zlacker

[return to "Terraria on Stadia cancelled after developer's Google account gets locked"]
1. arnaud+h2[view] [source] 2021-02-08 08:36:55
>>benhur+(OP)
As usual, some Googler browsing HN will reactivate his account, everyone will forget and Google won't change a thing to his unbanning process.
◧◩
2. london+we[view] [source] 2021-02-08 10:32:09
>>arnaud+h2
People at Google really do want to fix this... But it's a minefield of:

* Legal stuff (eg. some algorithm detected child porn in his account, is an employee legally allowed to look at it to confirm the algorithm was correct? no.)

* Internal Politics (eg. one team has found this account DoSing their service, while the account is perfectly normal in all other ways, but due to Googles systems being so complex a single-service ban is very hard to implement)

* GDPR/Privacy laws (The law requires the deletion of no-longer needed data. As soon as his account gets banned, the data is no longer needed for Googles business purposes (of providing service to him), so the deletion process can't be delayed.

* Stolen/shared accounts. All it takes is one evil browser extension to steal your user account cookie and go on a spamming spree. Figuring out how it happened is near impossible (user specific logs are anonymized). Usually just resetting the users logins doesn't solve it because the malware is still on the users computer/phone and will steal the cookie again.

* Falsely linked accounts. Some spammers create gmail addresses to send spam, but to disguise them they link lots of real peoples accounts for example via using someone elses recovery phone number, email address, contacts/friends, etc. In many cases they will compromise real accounts to create all these links, all so that as many real users as possible will be hurt if their spamming network is shutdown.

* Untrustable employees. Google tries not to trust any employee with blanket access to your account. That means they couldn't even hire a bunch of workers to review these accounts - without being able to see the account private data, the employee wouldn't be able to tell good from bad accounts.

* Attacks on accounts. There are ways for someone who doesn't like you to get a Google account banned. Usually there are no logs kept (due to privacy reasons) that help identify what happened. Example method: Email someone a PDF file containing an illegal image, then trick them into clicking "save to drive". The PDF can have the image outside the border of the page so it looks totally normal.

Yes, it's solvable, and Google should put more effort into it, but it's hard to do.

[go to top]