Hacker News

I think Google has done some cool stuff, and I think in a lot of ways they're, at least historically, one of the less evil big tech players.

I gotta say, though, that my experience with trying to get them to sort out any kind of issue with their services makes me reluctant to spend any money with them.

I bought a Pixel phone. As per the sales terms, the phone came with one year of Gemini AI Pro service. Except, the redemption process to get the year of service didn't work for me. I contacted Google, they never fixed it or offered any solution. I simply didn't get the year of service I was promised.

My friend, who bought a Pixel around the same time, also wasn't able to get the year of Gemini they were promised.

That same friend has a Google One subscription, billed through their phone carrier. Recently, Google (or the provider?) discontinued that specific Google One plan, as well as the option to bill via your carrier. This was all covered in an email sent to my friend. As consolation, the email explained, my friend was given the option to switch to a different plan, billed monthly by Google (instead of their phone carrier), with 6 months free. Except, the new plan, and the 6 months free, wasn't selectable as a plan type for their account. So my friend emails Google about it and, to my complete lack of surprise, Google was unwilling/unable to provide any resolution.

At this point, I legitimately don't understand why, unless I had no other option, I would pick Google for services. They clearly put no real effort into resolving any service issues for any customer that's not spending millions with them.

If a service offers "Login with Google/Apple/Facebook/etc" you should never do that if they offer a username/password. It just increases the single point of failure. Avoid places that only offer the "Login with Foo" if at all possible (looking at you Tailscale).

As an ex-googler, the only reason I was comfortable keeping even my personal email there was because I could reach out internally if there was a problem. I left Google, and left gmail behind too.

It's been [0] days since the last "Cloud provider banned me and I lost everything" article.

Everyone who depends on the good graces of a cloud provider for something (not just Google, but Amazon, Microsoft, Apple, whatever) needs to at the very least, take a moment, and figure out what their plan is when they are suddenly banned and locked out permanently, without any way to contact the company.

Does life just go on, since you don't have anything important hosted there? (Best Case)

Do you lose some precious family photos and use it as a tough learning opportunity to stop doing what you're doing? (Next best)

Do you lose access to your E-mail and are suddenly not able to do 2FA, reset passwords, communicate with the company or the Internet in any way, and so on, and now have to panic?

Do you complain online, hoping that someone in the company sees your post and has the ability to restore your account, which you then continue to use because you learned nothing?

Having an online account suddenly suspended is a real, non-zero, but unlikely risk. You should at least have a disaster plan if you rely on these things for anything important. Or better yet, stop relying on them for important things like your identity or precious files!

Dealing with Google is a nightmare. I'm one of the volunteer sysadmins for https://forum.buildhub.org.uk/, a DIY and self-build forum. For 10 years it ranked very well on Google, particularly in the UK, and then on 28 December 2025 it disappeared from Google's index.

Nothing has helped, the Google forums are tumbleweed and there's no one to reach out to for what could be an algorithm change or something gone wrong. I'm a paying Workspace customer and it's made me think I need a backup plan in case I'm ever suspended. Reports like this don't encourage.

Update: A kind stranger from Google reached out and this is now resolved. Thank you HN for helping me through this.

I tried to read it assuming the blog post author is a hacker. The hacker could have stolen an OTP device with DNS access, but couldn't steal for the phone number (so they removed it, there was no explanation why phone number is removed). And honestly, how else could they prove they are legit? What if they really are a hacker?

It would be cool if Google (and other media giants, especially IdP ones) had an office where you could bring your passport and verify it's you. I don't think there is.

Once upon a time at Google: The year was 2013, and I'd been selected to be among the first 8,000 people to get Google Glass. I had to go to Google HQ in NYC from my home in Virginia to get it and be instructed 1:1 on how to use it. I was given a toll-free phone number to call for support by a Glass expert, available 24/7/365.

Not only did they answer immediately whenever I had even the smallest problem or question: I twice broke my Glass, and each time I'd call the support number to ask for a replacement.

Google's policy was that no matter how you broke it or how many times it happened, they'd replace it free. They'd immediately send a box to return the broken device (prepaid) and a couple days later a brand new Glass would arrive.

Like I said, once upon a time....

I recently had to go through the recovery flow for an admin account and it was wild. Despite Google manually unlocking the account and giving me a reset link, every login was forced to authenticate via SMS using the (removed) phone number. Luckily I was able to get a hold of it and get the code, but even after adding a TOTP and security key 2FA, further logins still required SMS.

It feels like the security team made this change to reduce account hijacking but it's at complete odds with the recovery flow and modern security practices. Better hope your phone number doesn't get hijacked or recycled because it's the key to your account now, security keys be damned.

This should be illegal. Megacorps eat more and more of our life and regular people are increasingly at mercy of these hostile entities. They should be pushed more against. If we can't have proper anti monopoly splits like AT&T, then at least ways to prevent them exerting too much power are long due. If you provide an essential service, responsibility should match that.

If you’re operating Google workspace without a well oiled Enterprise behind the scenes, a single admin account is a single point of failure.

I had this happen a couple years ago when I was migrating to a different domain. The only difference was all of the authentication that I supplied Google said was an adequate and I got into some sort of a login loop where Authenticator, SMS, DNS record nor pass key would provide enough authentication for me to get in.

I got the automated got bought to finally send me the mythical form, after completing that I was told that they were unable to authenticate me further. I ended up emailing their support multiple times and threatening lawsuits multiple times when I got a magic call from a human at Google. They also sent me the link that put me into a login loop however after chatting with them for nearly an hour I got a different magic login link form which appeared to work.

I can't believe I'm praising Microsoft (Office365) here but it actually has a track record of actually having support, support people that you can talk on the phone with and knows how to navigate the dark corners of their convoluted systems and actually solved my problems (even if it was caused by Microsoft's horrific UI in the first place).

Run your own email server, and give Google the middle finger. Letting Google own your email, and freely spy on your communications is insane. I think this incident clearly demonstrates that you cannot leave critical infrastructure like this in the hands of a third party.

> I removed my phone number from the account. I am travelling to the UK for a short period and did not want to have roaming on my Australian phone.

So for my own notes, removing a phone number from my Google account before travel will risk account suspension. Hope OP resolves it, but also need to make sure this never happens to me.

Google's customer support is interesting. Its definitely a case where you'll sometimes hit pockets of the company where clearly there was someone who made it their life's work to fix this bad reputation they have; while other pockets make it clear that they deserve the reputation.

I had a Nest subscription that became a total mess. If you've ever tried to use Nest before, or are coming from a legacy Nest account, and/or also have a Workspace account that somehow got wrapped up in the mess, you'll understand how much of a clusterf Nest is for the Google ecosystem. I had signed up for this subscription on a personal Google account, cancelled it, but was still being charged for it, and the credit card being used made me think it was getting charged on my Google Workspace account (which isn't officially supported, and would never let you sign up for it, but DID share an email address with my legacy Nest account I had migrated into the non-Workspace personal account I was using for Nest).

They had to escalate the problem a couple times, which took ~24 hours. Once that happened, their rep had it resolved in minutes, and refunded me two months on the subscription.

The biggest piece of advice I can give when dealing with Google is: Never be weird. You cannot ever put yourself in a situation where your account isn't like the other billion accounts they have. If you do, something will go wrong and its rolling the dice on whether you'll ever reach someone who can help you. If you've used Google enough, you know: Their multifactor settings are weird. You cannot set it up exactly how you want; it'll always trigger some auth method you didn't configure but they have "LATENT KNOWLEDGE" you should be able to authenticate with, like a phone number you configured six years ago, or gmail installed on a tablet that's 400 miles away, and you can't turn it off, even on Workspace.

My favorite bit of Googleism: Go to any site you sign in with Google SSO and watch the URLs in the eight redirects it has to do before it signs you in. You'll see a "youtube.com" in there. Even on a Workspace account. Youtube.com is a load-bearing website in their core auth flows.

Mess of a company. I hope they invest some effort in improving things, but I was saying the same thing in 2018. They probably won't.

Google needs to understand that watching this nightmare scenario play out over and over again is actively destroying trust in their platform. When your email, authentication, documents, payroll, and CRM all flow through a single provider and that provider can lock you out overnight with no meaningful recourse, you’ve invited customers to place their entire digital presence into a house of cards. The fact that this same story surfaces almost daily should be a wake up call to existing and prospective customers. Every unresolved lockout is one more reason to start planning an exit. Google has led the effort to lower the bar so much that it’s commonplace and somehow acceptable to ghost paying customers who youve locked out or even worse bounce them through a gauntlet of AI chat bots with the illusion that you are even aware of the damage you’ve caused.

Just had to fix an AWS account lock out this morning. Why? Despite having a $0 balance and payment info on file, until I set a budget (a new feature per their UI), all of my Cloudfront-hosted files were just unavailable on my business' site (I Cloudfront all static assets so all images, fonts, etc were just broken all of a sudden).

These are the limits of scale. Too big, too complex, and not enough skilled people to maintain and/or support it. And our hubris as humans prevents us from accepting it. Why? Why can't we accept smaller but more functional things/systems?

We don't have to live like this.

Instead of getting more dependant on Big Tech's AI products, I think the perfect use for AI is develop tools and workflows that decouple one from Big Tech.

It's quite entertaining to read - most of the article is pretty much elaborating a chain of bad decisions by the author which all lead to this now being a big problem. If he'd have written a similar dependency tree earlier and just thought about it for a few minutes that should've been avoidable.

> Update 1 - I know I can simply change the MX record to someone else but It has its own challenges.

I don't quite get that attitude. He's describing that he needs his business emails. Not just getting a mail server back online for that, even as interim solution, points to the opposite. In the time it takes for MX TTL to expire he could easily just throw up a postfix+dovecot on some VPS, with enough time to spare to add something like sogo if he feels fancy.

> On Saturday, April 4, at 5:06 AM, I received a notification saying my authenticator had been removed. It hadn’t. The authenticator was still active on my phone - it was the recovery phone I had removed. Google apparently conflated the two.

This is a massive bug here. I was also surprised recently that Google won't let you enroll multiple Authenticators. If we had functional security regulations I think there would be some pretty large fines for Google's error here.

I discovered this same issue, you are required to have a phone their auth system is bugged me.

I just set up google workspace and I didn't have recovery phone or anything,just password and recovery email. I didn't login for 1 week (life stuff). When I came back it allowed me to login but didn't allow any admin stuff saying it didn't recognize me and that I must use a known browser.

Well, that was the only browser I logged in with.

The solution was a weird thing where I was able to add phone recovery and authenticator, but then had to wait 2 weeks (couldn't use it). After that I performed authentication as usual.

It's horrible.

This is why I do full Google Takeout every 2 months and have my own domain with Workspace. I don't rely on cloud file storage. The calendar is important, but I could switch easily.

IMO, the worst part of this is Workspace support is immune to ANY explanation. I mean, credit card companies are well used to "is this your transaction?" emails.

Using a Google Workspace Super Admin account for your non-admin day to day needs is similar to using your AWS root account instead of IAM users.

In my experience Google Workspave support is very good. I’ve always been able to get a knowledgeable person on a call to debug issues without much difficulty.

But yea, if you’re locked out of your admin account, that’s another story. Very sjmilar to if you get locked out of your AWS root account. It’s a nightmare to recover.

I guess one way to protect yourself from this would be to use another IAM solution for SSO login to Google Workspace, but is there any reasonable choice for small businesses other than Entra ID or Okta?

With phone numbers, you can move from one carrier to another, while retaining your number. This helps with competition.

We need the same for email.

Sure, it may not work with the ancillary services, but keeping your email address would solve a lot of issues.

These kind of stories led me to explore de-googling my digital life. And honestly its been a fun journey and given meaning and purpose to my homelab. 100% recommend. Own your digital life, run local, reclaim the web.

Been there done that, none of it works, till this date my YouTube account is suspended and they can't do a thing about it.

Google Drive & Workspace are their most poorly designed products with the shittiest support ecosystem. Google would rather bleed money than work on it.

That's one of reason I started DoShare Personal Cloud[₁]

[1] https://getcloud.doshare.me

I failed the Apple Developer ID verification four times due to technical issues and now my account is ineligible to become a developer.

Forever.

Thanks for the great reminder to detangle myself from Google.

Time since paying Google customers had to resort to social media outrage to obtain decent resolution: 0 days

Good luck to you

At least he owns his own domain and can eventually switch over. A few years ago we decided to switch our personal emails from gmail accounts to domains we own (though the email is still handled by google.) This way if we ever lose our google account, we can switch the MX and be able to get all our recovery emails, bank second factors, password recoveries, etc.

this is actually scary as fuck

I thought with Workspace you'd actually be spared from this kind of BS

I guess not?

If you wanted to intentionally trigger every account abuse system at Google, follow this guy's script.

This occurs to dozens, hundreds, maybe even thousands of people on a daily basis. It happened to me many years ago. This is your opportunity to escape, instead you cry out here for attention. How pathetic

"Despite repeatedly explaining this, they ignored my assertions and continue to hold my email hostage."

Well, you have become the product here. That also happens by other "free" email providers too. I had this happen to me on inbox.lt; the guy demanded I use a smartphone to "prove" my identity. At that point I realised they want to connect this data to the account and sell it to others who are interested in that.

Tough situation. A good reminder to set up a backup recovery method before removing the existing one, especially when traveling.

OP triggered every possible red flags for suspicious account takeover in Google systems: deleting his recovery phone number, moving to another country and cellular provider. And then he gets surprised that the account is in 30 day cool down period??? I don't understand people sometimes.