Posted by RyanShook 8 hours ago
And if you do use your gmail address just forward it and start to transition to something else. With time everything of importance has been transferred.
Set up forwarding in Gmail to your new address.
Then, whenever you log in to a website or app with your Gmail, take a moment to change it to your new address. In a few weeks, most of your important accounts will be covered. In a few months, almost everything you still actively use will be done.
I did this ~5 years ago and the only thing that still arrives at my Gmail is spam.
It probably doesn't matter, but it made me feel a little better because that way Google wouldn't have direct info on to which email/domain I transfered (ignoring other Gmail contacts that start emailing me at my new address(es) ).
You can mitigate/speed the process using your password manager too.
I still use a filter in my email so that if something comes in under my Gmail, it gets a special tag that I can filter on and treat those as a todo list. Rarely happens beyond the occasional Google Meet connection.
This looks like perfect case for change of email, since lot of these accounts can be moved out from Gmail by changing the address that email is forwarded too.
Looks like all this hassle with generating a new email for each service pays for the second time (by ease of changing the main mail), in addition to spam and privacy protection.
Making a new local account on your machine is a good first step.
You can buy a domain name for like $10 per year; I recommend getting it from porkbun.com.
Cloudflare.com is good too, EXCEPT if you buy your domain from them, you'll be required to use their nameservers until and unless you transfer your domain elsewhere (which you won't be able to do for a while). Though to be fair, their free DNS is good and lots of people use it anyway. It makes email setup slightly more complicated, but it's still doable.
Spaceship.com also has a pretty good reputation, but I think their customer service isn't as good, they're quite new, and they're owned by Namecheap (a bigger domain registrar with a much worse reputation).
Whatever you do, DO NOT buy from GoDaddy. Do not even search for the domain you're considering on GoDaddy. Literally any option is better than GoDaddy.
By far the most reliable TLD options are .com, .net, and .org. These will look relatively trustworthy for email, and the price stays very very stable from year to year. If you don't want to think about it, just get one of these. You can even still find single dictionary word domains for .org or .net relatively easily.
Do not buy any domain marked "premium". This means the owner of the TLD can change the price at renewal as dramatically as they want, for any reason (e.g. if you have a website hosted at that domain that becomes popular). Your $20 per year domain might suddenly become a $300 or $3000 per year domain for no reason but greed, and you wouldn't be able to do anything about it.
Non-premium nTLD's (.club, .horse, .rocks, .theater, etc) can increase quite dramatically in price, BUT the price is required to be set the same for all domains using that nTLD, so they can't target any individual person for having a successful website or whatever. Also, you can pre-buy up to 10 years, which locks in your price for those 10 years. I'd still not recommend them for a primary email, but it's better than buying a "premium" domain. Just be aware that the yearly price might unexpectedly increase in the future.
Some country code TLD's are also good, but for email, probably stay away from the ones that spammers like to use.
___
Anyway, what I actually originally meant to comment about is: if you set up forwarding from gmail and don't check that account regularly anymore, I recommend setting up a gmail filter rule that forwards all your gmail spam to you (their regular forwarding setting leaves it out and just sends it to the gmail spam folder). It's a little annoying to have to re-flag some of the spam as spam in your new email, but gmail has a habit of marking non-spam as spam for me, and if you're not regularly checking that spam folder you can easily miss important email.
After a year or two losing Gmail becomes an inconvenience; after a few more years it is nothing. As everything is now on your own domain name you can switch providers without affecting anything.
That's what I did about 5 years ago and my only regret is not doing it earlier.
Pretty sure just moving emails would have take a lot less effort. I had the advantage of keeping the domain until I was ready to move, now imagine Google just turned it off one day and what your workload would be. I shudder to think about having to deal with that.
I got a custom domain. I still host it on google, because I know how impossible it is for small companies to have a reasonable program to deal with insider threats. Because of that, I think only one of the giant companies can realistically provide secure email. And the google app suite is great. Now that I pay for google workspace, there's support and appeals available, and if they ban me anyway, I still control the domain and can regain access to everything.
I have not been able to delete the old address, even after 3 years. There are some things like Google Fi that can only use a non-workplace google account. Very, very rarely, I still get an email that matters on it. But I got to the point where I could stop checking it in about 2 months, and now I look at it about once a week quickly, more out of habit than anything else.
The switch was annoying, but not "hard". It was worth it.
make another mailbox (another provider - migadu, fastmail, proton, whoever) that has IMAP as well. (selfhosting.. is PITA. only if u really need it).
install some standalone mail-client - thunderbird, clawsmail, applemail, or k9 , aqua on android, whatever. Attach both mailboxes into that. Find out how to copy an e-mail from one folder into another.
Folder by folder, select all mails, copy from one mailbox into the other. Will take time.
(Beware, some clients (apple) will fuckup the mail-date, anything older than 5 years becomes 5 years old. or it shows like that. YMMV.)
i have made this multiple times, for 20+ years of mails...
After a few years you'll notice you stop bothering to check your Gmail and you can delete it to close the address.
If you need motivation, skim the /r/GMail subreddit and see how many people are getting locked out daily.
I vaguely recall encountering a service that only accepted addresses from a whitelist of big providers (Gmail, Yahoo, Outlook, etc.), even @icloud did not qualify.
I've never once run into a service with such a restriction, but I can imagine someone being that short-sighted. I have seen services that only support "log in with Google or Facebook", which is comparably terrible.
Who? Never heard of them, and it sounds like there's a good reason for that.
What's the playbook for migrating away in this situation?
I switched to fastmail with my own domain.
Although I am increasingly concerned with its longevity since there's a non-zero risk that Proton might shut down SimpleLogin since Proton Pass has its own alias feature.
Current state of OIDC should be pretty much standard across most providers - it put it that devs need too make the push to support alt login providers for preventing vendor lockin in identity like were currently barreling towards in hardware/software.
Its not evil of Google to say "Here is an allotment of steeply discounted tokens, but you can only use them with our services."
"Google Shuts Down Gmail For Two Hours To Show Its Immense Power"
Notably some model providers explicitly allow that very flow, while others will ban you without notice.
The correct and sane thing to do is to send them an email, with at most a 24 hour suspension. If they keep doing it despite being warned then by all means fire them.
A general problem for Google products is that everything is mixed together.
That's exactly what they did, plus Gemini CLI and Code Assist, which are the same product in different formats.
The web doesn't work like that. The operators of google.com saying you must only use Chrome to load it is a ridiculous concept. It's not spoofing to use your own access credentials on your own computer to access your own account on an HTTP API.
I have no idea what you are talking about. Chrome? Are you sure you are replying to the right thread?
Unfortunately the government is full of corrupt geriatrics who do not understand technology and are paid to continue not understanding technology as they sign bills prepared for them by ALEC.
I hope this is sarcasm. A permaban as the first action is never a good idea.
As a hedge, you can google.com/takeout on a monthly cadence.
At least a few years ago when raspberry pi nodes were cheap, you could set up rClone to sync the `TAKEOUT` folder of your gdrive account locally and then encrypt it and shove it into backblaze. Then set up a monthly reminder to quickly request a takeout and make sure that you choose the "deliver to google drive" option.
I'm the customer, not the product.
If people lost access to their whole accounts that would be a major crisis for Google users. But it doesn't seem that that was actually the case.
This doesn't make it super clear, but, the submission from a week ago when bans got handed out: https://news.ycombinator.com/item?id=47115805
However many stories appeared where people tried to claim that their whole Google account was banned to gain traction.
Unless it is clear that a full Google account has been banned we should push back on any story that claims this.
By now they lost any trace of goodwill they ever had and are guilty until proven innocent.
I agree that the digital death sentence is really bad and doubly so seen that many are using single-sign on tied to their Google identity but...
> with a company that notoriously has no way for the average human to contact a human is not worth the risk
There's definitely phone support for paying Google Workspace users: don't tell me there's not, my wife got Google support on the phone more than once and they've been helpful.
And it's not a crazy expensive subscription either.
A week? Try at least 16 days
https://discuss.ai.google.dev/t/account-restricted-without-w...
The danger here is they'll ban you with no specific reason, fill out the form and you get an automatic unban and then something else automatically flags and you're banned the second time permanently.
Support bot will then say "you were warned, read the TOS" and you get to guess what you did wrong.
You'll notice there are no appeals or reviews in this workflow.
Google has no creditability when it comes to handling account bans.
Google wasn't always like this, and moving of from an email address isn't technically hard, but something that 99% of the people will be very very reluctant to do.
Anti Gravity I understand, they are subsidizing to promote a general IDE, but I dont understand constraining the generative AI backend that Gemini CLI hits.
Finally, it's unclear what's allowed and what's not if I purchase the API access from google cloud here https://developers.google.com/gemini-code-assist/docs/overvi...
The Apache License of this product at this point is rich. Just make it closed source and close the API reference. Why have it out there?
To this day I cannot coax the gemini-cli to allow me to use the models they claim you have access to. Enabled all the preview stuff in cloud etc etc.
Still I mostly get 2.5 and rarely get 3 or 3.1 offered.
The gemini-cli repo is a shit show.
I can seem to access the new models using opencode, but am 429 rate limited almost immediately such that its like 5 minutes between calls.
They mask the 429s well in Gemini-Cli - if an endpoint is rate limited, they try another, or route to another model, etc to keep service availability up.
Your experience on the 429s is consistent with mine - the 429s is the first thing they need to fix. Fix that and they have a solid model at a good price point.
I use my own coding agent (https://github.com/hsaliak/std_slop) and not being able to bring my (now cancelled) AI account with Google to it is a bummer.
I'd still use it with the Code Assist Standard license if the google cloud API subscription allows for it but I have no clarification.
That is what is should do, but there is no > 2.5 model shown in /model and it always picks a 2.5 model. Ive enabled preview models in the google cloud project as well.
If I pass the 3 model in start param it shows 3 in the lower right corner but it is still using 2.5.
I know google has issues dealing with paying customers but the current state is a shit show. If you go to the gemini-cli repo its a deluge of issues and ai slop. It seems there is a cadre of people jumping to be the first person to pump an issue into claude and get some sort of PR clout.
It might be good but it needs more time to cook, or they need to take a step back and evaluate what they should consider a paid product.
What they are actually trying to force you to do is to pay for the tokens that you don't use in their applications to increase their revenue and/or give their in-house tools an "unfair" advantage. But this is bad for the consumer because it means that there is less competition between coding agents and unless I'm willing to pay per token I have to take one of the model labs agents.
Anticompetitive behaviour imo they could just ban reselling tokens or something like that instead of locking your subscription in like this.
This is almost as realistic as "I wish netflix or youtube allowed me to use VLC to watch their content".
The easiest way to watch a movie in the player of my choice - even if i have legal access to it because it's in my netflix subscription - is to download it off piratebay.
Add to that Netflix's shitty discovery system, I'm pretty sure I watched some downloaded movies in spite of actually having legal access to them.
Oh, remember when PC games used to come on disks? For the Netflix example I can only guess, but I'm 100% sure I downloaded isos for games I had actually bought and had the physical disc... somewhere.
especially considering most modern movie/tv piracy is free streaming websites - shitty quality and awkward player controls, definitely no choice of player here
Oh, except they do[0].
Anecdotally, I'm having a very hard time imagining there are more Gemini Cli users than Codex users.
Think of it like the digital right-to-repair.
I pay for it, I get to use it with any client I want. Simple.
They have no problem with users using their quota on their own software. Because they get the signals. They do have a problem with users using the API in 3rd party software, because they don't get the signals.
if OpenClaw usage go up, and a service (OpenAI it looks like) gets lots of usage data for personal assistent usage, they can optimize to make it better for people who get a $200 subscription just because of that use case.
This is not at all true. What is prompting this behavior from Google and Anthropic is that people are using their oauth creds/API keys to run OpenClaw bots that use orders of magnitude more tokens than the IDEs. The official clients also can use a lot more prompt caching because they have expected workflows.
And like, if you want to run OpenClaw, they’re not saying you can’t do that: use the API pricing, that’s what it’s for. But people are getting mad that they’re not allowed to roll their pickup truck up to the all-you-can-eat buffet table and fill it.
It's been 2 months since these bans have started, first Anthropic, then Google. And their wording is still so confusing that I can't get a simple answer to a simple question:
Is piggybacking on headless 'gemini-cli -p' or 'claude -p' a TOS violation? Because there's really no reason why you can't do exactly what these tools did that caused these two companies to start giving out bans.
Unless you're in for a very specific configuration of models for some niche concern, CLIs give you nearly exact same access to the backend that snatching an OAuth token from them does. They give you JSONL for stdin, JSONL for stdout, and if you spin up a local proxy, you even get the same exact API contract in responses that you get from public APIs.
In fact, I already built a small tool for myself that does exactly that, to allow usage of alternative harnesses I prefer. Once I release it to the public, will -p be banned too?
But that's the sole reason why all of the tools have headless modes. Headless mode is textbook definition of supporting automation.
From gemini docs: [1]
> Headless mode allows you to run Gemini CLI programmatically from command line scripts and automation tools without any interactive UI.
And claude code:
> Use the Agent SDK to run Claude Code programmatically from the CLI, Python, or TypeScript
Why does headless mode exist if using it is a bannable offense?
[1] https://google-gemini.github.io/gemini-cli/docs/cli/headless...
>Unless previously approved, Anthropic does not allow third party developers to offer claude.ai login or rate limits for their products, including agents built on the Claude Agent SDK. Please use the API key authentication methods described in this document instead.
Seems clear-cut to me.
But these tools, including openclaw, didn't have to snatch the OAuth tokens, they could have used claude code built in headless stdio and consequences for Anthropic would be exactly the same. OAuth was just faster to plug in.
So if I open source my solution that allows opencode & openclaw to go through claude cli's headless mode, is this allowed? Is this a product that allows claude.ai login?
What if I open source a 1 line bash loop (e.g. ralph loop) that does the same?
What if I build a more complex bash loop that goes through my tasks in a text file, and calls claude cli for each?
I don't know at which point this becomes "offering claude.ai login" or a "product", or "building agents".
Here's my product:
while :; do cat PROMPT.md | claude ; done
Am I blacklisted now?
My guess is, and others have said this as well in the thread: "when you start utilizing your weekly quotas fully".
But obviously, they can't put "you can't use your weekly allocated quota fully". That would be way too honest and we can't accept that.
But you just made this up? There's no text on the page that says this. What the linked page does is explain technical differences between Agent SDK and Client SDK, and Agent SDK and cli (Agent SDK is just a wrapper around cli anyway).
Neither tab says anything remotely like "if a third-party app prompts the Agent SDK and uses the output for tool calls, that's not allowed." You entirely fabricated this from the comparisons.
And your assumption is wrong on another level. The Agent SDK specifically exists so that you can write your own harness and give it custom tools - that's its entire purpose. It's even documented in their custom tools guide [1]. So not only "using a third-party harness with the Agent SDK" isn't forbidden, it's the product's primary use case. There's no such thing as "harness provided by claude for the agent SDK" - you bring the harness.
The only policy statement on that page is this:
> Unless previously approved, Anthropic does not allow third party developers to offer claude.ai login or rate limits for their products..
But I've already addressed this, so it seems we're going in circles.
[1] https://platform.claude.com/docs/en/agent-sdk/custom-tools
Yea, you don't seem to even understand what you are writing. This in no way contradicts any statement I or Anthopic has said.
>Neither tab says anything remotely like "if a third-party app prompts the Agent SDK and uses the output for tool calls, that's not allowed." You entirely fabricated this from the comparisons.
From: https://platform.claude.com/docs/en/agent-sdk/overview#agent...
>The Anthropic Client SDK gives you direct API access: you send prompts and implement tool execution yourself. The Agent SDK gives you Claude with built-in tool execution.
>With the Client SDK, you implement a tool loop. With the Agent SDK, Claude handles it:
Python
# Client SDK: You implement the tool loop
response = client.messages.create(...)
while response.stop_reason == "tool_use":
result = your_tool_executor(response.tool_use)
response = client.messages.create(tool_result=result, \*params)
# Agent SDK: Claude handles tools autonomously
async for message in query(prompt="Fix the bug in auth.py"):
print(message)
ToS change frequently and it’s not really fair to assume the user knows what is and is not correct use of tokens.
Like in a similar vein, Instagram sometimes randomly bans genuine users without appeal, probably because they deal with thousands more spam accounts that don't deserve a warning/appeals process.
[0] Like as Anthropic reported: https://www.anthropic.com/news/detecting-and-preventing-dist...
To be charitable, maybe they’re expecting AI agents to eventually start reading the ToS docs
Google consistently fails to provide a process to deal with user issues. You donot see many reports of these at Amazon, Microsoft, Apple, and many more providers. Though Meta learns from google I think.
Yes but as we're talking about Microsoft, these cases are probably explained by incompetence.