on a per-service basis. If they ever started actually doing it, there would be multiple notifications over months if not years about "your data in service X will be deleted unless you do Y".
> That's just NPR's insane interpretation of "reserving a right" meaning that your data is definitely going to be deleted on a per-service basis.
NPR did not say or imply this.
> just NPR's insane interpretation of "reserving a right" meaning that your data is definitely going to be deleted on a per-service basis. If they ever started actually doing it, there would be multiple notifications over months if not years about "your data in service X will be deleted unless you do Y".
This article makes it seem like they are starting to delete them asap but the sign in warnings I am getting are that deletion is not happening until later 2024. So I have almost a 1 year time to sign in or try to recover the account.
I have forgotten accounts popping up left and right in my gmail. And Ive also been recovering a bunch of accounts that spammers or bots managed to create using my emails as recovery addresses - that are now getting sign in warnings. Ive been able to take over those too.
If it hasn't been used, I would suggest it hasn't been compromised. If it wasn't used for 10 years and suddenly became active, then I would suspect it has just been compromised.
I can't sign into one of my accounts without providing a phone number "for security reasons". Account is alive so far and useful (email forwarding works).
When your "mission is to organize the world's information and make it universally accessible and useful," it feels deceitful & dishonest & shitty to go out and delete a good fraction of that information.
There's so much unintentional data loss here, people who are going to be so sad and mad. The shared photos grandma sent us a decade ago will all just die. Those of us tending deceased accounts will have to forever juggle a yearly ritual of carefully logging in to all relevant services. Eventuslly time will win and Google will delete the enduring digital part of our family trees. This is such a monstrous shitty awful turn.
So far the Google graveyard has largely been Google projects. It's such a darker more bitter twist to me that Google is trying to put some of the enduring surviving bits of grandma in the grave too. What an wretched twist from 2023.
Arbitrary and capricious? Windows Live deletes inactive accounts, including their Hotmail, after less than a year. ICloud deletes them after exactly one year and only 30 days' notice.
> That's because the tech company says it "reserves the right to delete data in a product if you are inactive in that product for at least two years. This is determined based on each product's inactivity policies."
Put all your data in "the cloud", give up control, and be subjected to the whims of big tech. It would be cool to know when the above was sneaked in to the ToS. As a normal person, I'm getting pretty sick of the deal changing every day. I can run my own server for everything (and do), but most people I know can't because the tech industry refuses to build anything decent that "just works" locally.
As for the above quote, every photo should be governed by the ToS that was active when the photo was uploaded. Adhesive ToS strategies should be illegal.