My Google Workspace account suspension

Posted by zenincognito 4 days ago

My Google Workspace account suspension(zencapital.substack.com)

369 points | 221 commentspage 4

finaard 3 days ago|

It's quite entertaining to read - most of the article is pretty much elaborating a chain of bad decisions by the author which all lead to this now being a big problem. If he'd have written a similar dependency tree earlier and just thought about it for a few minutes that should've been avoidable.

> Update 1 - I know I can simply change the MX record to someone else but It has its own challenges.

I don't quite get that attitude. He's describing that he needs his business emails. Not just getting a mail server back online for that, even as interim solution, points to the opposite. In the time it takes for MX TTL to expire he could easily just throw up a postfix+dovecot on some VPS, with enough time to spare to add something like sogo if he feels fancy.

matt_heimer 3 days ago||

I was a bit worried when I saw the title of the article because I have one of these accounts but geez he made some bad choices. Deleting all phone numbers and the recovery and swapping to a new authentication method and then accessing from a different country??? No wonder it got flagged.

I probably wouldn't believe him either. Google should have an option to revert to the last trusted config after some verification method. Google support is bad, I'll give him that.

All this to avoid roaming charges? And then refusing to share a personal email in this scenario and missing meetings because of that.

I'd argue that changing the MX to fastmail or Microsoft would be much faster than a postfix+dovecot solution on a VPS but I think he's just refusing any solution based on his principals.

Kwpolska 3 days ago||

[dead]

bartvk 3 days ago|||

That's what I didn't get either. And you don't even need to configure a VPS, there's Fastmail, Protonmail, Zoho, Kolabnow, Purely mail, Migadu and so much more.

jzl 3 days ago||

Why victim blame him for removing the phone number? He had a logical reason for doing so, and with Google supporting many forms of authentication it's perfectly reasonable to think that removing one wouldn't jeopardize the other methods.

LoganDark 3 days ago||

I failed the Apple Developer ID verification four times due to technical issues and now my account is ineligible to become a developer.

Forever.

econ 3 days ago||

I wonder, will big tech adopt the EU Digital Identity? Or will they have to be forced?

It would dramatically improve the service.

pluc 4 days ago||

Time since paying Google customers had to resort to social media outrage to obtain decent resolution: 0 days

Good luck to you

jeffbee 3 days ago||

If you wanted to intentionally trigger every account abuse system at Google, follow this guy's script.

herewulf 3 days ago||

Recently I cleaned up a SMB client's Workspace users after archiving their data (former employee accounts that had been languishing). In the space of a day or two I did the following for half the ~20 total accounts:

  - Moved to no 2FA sub-organization
  - Reset password
  - Disabled security check for ten minutes
  - Logged in as the user in a fresh browser profile
  - Exported data with Takeout
  - Deleted the account in the admin console

I fully expected to hit some kind of roadblock or delay or for alarm bells to go off for the other admins, but nope, I literally "absconded" with hundreds of gigabytes of data and nuked half the org in short order.

There is a Workspace Admin option to export users' data but it warns of an automatic 48 hour delay to let "other admins take action" if something is amiss. The client wanted the task done before getting hit with the full monthly license fees again so I had to go the manual route.

Granted, out of paranoia, I was using the client's office VPN as my traffic egress so maybe that helped.

sfmike 3 days ago||

people who travel shouldn't trigger account abuse

jeffbee 3 days ago||

Changing your account recovery and 2FA settings then immediately trying to recover your account from an unusual country should temporarily lock out your account, every time, and this is what all normal users want.

latchkey 3 days ago||

> 3) Removed recovery phone

Never put your phone in there in the first place. You can actually skip that step.

kkfx 3 days ago||

It's simply about time to own your digital life instead of being slave of someone else.

tsoukase 3 days ago||

The full text of Google's slogan is: Don't be evil (to customers that click ads from which our largest income share comes but not to developers who in the future might be our competitors).

It's just too long to fit on a T-shirt but not to memorise.

CrzyLngPwd 3 days ago||

Thanks for the great reminder to detangle myself from Google.

More comments...