I know whenever this happens, a lot of HN-types like to act smug about how "you should have known to not trust a company with your data, do your own backups"
But for everyone else (skipping over the fact that you could have a little more compassion to someone who lost decades worth of important, sentimental data), running your own backups is way more work than should be necessary compared to the mainstream solutions. Especially since most people will likely not hit this scenario anyway, it's just a lottery of the unlucky.
And honestly why are we just accepting that these organizations sitting on infinitely growing wealth can use it to incentivize us to give us all their data for convenience and otherwise worry-free management of it, and then just lock you out one day based on bad algorithms, and offer next to no customer support to resolve it because they don't want to spend a tiny fraction of their operation budget on a department for that?
I'm not sure how you'd enforce regulation on something like that but if we're gonna let big tech run rampant and collect all this data on the population, it seems like the bare minimum to offer a better experience for stuff like this.
>(skipping over the fact that you could have a little more compassion to someone who lost decades worth of important, sentimental data)
Someone who lost *access* to decades worth of important, sentimental data. It is extremely likely that 100.000% of their data still exists in its original form. That one word makes a world of difference for my compassion levels. If it exists, access can be restored. My compassion is for the frustration level toward getting a human at MS, which is a different and weirder problem.
Not to mention that companies incessantly push for you to use their services to safeguard your data. Microsoft ENFORCES usage of an online account these days.
They tell you that you need to hand over your money to keep your data safe. The explicitly have things like Vault to keep your special documents even safer!
> And honestly why are we just accepting that these organizations sitting on infinitely growing wealth can use it to incentivize us to give us all their data for convenience and otherwise worry-free management of it, and then just lock you out one day based on bad algorithms, and offer next to no customer support to resolve it because they don't want to spend a tiny fraction of their operation budget on a department for that?
We aren't. That's why we tell people not to trust a company with their data.
That's like complaining people telling you to avoid a super cheap space heater are elitist and unsympathetic to those with less money, while at the same time decrying that everyone accepts that the manufacturer gets away with selling a space heater that occasionally burns your house down.
My point is this is a problem of the of the multi-trillion-dollar corporations, and I think they should be in charge of solving it. Not for every one of the ~6 billion people who use the internet to solve for themselves through preemptive measures and self-inflicted inconvenience.
Supposedly our votes are important, and regulation is not impossible.
I agree that what you describe should be done, but until we are there (which likely won't be soon), not trusting big tech and ensuring backup copies of anything important is sound advice.
If you're Google and you bust someone for having child porn, you shouldn't have to keep hosting child porn. Maybe a mandated period to download your data when you get locked out and put in read-only. Say they have to give you a month.
And closing off the visibility of your content to others, obviously
>> you bust someone for having child porn, you shouldn't have to keep hosting child porn.
Alternative question: if Google decides I had child porn on my account and deletes it, how can I prove that it wasn't a child porn?
It's my data, and until someone proves in court that the law was broken, how can they delete it on a basis of breaking the law? It would be offensive even if it happened due to human misunderstanding, but getting banned on an account I paid for, because their algorithms are shit -- that's beyond any reason.
You'd expect that there should be a support line and you should be able to resolve it by reaching a human but Google sucks
For stuff like email and cloud there are plenty of alternatives and no dominance of a single company over the market, so I believe that it would be a bridge too far to mandate Google to provide support or "banning banning accounts"
Rather just they hold onto banned people's data for a while and let them download it
Funny example of Google banning account over what they determined to be CSAM.
I specifically remember Google banning a father because they detected medical photos of his son that were for his doctor. And then refused to reinstate his account!
What a ridiculous straw man, nobody has argued that Google should be forced to host child porn.
When we sign up, the deal is that they store our data securely and indefinitely as long as we pay for the service. Why should they be allowed to unilaterally break contracts and set deadlines that wipe out our data without a legal due process after paying them for 30 years?
We supposedly live in a democracy where we should have laws that the common person wants, so I'm asking you, why should we be happy with your version of the law?
Why shouldn't we demand a law that prohibits them from wiping our data without a court decision or a signed waiver from the account owner? Failing that, they should be on the hook for compensation of 10 times of the total amount we paid for the service since inception, or $1 million* (for the sake of the argument), whichever is higher.
Where's the straw man? If you discuss "banning banning accounts", this is one (edge?) case.
>"Why should they be allowed to unilaterally break contracts"
In the case of the user infringing on the terms of service, they're just backing out through the regular exit clause following a breach that was on your end.
Without breach of service, in most legislations contracts with an indefinite duration must have provisions that allow either party to terminate the contract with reasonable notice.
Forcing them to hold onto your stuff for a month until you can figure out another provider or a way to self-host is reasonable notice. Maybe 3 months? A year?
>Why shouldn't we demand a law that prohibits them from wiping our data without a court decision or a signed waiver from the account owner?
Because that would be a burden for anyone willing to launch software that host any kind of user data
that would be a burden for anyone willing to launch software that host any kind of user data
if dealing with consumers is a burden, then you should not start a business. the same argument is being made against right to repair and having spare parts available or against the ability to download all your data. or have it deleted. and yet that is being made law in several places. any provision to protect consumers is a burden. that is a non-argument.
the question here is one of balance and appropriateness. if you go bankrupt, storing and making the data available for all users for another year is a burden. but if you have millions of users, keeping the data around for a few blocked users until their violation can be proven is not a burden. especially because you can potentially still continue to charge for the subscription.
>the same argument is being made against right to repair and having spare parts available
Just as valid back then. There's nothing wrong with the argument. You have to evaluate it every time. For right to repair we just decided it was worth it.
I don't think this is worth it. A few months to dl your stuff is enough. Companies shouldn't need to host things that go against their terms of service when they ban you for infringing on their terms of service. It would be nonsense.
Honestly, I'm not going to entertain these hypotheticals.
Given that Google has banned an account of a dad for having pictures of his son he was going to share with his doctor under the reasoning of "CSAM" I don't trust Google to be the Judge, Jury, and Executioner.
They're not hypotheticals. Google is big. It happens every day.
It's reasonable for Google to have automated systems for this, reasonable to deny service arbitrarily, and they should not obligated to provide customer support. They're a bad service in a competitive market for the cloud. So don't use their services.
The point being that, assholes or not, while you shouldn't be entitled to their service, you should be entitled to your data, and deleting it arbitrarily should be considered infringing on that.
> And honestly why are we just accepting that these organizations
I suspect that's what people who remind others not to trust these services are thinking, and that's why the reminder. If you rely on these services, you are accepting exactly those bad things. We can equally decide not to accept them by not using the services or, at the very least, by considering them unreliable and acting accordingly (such as not allowing important data to exist solely in them).
> "you should have known to not trust a company with your data, do your own backups"
Hey, yeah, I'm one of those people, and I'm not backing down.
The """cloud""" as solutions of all technical problems ("don't bother with NASes and external drives, just save to the cloud") is mainly dumbing down the average user, and these are the results.
If you don't have your data on (at least) a physical drives in your home, you already lost it.
It is smug because the average person is not a geek running a micro rack in their basement (nor does the average person possess the time, means or expertise to spin up and maintain all such should they even want to).
It is smug because, to GP's point, a dismissal of a very real problem with hyper-consolidated markets that allow the most powerful entities on earth to abdicate their responsibility, and foist it upon the people least equipped to handle it, all in the name of "personal responsibility".
You don't have to be a geek, you don't need a rack, you don't need much time to do this. Just buy some external drive and copy at least something there. We're talking about "30 years of irreplaceable photos and work". Doing a backup one time a year would save 90%+ of that data in case of problems, without any need for technical knowledge or dedicating significant time to this.
I agree that the companies should not be allowed to just lock you out of your data like that, but even if there was a strongly enforced law mandating companies to not do this, you still should have some backup. Many things could happen, and doing a simple backup is a very small investment which can save you from losing 30 years of data (even if the risk is very small).
Getting backups right _is_ difficult and can easily be quite stressful. Yes, having some external drives here and there with files would of course be helpful. But then, should you encrypt them in case of theft? Where to keep them in case of fire? What to do with "old" backups (can I trust the drive to live more than 2 years? 5 years?), copy them over to new drives? But what then with duplicated files? I think having backups in the cloud is currently the best "backup and forget" strategy
> Getting backups right _is_ difficult and can easily be quite stressful.
My point was that something is much better than nothing, and you don't need 99.999% reliability in your setup to greatly reduce risk that you're exposing yourself to when keeping 30 years of data in only one place.
> But then, should you encrypt them in case of theft?
Depends on the nature of the data. I guess that most of that 30 years worth of data didn't need encryption, and copying only insensitive data is an option. On the other side, cloud account, or device logged in to the cloud account could be stolen too.
> Where to keep them in case of fire?
That's irrelevant if we're talking about backing up data stored on cloud service.
> What to do with "old" backups (can I trust the drive to live more than 2 years? 5 years?), copy them over to new drives? But what then with duplicated files?
Aside from some unlikely issues, yes, drives should last at least a couple of years. In the 5+ year timeframes I think you could just buy a new drive (bigger/cheaper/more reliable than the last as the technology improves). If we're talking about a lazy strategy of backing up the data once a year, even deleting everything on a drive and copying everything again isn't that bad. Better than nothing.
> I think having backups in the cloud is currently the best "backup and forget" strategy
But we're not talking about having the cloud as a backup. The issue here is having the files only in the cloud, with no backup. For a non-technical person, cloud as a backup is great, but here we have a case where a person had all their data only on the cloud, and then lost access to the cloud. If the cloud was only a backup (or a way to sync/access the data on other devices), but the data would still be present on some private device, there would be no problem.
The mistake of the OP was to not buy the new drive right away and copy his data locally. No basement rack needed, just a USB hard drive. They wrote about owning multiple drives and having collected data over the course of 30 years, so they weren’t completely nontechnical either.
Aren't the govs that are voting in all over the place on right wing side all for 'personal responsibility' and no gov coddling? But sure, I am absolutely for rules for these companies, having a number to call with a human etc and not actually bring allowed to not offer that because the service is free or cheap and the company very large so no one thinks it will matter.
Drives are very cheap these days and it seems he had most of it local but went full cloud.
So I definitely agree about being smug. This isn't funny and you can approach this with empathy and understanding for how soul-crushing this is for this person.
And also, you do not need a rack of homelab gear to do backups. I have an AV rack (somewhat undermining my point I accept), 16U, bolted to my laundry wall. Within it is a network switch, my ISP's routing gear, my Phillips hue controller, and 3 PCs. One is a dedicated Minecraft box (shut up), one is my universal Ubuntu box for miscellaneous automations + plex, and one is a Windows 10 box that handles my DVR, file shares, and backups.
The actual backups themselves are scripts that run nightly and move data from the misc. PCs to the big one, along with some syncthing shares that do the same, and then the lot is backed up offsite with a backup vendor's application. I grant if you were setting this entire setup up from nothing, it would be a decent amount of work. However I also point out, this is all off the shelf batch files and OSS. This is hardly what I would call engineering, and that's by design, I wanted it to very simple.
So, big empathy, big understanding, I would give this dude a hug if I could. AND, people should take this as a lesson to not just shove all their shit into a monolith and call it a day because it's cheap and easy.
There’s good advice and there is “being an asshole.” Unfortunately, many HNers don’t read their emails as the recepient does and they sound very preachy and condescending instead of helpful unfortunately(or maybe it’s on purpose.)
Your last sentence is exactly what the OP is talking about.
> Everything you create should be in git or similar.
Everything you create should be on a machine you control, preferably in a house different from the one where you created it. Version control is optional (and Git probably overengineered for your one-man projects, but that's a different discussion).
Yes - lots of uninteresting discussion about the importance of having backups.
> This feels not only unethical but potentially illegal, especially in light of consumer protection laws. You can’t just hold someone’s entire digital life hostage with no due process, no warning, and no accountability. If this were a physical storage unit, there’d be rights, procedures, timeframes. Here? Nothing. Just a Kafkaesque black hole of corporate negligence.
^ This is what's worth discussing, not opinions about that guy's backups, or what the cloud is, or that this is known to regularly happen. We're already all tech-adjacent
A good backup strategy is still hard. Over the years, it became clear to me that ther are not only technical but also legal failure modes. So 'a virus ate it' or 'the drive died' are not enough. We now also have 'I sent a photo of my kid to the docter and the kiddy porn alert went off' or 'The Google algo says no' or even 'Someone called the police on my neighbour and they just took the whole building to evidence'.
Also, “the house burnt down” or “the bank sold the contents of my safe deposit box, including the restore key”.
E2E encryption is the only approach I’ll even consider for cloud backup. There’s also the problem where a product manger decides to recompress all your images to save space, or normalize the exif or whatever.
I used to use Amazon Cloud Drive, but then they banned encrypted files, so I moved elsewhere.
Number of people saying that you should just make sure you have backups. That's true, but there's still a role for government to play to prevent this sort of thing. We don't let companies sell poisonous food - why do we let them offer digital services that can be arbitrarily frozen?
I once lost years of Gmail, Drive, Photos, YouTube, etc., etc., because I posted a meme to their Google Plus social media site. It was a JPEG screenshot of a credit card form, and it said, "This post is only viewable by Google Plus Gold members; sign up now." It just took one click from some apathetic call center moderator, who looked at the post for 0.5 seconds total, to get everything connected with the company insta-wiped. I bought a Synology NAS since then, and now I treat my relationship with any company as very fragile.
If you force people into bitlocker, at least have a setup wizard at the start that forces them to export the key/print the key, or maybe even ask them if they want their stuff encrypted. For a regular home desktop, it's rarely a need and too much hassle
Secondly, why not offer use something like LUKS does just with a password?
TPM is a horrible way to secure things anyway and you need a PIN for true security.
As applies to other major data services providers with shit-useless customer support and arbitrary algorithmic "service" decision-making, DO NOT FUCKING TRUST your data to rest exclusively within anything that they own and control.
Export your email archives, spread your personal files across multiple devices and services, and ideally, keep copies of your files on your own backup HDs or at the very least with one other cloud provider, that also happens to be small enough for you to reach a human if something goes wrong.
At least Microscum can't yet lock one out of their own PC or laptop at this stage. This person trusted too much in their OneDrive service.
To note: looking particularly at people who've let themselves become Google-dependent here, just as much as anyone silly enough to trust 30 years of their work exclusively to fucking Microsoft of all things.
I... wasn't aware of that particular tidbit, but all the more worrisome. At least it was a genuine error and not part of a deliberate Microshit policy of enforcing the ability to lock one's computer down.
BitLocker has rescue codes, or something. I remember using them in such a situation. It was a corporate machine, and I had been instructed to obtain the rescue codes the first thing upon receiving it.
To whoever downvoted this perfectly reasonable range of suggestions that anyone sane should apply given what we all know full well about these companies ability to freeze accounts and comically dystopian user "support", Why? Respond constructively, as adults do, if you have some disagreement.
For anyone non technical, either ask a lllm to explain it to you like you are 5 (eli5), search online for ‘how to add a custom domain to [your email provider]’ or seek assistance.
Importantly, don’t register the domain name (website url) at the same company your email is with.
> always use your own domain so if your email service locks you out, you can move to another instantly.
What to do if your domain is taken away legally (e.g. via trademark dispute) or due to a random combination of unlucky factors is bought before you can extend it?
Besides what email do you specify when buying domains? Where do you host that email? How do you deal if that email locks you out?
I hope don't say "use me@example.com to register example.com" because that circle seems like a fun thing to solve in a pinch.
Domain registrars usually allow a fallback email address, or, at least for the ones I use in my country, allow communication by phone or postal mail to restore access.
As a general rule, using smaller independent providers gives you more resilience and recourse than relying on big tech.
Many non-technical people don't even know what a domain name is, or what they're used for. Most people think "I go to websites by typing it into Google and clicking the link".
Data is far more important than society, regulation, individuals give it mind. Doubly so if the data is technically in another jurisdiction. And it's a classic insurance scenario too - redundant storage seems like money thrown in the fire, but after a disaster like OP's, lost data seems invaluable.
Service providers are at the very least part of the problem. For one, they project a lot of confidence for safety, but protect themselves well legally in case of any event - and automate away as much customer interaction as they can.
A nice improvement would be customer service that takes the issues seriously. But, I realize, that is far more complex and expensive than how it sounds.
Yeah Microsoft can be pretty bad with that stuff. When my sons account, which was also what he used for Minecraft, was stolen I even reached out to a real person. Could they help us get the account back? No because they most protect the owner of the account. Which is even more crazy if you think about it because that would be my son and not the thief they gave the account to.
I use BeeFiles for all my important files. I can access them anywhere, it’s not a subscription it’s a one time purchase, and it supports backup to external hard drive as well as backup to an online service (subscription based).
Synology really did a good job of building something non technical people could use as an alternative to onedrive etc.
I dont know how people are so weird to trust any provider ever. Its nice for a bit and then it rots. You always keep everything on pathetically cheap drives at home. Always. You have to assume you will get screwed even if you pay in the age of AI flagging and 0 protections or recourse. How many stories do we need for this to happen?
Sadly, this reminds me of a facetious story I wrote several years back when Google tried to build a neighborhood in Toronto. It follows a Google fanboy that moves in, only to get locked out when something abruptly decides "No, you don't live here anymore."
> But one day, you come back to your apartment. It's locked, and won't accept your authentication method. Since your technocrat landlords despise plain old metal keys for some reason (What are you, a peasant?), they provide one of several alternative methods for you to open doors. (Why can't those cyborgs be more like normal people?) They advise you to never share how or with what you use to login to them. Whatever it is, it's not working. You hope there's not an electrical outage somewhere.
> Because you're living in the future, everything is connected to the internet. Like most everything else, your door has a display mounted into it. A message appears, informing you that since you've violated the terms of service, your account has been terminated. You're locked out from all your stuff! There is a customer service robot downstairs, so you try to get some answers from it. Unsurprisingly, the robot is not helpful, not sympathetic, and it won't listen to an unperson.
Where is what illegal? And how do you prove it? I just let my grandma or close friend live there. There, I found a workaround in 2 seconds. If I can, so can BlackRock and friends and your rental market is still fucked.
You can't fix a supply and demand problem with regulations. Why don't people get this?! I've never seen a place with strong tenant protections that has affordable or easy to get rents. See Berlin as one example of many.
in some cities in germany it is illegal to leave living quarters vacant for more than 60 or 90 days.
in hamburg the local government can take over empty living quarters, renovate them and rent them out without the permission of the owner.
I just let my grandma or close friend live there.
you can do that if you have only one place to rent out, but not 10. and besides, then your friend is not living somewhere else freeing up another place and they would enjoy the same rent protection too. so in fact you don't win anything.
Berlin
do you think without the protection berlin would be any better?
maybe instead take a look at vienna which has a model that actually works. two thirds of apartments in vienna are subsidized by the government. and when you build something new, again two thirds of that must be subsidized.
Plenty of "rented" apartments sitting empty in Berlin. People don't give a fuck about the laws, if there's no enforcement and the market is in the favor of the landlords.
>maybe instead take a look at vienna which has a model that actually works.
Why is it that people can only name Vienna? Vienna is the exception, not the rule. Hence why it's the only city in Austria doing it and not the whole country. If only there was a switch every city in the world could flip and magically turn into Vienna overnight, but housing in real life doesn't work like that.
Some cities have found a balance by deregulating the market, not further regulating it. There's no silver bullet solution that can be applied everywhere like a blanket. That's why Vienna is the only city people can name where regulations have done more good than bad, because it's the exception as in most other cities regulations have made the situation worse, like Berlin.
>do you think without the protection berlin would be any better?
Have they tried deregulating it for an A/B test to see? Because all people do is just maintain the status quo while complaining it's not working but also psy-opped themselves into thinking that any change of that status quo would be even worse even though they don't have experience with any other model.
Why is it that people can only name Vienna? Vienna is the exception, not the rule.
i don't think this argument makes sense. first of all, the existence of an exception proves that a better way is possible. second the whole point is that vienna has different regulations than berlin. you would have to point to cities that apply the same regulations as vienna but have a different outcome to be able to claim that vienna is an exception that somehow inexplicably works better, and then you could argue that we don't know why vienna is an exception. but the outcome in vienna can very well be explained. it's that the city owns a lot of property and subsidizes new developments. which other city in the world does that? show me a city that applies the same strategy as vienna without getting the same results. i don't think there is one.
I did not write it with a specific city in mind, only somewhere in the United States, due to the CFAA invoked towards the end. Then again, Big Tech is often wildly out of touch with both laws and expectations of everyday people outside of Silicon Valley. (Move fast and break things, remember?)
Never completely trust the cloud. I will never forget when Mat Honan did this and lost everything, while editor of Wired. Always backup offline as much as in the cloud.
I wish he wrote a follow up on his current security practices.
He said someone socially engineered and took over his Apple account and reset all his devices. He said he had trouble with 1password as it only existed on the wiped device. He had to get a backup from Dropbox which fortunately was accessible on his wife’s machine. I didn’t understand what happened to his Google and Amazon but he had to reset them too.
The only thing I can think of is to have local and cloud backups of your data which is the only thing that matters.
I gotta say, this is complicated enough that most people don’t do it, and there is a big business opportunity here.
Resilio Sync (using bittorrent) kinda sucks for backing up to a USB hard drive that’s been connected.
SynThing is what I use. Even so. What I would really want is something that “just works” with multiple encrypted backups around the world, deduplication and chunking.
I know whenever this happens, a lot of HN-types like to act smug about how "you should have known to not trust a company with your data, do your own backups"
But for everyone else (skipping over the fact that you could have a little more compassion to someone who lost decades worth of important, sentimental data), running your own backups is way more work than should be necessary compared to the mainstream solutions. Especially since most people will likely not hit this scenario anyway, it's just a lottery of the unlucky.
And honestly why are we just accepting that these organizations sitting on infinitely growing wealth can use it to incentivize us to give us all their data for convenience and otherwise worry-free management of it, and then just lock you out one day based on bad algorithms, and offer next to no customer support to resolve it because they don't want to spend a tiny fraction of their operation budget on a department for that?
I'm not sure how you'd enforce regulation on something like that but if we're gonna let big tech run rampant and collect all this data on the population, it seems like the bare minimum to offer a better experience for stuff like this.
>(skipping over the fact that you could have a little more compassion to someone who lost decades worth of important, sentimental data)
Someone who lost *access* to decades worth of important, sentimental data. It is extremely likely that 100.000% of their data still exists in its original form. That one word makes a world of difference for my compassion levels. If it exists, access can be restored. My compassion is for the frustration level toward getting a human at MS, which is a different and weirder problem.
Not to mention that companies incessantly push for you to use their services to safeguard your data. Microsoft ENFORCES usage of an online account these days.
They tell you that you need to hand over your money to keep your data safe. The explicitly have things like Vault to keep your special documents even safer!
> Microsoft ENFORCES usage of an online account these days.
Wait until the EU Commission hears about this.
It's crazy that we need the EU Commission to talk sense into US companies.
> And honestly why are we just accepting that these organizations sitting on infinitely growing wealth can use it to incentivize us to give us all their data for convenience and otherwise worry-free management of it, and then just lock you out one day based on bad algorithms, and offer next to no customer support to resolve it because they don't want to spend a tiny fraction of their operation budget on a department for that?
We aren't. That's why we tell people not to trust a company with their data.
That's like complaining people telling you to avoid a super cheap space heater are elitist and unsympathetic to those with less money, while at the same time decrying that everyone accepts that the manufacturer gets away with selling a space heater that occasionally burns your house down.
My point is this is a problem of the of the multi-trillion-dollar corporations, and I think they should be in charge of solving it. Not for every one of the ~6 billion people who use the internet to solve for themselves through preemptive measures and self-inflicted inconvenience.
Supposedly our votes are important, and regulation is not impossible.
I agree that what you describe should be done, but until we are there (which likely won't be soon), not trusting big tech and ensuring backup copies of anything important is sound advice.
I’ve been supportive of a bill that bans, banning accounts. Only allows you to put them in read only mode.
If you're Google and you bust someone for having child porn, you shouldn't have to keep hosting child porn. Maybe a mandated period to download your data when you get locked out and put in read-only. Say they have to give you a month.
And closing off the visibility of your content to others, obviously
>> you bust someone for having child porn, you shouldn't have to keep hosting child porn.
Alternative question: if Google decides I had child porn on my account and deletes it, how can I prove that it wasn't a child porn?
It's my data, and until someone proves in court that the law was broken, how can they delete it on a basis of breaking the law? It would be offensive even if it happened due to human misunderstanding, but getting banned on an account I paid for, because their algorithms are shit -- that's beyond any reason.
You'd expect that there should be a support line and you should be able to resolve it by reaching a human but Google sucks
For stuff like email and cloud there are plenty of alternatives and no dominance of a single company over the market, so I believe that it would be a bridge too far to mandate Google to provide support or "banning banning accounts"
Rather just they hold onto banned people's data for a while and let them download it
Funny example of Google banning account over what they determined to be CSAM.
I specifically remember Google banning a father because they detected medical photos of his son that were for his doctor. And then refused to reinstate his account!
https://www.theguardian.com/technology/2022/aug/22/google-cs...
What a ridiculous straw man, nobody has argued that Google should be forced to host child porn.
When we sign up, the deal is that they store our data securely and indefinitely as long as we pay for the service. Why should they be allowed to unilaterally break contracts and set deadlines that wipe out our data without a legal due process after paying them for 30 years?
We supposedly live in a democracy where we should have laws that the common person wants, so I'm asking you, why should we be happy with your version of the law?
Why shouldn't we demand a law that prohibits them from wiping our data without a court decision or a signed waiver from the account owner? Failing that, they should be on the hook for compensation of 10 times of the total amount we paid for the service since inception, or $1 million* (for the sake of the argument), whichever is higher.
Where's the straw man? If you discuss "banning banning accounts", this is one (edge?) case.
>"Why should they be allowed to unilaterally break contracts"
In the case of the user infringing on the terms of service, they're just backing out through the regular exit clause following a breach that was on your end.
Without breach of service, in most legislations contracts with an indefinite duration must have provisions that allow either party to terminate the contract with reasonable notice.
Forcing them to hold onto your stuff for a month until you can figure out another provider or a way to self-host is reasonable notice. Maybe 3 months? A year?
>Why shouldn't we demand a law that prohibits them from wiping our data without a court decision or a signed waiver from the account owner?
Because that would be a burden for anyone willing to launch software that host any kind of user data
that would be a burden for anyone willing to launch software that host any kind of user data
if dealing with consumers is a burden, then you should not start a business. the same argument is being made against right to repair and having spare parts available or against the ability to download all your data. or have it deleted. and yet that is being made law in several places. any provision to protect consumers is a burden. that is a non-argument.
the question here is one of balance and appropriateness. if you go bankrupt, storing and making the data available for all users for another year is a burden. but if you have millions of users, keeping the data around for a few blocked users until their violation can be proven is not a burden. especially because you can potentially still continue to charge for the subscription.
>the same argument is being made against right to repair and having spare parts available
Just as valid back then. There's nothing wrong with the argument. You have to evaluate it every time. For right to repair we just decided it was worth it.
I don't think this is worth it. A few months to dl your stuff is enough. Companies shouldn't need to host things that go against their terms of service when they ban you for infringing on their terms of service. It would be nonsense.
Honestly, I'm not going to entertain these hypotheticals.
Given that Google has banned an account of a dad for having pictures of his son he was going to share with his doctor under the reasoning of "CSAM" I don't trust Google to be the Judge, Jury, and Executioner.
They're not hypotheticals. Google is big. It happens every day.
It's reasonable for Google to have automated systems for this, reasonable to deny service arbitrarily, and they should not obligated to provide customer support. They're a bad service in a competitive market for the cloud. So don't use their services.
The point being that, assholes or not, while you shouldn't be entitled to their service, you should be entitled to your data, and deleting it arbitrarily should be considered infringing on that.
reasonable to deny service arbitrarily
it's not. and at least in germany you are able to take google to court over this.
they should not obligated to provide customer support
in the EU the right to speak to a human to resolve issues is mandated by law. so they are obligated to provide customer support.
> And honestly why are we just accepting that these organizations
I suspect that's what people who remind others not to trust these services are thinking, and that's why the reminder. If you rely on these services, you are accepting exactly those bad things. We can equally decide not to accept them by not using the services or, at the very least, by considering them unreliable and acting accordingly (such as not allowing important data to exist solely in them).
> "you should have known to not trust a company with your data, do your own backups"
Hey, yeah, I'm one of those people, and I'm not backing down.
The """cloud""" as solutions of all technical problems ("don't bother with NASes and external drives, just save to the cloud") is mainly dumbing down the average user, and these are the results.
If you don't have your data on (at least) a physical drives in your home, you already lost it.
[flagged]
It is smug because the average person is not a geek running a micro rack in their basement (nor does the average person possess the time, means or expertise to spin up and maintain all such should they even want to).
It is smug because, to GP's point, a dismissal of a very real problem with hyper-consolidated markets that allow the most powerful entities on earth to abdicate their responsibility, and foist it upon the people least equipped to handle it, all in the name of "personal responsibility".
You don't have to be a geek, you don't need a rack, you don't need much time to do this. Just buy some external drive and copy at least something there. We're talking about "30 years of irreplaceable photos and work". Doing a backup one time a year would save 90%+ of that data in case of problems, without any need for technical knowledge or dedicating significant time to this.
I agree that the companies should not be allowed to just lock you out of your data like that, but even if there was a strongly enforced law mandating companies to not do this, you still should have some backup. Many things could happen, and doing a simple backup is a very small investment which can save you from losing 30 years of data (even if the risk is very small).
Getting backups right _is_ difficult and can easily be quite stressful. Yes, having some external drives here and there with files would of course be helpful. But then, should you encrypt them in case of theft? Where to keep them in case of fire? What to do with "old" backups (can I trust the drive to live more than 2 years? 5 years?), copy them over to new drives? But what then with duplicated files? I think having backups in the cloud is currently the best "backup and forget" strategy
> Getting backups right _is_ difficult and can easily be quite stressful.
My point was that something is much better than nothing, and you don't need 99.999% reliability in your setup to greatly reduce risk that you're exposing yourself to when keeping 30 years of data in only one place.
> But then, should you encrypt them in case of theft?
Depends on the nature of the data. I guess that most of that 30 years worth of data didn't need encryption, and copying only insensitive data is an option. On the other side, cloud account, or device logged in to the cloud account could be stolen too.
> Where to keep them in case of fire?
That's irrelevant if we're talking about backing up data stored on cloud service.
> What to do with "old" backups (can I trust the drive to live more than 2 years? 5 years?), copy them over to new drives? But what then with duplicated files?
Aside from some unlikely issues, yes, drives should last at least a couple of years. In the 5+ year timeframes I think you could just buy a new drive (bigger/cheaper/more reliable than the last as the technology improves). If we're talking about a lazy strategy of backing up the data once a year, even deleting everything on a drive and copying everything again isn't that bad. Better than nothing.
> I think having backups in the cloud is currently the best "backup and forget" strategy
But we're not talking about having the cloud as a backup. The issue here is having the files only in the cloud, with no backup. For a non-technical person, cloud as a backup is great, but here we have a case where a person had all their data only on the cloud, and then lost access to the cloud. If the cloud was only a backup (or a way to sync/access the data on other devices), but the data would still be present on some private device, there would be no problem.
The mistake of the OP was to not buy the new drive right away and copy his data locally. No basement rack needed, just a USB hard drive. They wrote about owning multiple drives and having collected data over the course of 30 years, so they weren’t completely nontechnical either.
Aren't the govs that are voting in all over the place on right wing side all for 'personal responsibility' and no gov coddling? But sure, I am absolutely for rules for these companies, having a number to call with a human etc and not actually bring allowed to not offer that because the service is free or cheap and the company very large so no one thinks it will matter.
Drives are very cheap these days and it seems he had most of it local but went full cloud.
Amazing you bring politics into it. I’m glad the GOP and Trump live rent free in your head so it extends to everything you do.
So I definitely agree about being smug. This isn't funny and you can approach this with empathy and understanding for how soul-crushing this is for this person.
And also, you do not need a rack of homelab gear to do backups. I have an AV rack (somewhat undermining my point I accept), 16U, bolted to my laundry wall. Within it is a network switch, my ISP's routing gear, my Phillips hue controller, and 3 PCs. One is a dedicated Minecraft box (shut up), one is my universal Ubuntu box for miscellaneous automations + plex, and one is a Windows 10 box that handles my DVR, file shares, and backups.
The actual backups themselves are scripts that run nightly and move data from the misc. PCs to the big one, along with some syncthing shares that do the same, and then the lot is backed up offsite with a backup vendor's application. I grant if you were setting this entire setup up from nothing, it would be a decent amount of work. However I also point out, this is all off the shelf batch files and OSS. This is hardly what I would call engineering, and that's by design, I wanted it to very simple.
So, big empathy, big understanding, I would give this dude a hug if I could. AND, people should take this as a lesson to not just shove all their shit into a monolith and call it a day because it's cheap and easy.
[flagged]
There’s good advice and there is “being an asshole.” Unfortunately, many HNers don’t read their emails as the recepient does and they sound very preachy and condescending instead of helpful unfortunately(or maybe it’s on purpose.)
Your last sentence is exactly what the OP is talking about.
Well, the previous poster had to invent a quote. And you're the one name calling here. Look in the mirror my friend.
I just want to echo the (very good) comment by jmull:
> Well, the previous poster had to invent a quote. And you're the one name calling here. Look in the mirror my friend.
Yeah, look in the mirror.
Everything you create should be in git or similar. All this value added crap is an unprofessional hack and should be treated as such.
The lack of compassion comes from those of us who know how to use computers correctly getting tired of being told to take this stuff seriously.
> Everything you create should be in git or similar.
Everything you create should be on a machine you control, preferably in a house different from the one where you created it. Version control is optional (and Git probably overengineered for your one-man projects, but that's a different discussion).
Yes - lots of uninteresting discussion about the importance of having backups.
> This feels not only unethical but potentially illegal, especially in light of consumer protection laws. You can’t just hold someone’s entire digital life hostage with no due process, no warning, and no accountability. If this were a physical storage unit, there’d be rights, procedures, timeframes. Here? Nothing. Just a Kafkaesque black hole of corporate negligence.
^ This is what's worth discussing, not opinions about that guy's backups, or what the cloud is, or that this is known to regularly happen. We're already all tech-adjacent
Related: passkeys.
A good backup strategy is still hard. Over the years, it became clear to me that ther are not only technical but also legal failure modes. So 'a virus ate it' or 'the drive died' are not enough. We now also have 'I sent a photo of my kid to the docter and the kiddy porn alert went off' or 'The Google algo says no' or even 'Someone called the police on my neighbour and they just took the whole building to evidence'.
Also, “the house burnt down” or “the bank sold the contents of my safe deposit box, including the restore key”.
E2E encryption is the only approach I’ll even consider for cloud backup. There’s also the problem where a product manger decides to recompress all your images to save space, or normalize the exif or whatever.
I used to use Amazon Cloud Drive, but then they banned encrypted files, so I moved elsewhere.
Number of people saying that you should just make sure you have backups. That's true, but there's still a role for government to play to prevent this sort of thing. We don't let companies sell poisonous food - why do we let them offer digital services that can be arbitrarily frozen?
We 100% allow companies to poison our food and water. If there is profit, there is a loophole.
Texas just lifted regulatio s to allow fracking run off into drinking water.
You're nit picking a tangential point.
Agreed, this should not be allowed. Period. But as long as no one does anything, make backups.
Data is ephemeral. A backup can be ruined in a millisecond. The government can't react fast enough.
Trust but v\e\r\i\f\y\ back up on your own media.
Again, agree.
Also related; https://www.theguardian.com/technology/2022/aug/22/google-cs...
I once lost years of Gmail, Drive, Photos, YouTube, etc., etc., because I posted a meme to their Google Plus social media site. It was a JPEG screenshot of a credit card form, and it said, "This post is only viewable by Google Plus Gold members; sign up now." It just took one click from some apathetic call center moderator, who looked at the post for 0.5 seconds total, to get everything connected with the company insta-wiped. I bought a Synology NAS since then, and now I treat my relationship with any company as very fragile.
This belongs to /r/assholedesign
If you force people into bitlocker, at least have a setup wizard at the start that forces them to export the key/print the key, or maybe even ask them if they want their stuff encrypted. For a regular home desktop, it's rarely a need and too much hassle
Secondly, why not offer use something like LUKS does just with a password?
TPM is a horrible way to secure things anyway and you need a PIN for true security.
As applies to other major data services providers with shit-useless customer support and arbitrary algorithmic "service" decision-making, DO NOT FUCKING TRUST your data to rest exclusively within anything that they own and control.
Export your email archives, spread your personal files across multiple devices and services, and ideally, keep copies of your files on your own backup HDs or at the very least with one other cloud provider, that also happens to be small enough for you to reach a human if something goes wrong.
At least Microscum can't yet lock one out of their own PC or laptop at this stage. This person trusted too much in their OneDrive service.
To note: looking particularly at people who've let themselves become Google-dependent here, just as much as anyone silly enough to trust 30 years of their work exclusively to fucking Microsoft of all things.
> At least Microscum can't yet lock one out of their own PC or laptop at this stage.
tell that to the people that received the dreaded Bitlocker unlock screen after a broken windows update
key is... stored in your MS account
I... wasn't aware of that particular tidbit, but all the more worrisome. At least it was a genuine error and not part of a deliberate Microshit policy of enforcing the ability to lock one's computer down.
BitLocker has rescue codes, or something. I remember using them in such a situation. It was a corporate machine, and I had been instructed to obtain the rescue codes the first thing upon receiving it.
I have a windows 8 phone that’s up to 30 days between pin guesses.
I probably should give up and recycle it.
But can you not remove the PIN screen entirely if you have access?
It's probably the first PIN you thought you tried.
Not speaking from experience, or anything.
Doesn't BitLocker allow them to do exactly that? Your local files are encrypted by a key they hold
To whoever downvoted this perfectly reasonable range of suggestions that anyone sane should apply given what we all know full well about these companies ability to freeze accounts and comically dystopian user "support", Why? Respond constructively, as adults do, if you have some disagreement.
For anyone non technical, always use your own domain so if your email service locks you out, you can move to another instantly.
And follow the 3-2-1 rule https://www.veeam.com/blog/321-backup-rule.html
"For anyone non technical" and "always use your own domain" sound a bit of opposite things to me
For anyone non technical, either ask a lllm to explain it to you like you are 5 (eli5), search online for ‘how to add a custom domain to [your email provider]’ or seek assistance.
Importantly, don’t register the domain name (website url) at the same company your email is with.
It takes less than 15 minutes to go to GoDaddy and purchase a domain. I encourage everyone to own their name.
What do you mean by own their name?
Rent some characters from a random company for $15/year.
Also, recursively rent another domain to host the recovery email address.
It’s turtles all the way down.
> always use your own domain so if your email service locks you out, you can move to another instantly.
What to do if your domain is taken away legally (e.g. via trademark dispute) or due to a random combination of unlucky factors is bought before you can extend it?
Besides what email do you specify when buying domains? Where do you host that email? How do you deal if that email locks you out?
I hope don't say "use me@example.com to register example.com" because that circle seems like a fun thing to solve in a pinch.
Domain registrars usually allow a fallback email address, or, at least for the ones I use in my country, allow communication by phone or postal mail to restore access.
As a general rule, using smaller independent providers gives you more resilience and recourse than relying on big tech.
Many non-technical people don't even know what a domain name is, or what they're used for. Most people think "I go to websites by typing it into Google and clicking the link".
Horrible stuff.
Data is far more important than society, regulation, individuals give it mind. Doubly so if the data is technically in another jurisdiction. And it's a classic insurance scenario too - redundant storage seems like money thrown in the fire, but after a disaster like OP's, lost data seems invaluable.
Service providers are at the very least part of the problem. For one, they project a lot of confidence for safety, but protect themselves well legally in case of any event - and automate away as much customer interaction as they can.
A nice improvement would be customer service that takes the issues seriously. But, I realize, that is far more complex and expensive than how it sounds.
New fear unlocked : account frozen due to sudden peak of activity (which happens logically if you _use_ it).
Cloud as backup #2, a hard drive as backup #1 and another hard drive in another location as backup #3
> account frozen due to sudden peak of activity
I'm paranoid about checking online bank/brookerage accounts late at night because this.
Yeah Microsoft can be pretty bad with that stuff. When my sons account, which was also what he used for Minecraft, was stolen I even reached out to a real person. Could they help us get the account back? No because they most protect the owner of the account. Which is even more crazy if you think about it because that would be my son and not the thief they gave the account to.
I use BeeFiles for all my important files. I can access them anywhere, it’s not a subscription it’s a one time purchase, and it supports backup to external hard drive as well as backup to an online service (subscription based).
Synology really did a good job of building something non technical people could use as an alternative to onedrive etc.
One issue I have with Synology is that when you film in slow motion (120/240fps) it will upload the 30fps 'flattened' version.
'What if I told you it's just someone else's computer' meme is evergreen.
I dont know how people are so weird to trust any provider ever. Its nice for a bit and then it rots. You always keep everything on pathetically cheap drives at home. Always. You have to assume you will get screwed even if you pay in the age of AI flagging and 0 protections or recourse. How many stories do we need for this to happen?
remember when RMS said "cloud computing is a trap" and we all laughed and laughed...
Sadly, this reminds me of a facetious story I wrote several years back when Google tried to build a neighborhood in Toronto. It follows a Google fanboy that moves in, only to get locked out when something abruptly decides "No, you don't live here anymore."
https://theandrewbailey.com/article/203/Insanity-Locked-Out....
> But one day, you come back to your apartment. It's locked, and won't accept your authentication method. Since your technocrat landlords despise plain old metal keys for some reason (What are you, a peasant?), they provide one of several alternative methods for you to open doors. (Why can't those cyborgs be more like normal people?) They advise you to never share how or with what you use to login to them. Whatever it is, it's not working. You hope there's not an electrical outage somewhere.
> Because you're living in the future, everything is connected to the internet. Like most everything else, your door has a display mounted into it. A message appears, informing you that since you've violated the terms of service, your account has been terminated. You're locked out from all your stuff! There is a customer service robot downstairs, so you try to get some answers from it. Unsurprisingly, the robot is not helpful, not sympathetic, and it won't listen to an unperson.
This would never work in Toronto.
Ontario tenancy laws are so pro-tenant that not even Google could evict a tenant that quickly.
"Ontario tenancy laws are so pro-tenant that not even Google could evict a tenant that quickly."
that's good then, I bet the rent price is pro tenant too
Wow, that's so relevant! It sure doesn't sound like you have an axe to grind!
Laws being far too pro tenant don't usually result in lower rents for the tenants, but the contrary.
Landlords then prefer to keep their apartments empty instead of risking a bad tenant or have very high bar to entry in order to get an apartment.
in some places that's illegal
Where is what illegal? And how do you prove it? I just let my grandma or close friend live there. There, I found a workaround in 2 seconds. If I can, so can BlackRock and friends and your rental market is still fucked.
You can't fix a supply and demand problem with regulations. Why don't people get this?! I've never seen a place with strong tenant protections that has affordable or easy to get rents. See Berlin as one example of many.
Where is what illegal?
in some cities in germany it is illegal to leave living quarters vacant for more than 60 or 90 days.
in hamburg the local government can take over empty living quarters, renovate them and rent them out without the permission of the owner.
I just let my grandma or close friend live there.
you can do that if you have only one place to rent out, but not 10. and besides, then your friend is not living somewhere else freeing up another place and they would enjoy the same rent protection too. so in fact you don't win anything.
Berlin
do you think without the protection berlin would be any better?
maybe instead take a look at vienna which has a model that actually works. two thirds of apartments in vienna are subsidized by the government. and when you build something new, again two thirds of that must be subsidized.
>Berlin
Plenty of "rented" apartments sitting empty in Berlin. People don't give a fuck about the laws, if there's no enforcement and the market is in the favor of the landlords.
>maybe instead take a look at vienna which has a model that actually works.
Why is it that people can only name Vienna? Vienna is the exception, not the rule. Hence why it's the only city in Austria doing it and not the whole country. If only there was a switch every city in the world could flip and magically turn into Vienna overnight, but housing in real life doesn't work like that.
Some cities have found a balance by deregulating the market, not further regulating it. There's no silver bullet solution that can be applied everywhere like a blanket. That's why Vienna is the only city people can name where regulations have done more good than bad, because it's the exception as in most other cities regulations have made the situation worse, like Berlin.
>do you think without the protection berlin would be any better?
Have they tried deregulating it for an A/B test to see? Because all people do is just maintain the status quo while complaining it's not working but also psy-opped themselves into thinking that any change of that status quo would be even worse even though they don't have experience with any other model.
Why is it that people can only name Vienna? Vienna is the exception, not the rule.
i don't think this argument makes sense. first of all, the existence of an exception proves that a better way is possible. second the whole point is that vienna has different regulations than berlin. you would have to point to cities that apply the same regulations as vienna but have a different outcome to be able to claim that vienna is an exception that somehow inexplicably works better, and then you could argue that we don't know why vienna is an exception. but the outcome in vienna can very well be explained. it's that the city owns a lot of property and subsidizes new developments. which other city in the world does that? show me a city that applies the same strategy as vienna without getting the same results. i don't think there is one.
I did not write it with a specific city in mind, only somewhere in the United States, due to the CFAA invoked towards the end. Then again, Big Tech is often wildly out of touch with both laws and expectations of everyday people outside of Silicon Valley. (Move fast and break things, remember?)
Never completely trust the cloud. I will never forget when Mat Honan did this and lost everything, while editor of Wired. Always backup offline as much as in the cloud.
https://www.wired.com/2012/08/mat-honan-data-recovery/
I wish he wrote a follow up on his current security practices.
He said someone socially engineered and took over his Apple account and reset all his devices. He said he had trouble with 1password as it only existed on the wiped device. He had to get a backup from Dropbox which fortunately was accessible on his wife’s machine. I didn’t understand what happened to his Google and Amazon but he had to reset them too.
The only thing I can think of is to have local and cloud backups of your data which is the only thing that matters.
I gotta say, this is complicated enough that most people don’t do it, and there is a big business opportunity here.
Resilio Sync (using bittorrent) kinda sucks for backing up to a USB hard drive that’s been connected.
SynThing is what I use. Even so. What I would really want is something that “just works” with multiple encrypted backups around the world, deduplication and chunking.
There’s also BackBlaze.
We had a recent thread about BackBlaze: https://news.ycombinator.com/item?id=43802675
They don't seem to be super trustworthy, at least not as the single copy of all your data.
[dead]