Slashdot Mirror

← Back to Stories (view on slashdot.org)

Where Do You Go When Google Locks You Out?

Posted by kdawson on from the invisible-man dept.

Lobais sends in the cautionary tale of a man who was locked out of Google Groups for three years — losing the ability to administer his own open source project in the process. "After about a year of using Google Groups for the PyChess project, I started [noticing] a problem. When I wrote mails to the list, no one would answer. And when I answered other peoples' post[s], they seamed to ignore them and press for new answers. As I tried to check the online group to see what was happening, I got a 403 Forbidden error. After a short while I realized that this error was given for any page on the groups.google.com subdomain. The lockout meant that I was unable to manage the PyChess mailing list. I was unable to fight increasing spam level, and more importantly I couldn't reply to anybody in my community. I wasn't even able to visit the Google help forums, which are all on groups.google.com. As the services are free of charge, I never really expected any support options. ... How can we know how often this kind of thing happens? If any admin can lock you out by a sloppy click, and give you no option to defend yourself, then it is bound to happen once in a while."

36 of 332 comments (clear)

  1. Title but no story! by Dutchmaan · · Score: 5, Funny

    Does anyone know why I'm just seeing a "403 Forbidden error" for this story!?

  2. free but not cheap by timmarhy · · Score: 4, Insightful

    seems to be a common theme with free software and free services - it often starts out as the cheap option, but ends up costing more. i'm fine with people using free stuff, but seriously don't complain when it blows up in your face.

    --
    If you mod me down, I will become more powerful than you can imagine....
    1. Re:free but not cheap by keeboo · · Score: 4, Insightful

      Sourceforge offers free services for developers and works fine for me. The free support is adequate.

      I think that the problem is that Google has a terrible support for their services.
      My experience with them is that when things go wrong, you're screwed (unless you pay, it seems).

    2. Re:free but not cheap by Bert64 · · Score: 4, Insightful

      Software and services are entirely different in this context...

      Once you have some free software the copy you have doesn't change unless you choose to change it, thus if it was working it will continue working the same.
      A service on the other hand, is entirely under the control of a third party and can change at their whim.

      This article is entirely about a service that started off working, and then the company providing it stopped providing it to the one particular user with no explanation as to why.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    3. Re:free but not cheap by kestasjk · · Score: 4, Funny

      Freshmeat.net is also an excellent service, and don't forget to pick up a t-shirt of fun geeky gift at thinkgeek.com!

      --
      // MD_Update(&m,buf,j);
    4. Re:free but not cheap by yyxx · · Score: 5, Insightful

      seems to be a common theme with free software and free services - it often starts out as the cheap option, but ends up costing more

      And the evidence for that would be ... what?

      i'm fine with people using free stuff, but seriously don't complain when it blows up in your face.

      And how does complaining do you any good when commercial, expensive stuff blows up in your face? When Microsoft discontinues products? When Apple kills your app in their App Store? When DEC goes out of business? When Symbolics takes a research project, makes it proprietary, and then proceeds to kill it? Open source and free software were founded because commercial software had blown up in people's faces time and again. With open source, you at least have options for dealing with the problem, with proprietary software, you're stuck.

      As for Google, if you want for-pay services, get a Google Apps domain. Those applications that you pay for are supported. And Google offers you the ability to download and backup your data so that you aren't stuck.

      Even if you use the free services, so far, I have had a lot less trouble with free Google services than with any of the for-pay hosted web services I've used.

    5. Re:free but not cheap by IamTheRealMike · · Score: 4, Informative

      Google doesn't respond to its own abuse either. Via their cache they often do requests (to check if the pages still exist?) on our servers. These sometimes trigger our www-burglar-alarm (they actually do something that is not allowed). When you send an abuse mailing you never hear again.

      Hello, a Googler here. I'm not sure what your specific issue is, but if you want to prevent the crawler (GoogleBot) from doing things, you need to set up the robots.txt file appropriately. If you still see the bad requests, they are being triggered by some kind of human action and you'd need to figure out what (the headers sent with the request should tell you).

    6. Re:free but not cheap by CBravo · · Score: 5, Informative

      The robots.txt file is ignored if the final target is not in the domain.

      Thanks for the header-reminder.

      --
      nosig today
    7. Re:free but not cheap by Enleth · · Score: 5, Interesting

      What you're saying is very interesting, but in contradiction to my experience with GoogleBot's behavoiur.

      I've seen GoogleBot-images do a normal crawl of the images on the site, respecting robots.txt and all, and then, start a crawl over the images it was explicitly forbidden from indexing, from the same IP (*definitely* a Google IP, not an impostor), just with the User-Agent header changed to an empty string. Nice, eh? It was way too fast and way too cordinated to be triggered by human action. And if there was actually a human involved in telling the bot to return to the site, *ahem*, "incognito" a few seconds later, I'd be more than happy to tell them to bugger off properly when they're told to.

      --
      This is Slashdot. Common sense is futile. You will be modded down.
    8. Re:free but not cheap by TheCarp · · Score: 4, Insightful

      Sure but... why do you care? It seems to me that you should filter/tune your alert messages. You must get tons of spew from all sorts of IPs all the time. Every single one of my servers sees all manner of shit. Attempts to exploit IIS vulnerabilities (I guess I shouldn't be surprised that its more time efficient to spam vulnerabilities at every host than to check what you are connected to), exploit software that isn't even installed etc... google cache rechecks seem like they would be the least of your worries.

      I mean... it is essentially a false alarm, and you want google to make an exception for you when, its your alarm that you setup thats really bothering you. Tune the alarm.

      -Steve

      --
      "I opened my eyes, and everything went dark again"
    9. Re:free but not cheap by Johann+Lau · · Score: 4, Insightful

      BS. Unless the path they're trying is excluded by robots.txt, why shouldn't they try links? Because you say so? Well, then you'd at least need to argue for it.

      It's your job to properly configure your webserver, and it's trivial. Worrying about bots trying out stuff is just a waste of time IMHO: If there is a hole, fix it - if there is no hole, there is no need to keep track of every squirrel sneaking around the premises.

      changing commands in my cms is not allowed in the Netherlands.

      What does that even mean haha??

    10. Re:free but not cheap by noidentity · · Score: 5, Funny

      Feedback is not one of [Google's] strong sides.

      I don't see their Feedback(tm) product listed anywhere. Maybe it's still in beta.

    11. Re:free but not cheap by Johann+Lau · · Score: 4, Informative

      In the Netherlands you can view http://example.com/command=view&id=12345 but you are not allowed to change that to http://example.com/command=edit&userid=5&id=12345

      And what makes you so sure Google did not just followed a link? put differently, how do you know it's the fault of google and not the CMS/webmaster? are you sure it wasn't a rogue spider simply giving a Googlebot UA string, that is, did you check the ip addresses. etc... ?

      Also, going to that page and being greeted with a "you need to be logged in to do that" message is not the same as trying to log in. not by any stretch of the imagination.

      If your CMS doesn't check credentials AND you're not excluding bots from these URLs via robots.txt, you have a huge problem - but Google is not it ;)

      Did I mention the link was not found in Google itself?

      Not every link that is spidered shows up instanlty (or ever) in search results, so that doesn't really mean anything.

    12. Re:free but not cheap by TubeSteak · · Score: 5, Funny

      FWIW: I wanted to know the origin of the link they requested and they did not bother to reply.

      I hope you tried
      ::takes off shades::
      Googling for the link
      YEEEEEAAAAAAAAAAAAAAHHHHHHHHHHH!

      --
      [Fuck Beta]
      o0t!
  3. Appeals process by Rijnzael · · Score: 4, Insightful

    I've always felt that it's in the best interest of entities like Google to add some sort of official, all-service-reaching appeals process to rectify erroneous enforcement actions, or at least give an answer as to how customers broke the Terms of Use so that they can correct such behavior in the future. Being that Google is so huge and that many people's livelihoods depend on it, even if many of these critical services are free, it's in their best interest, and having a department that makes getting the ear of such a huge entity straightforward would really increase customer loyalty as well as reduce apprehension of arbitrary lock-outs.

    1. Re:Appeals process by IamTheRealMike · · Score: 5, Informative

      or at least give an answer as to how customers broke the Terms of Use so that they can correct such behavior in the future.

      Unfortunately there's no way to explain what triggered an abuse check to good users without also explaining it to spammers, and obviously that would reduce the anti-abuse systems effectiveness very quickly.

      So, full disclosure, I work on abuse at Google. False positives are obviously a problem and we try to minimize them. When they do occur, there's usually a way to appeal it, either automatically by using SMS/phone verification or by writing into support and getting a manual review (contrary to what you might read we do have free support for our products and large numbers of people use it every day). It sounds like in this case Groups did not provide an appeal path, or at least didn't do so three years ago. I'll check to see if this is still the case.

      Finding a way to improve the appeals process without letting through large amounts of spammers is a tricky problem and we know we could do a better job of it today. Throwing up a call center isn't quite as trivial as it sounds for a bunch of reasons.

    2. Re:Appeals process by Rijnzael · · Score: 5, Interesting

      How's charging a reasonably low price for a phone call or two to resolve the issue with a support person who is knowledgeable as well as able to effect change? Say, charge someone's card $10 and then initiate the support call, and if they are found out to have been an erroneous ban, refund the $10. Keeps the spammers from appealing in a massive manner, while allowing the one-off mistakes relief.

    3. Re:Appeals process by Ami+Ganguli · · Score: 4, Interesting

      Telling somebody what they've done to violate terms-of-service shouldn't be a problem. You don't need to give away how you caught them, just what it is you think they did wrong. Surely a one-liner along the lines of "we believe you're using your Groups account for spam" should be ok, it would make the whole experience a lot less Kafkaesque.

      --
      It is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail. - Abraham Maslow
    4. Re:Appeals process by IamTheRealMike · · Score: 5, Informative

      Sure, we'd like to do that. I was discussing it with management quite recently actually. There are a bunch of tricky issues specific to the case of dealing with abuse disables that we still need to think through fully and figure out good answers for, but I won't be surprised to see something like this happen in the longer term.

    5. Re:Appeals process by IamTheRealMike · · Score: 4, Informative

      Yeah, we do that for most products. Totally agreed that Groups should provide/have provided a more helpful error than a 403 Forbidden.

    6. Re:Appeals process by X0563511 · · Score: 4, Interesting

      At the company where I work (a hosting company) we give a user one chance to clean up their stuff. If they fail, we disconnect them (again, if the offense was bad enough to disconnect on the first time). After that, it's $50 a pop to reactivate the service, and if they continue to screw up we keep pulling the plug. Eventually they seem to figure out we won't allow that kind of garbage, and either clean up... or go away and become someone else's problem.

      Not an ideal solution, but it seems to work wonders.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  4. Newsflash: The companies don't give a damn... by TheMiddleRoad · · Score: 5, Insightful

    They don't care about your chess hobby. They don't care about you. Not Apple, not Google, not Microsoft, not Donner, not Blitzen. You're a number, a nothing. The cloud will swallow you whole.

    Set up your own damn server.

    1. Re:Newsflash: The companies don't give a damn... by davidbrucehughes · · Score: 5, Interesting

      Several years back I had built up quite a large following on a Yahoo group. At one point the group had over 600 members, not bad. I did some posts on other groups on related subjects. Maybe one of them complained. Anyway, one fine day Yahoo refused to let me login. All attempts to contact the company were fruitless. I found that not only my account but also the entire group was nuked. Fortunately I had a backup of the registration emails. I shelled out some bucks for a server, emailed all my group members with the new group address, and never looked back.

      --
      om namo bhagavate vasudevaya
    2. Re:Newsflash: The companies don't give a damn... by calmofthestorm · · Score: 5, Insightful

      I still don't get why people think this "cloud" thing is a step forward, given it means less privacy, less control, less reliability, and requires constant net access, not to mention shifting terms of service and the like. And for what? Cross-device access? I can see this being good for some people but I'll pass.

      --
      93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
    3. Re:Newsflash: The companies don't give a damn... by couchslug · · Score: 4, Insightful

      "Fortunately I had a backup of the registration emails. "

      Well done, and a step many would overlook.

      --
      "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  5. Re:"No option to defend yourself"? by Jah-Wren+Ryel · · Score: 5, Informative

    Why not create another account to let your users know what's going on, and to contact Google support staff?

    Why not read the fine article and discover the he did just that and it didn't help?

    --
    When information is power, privacy is freedom.
  6. anyone actually read the article ? by Anonymous Coward · · Score: 4, Informative

    looks like none of the above actually read the article, its not asking for help as he has contacted support through the enterprise support option and all has been resolved, he's just saying on the free support it's taken google 3years to fix the issue.

    to be fair to google, I wonder how many support calls from non paying customers they must get a day so probably from the work load 3 years is probably quite fast :-)

    my only other comment would be, why has this made /. not exactly news worthy.

    1. Re:anyone actually read the article ? by RonnyJ · · Score: 5, Insightful

      Not quite, with the free support they didn't fix the issue - they took a year to tell him he'd broken the Terms of Service, and then no reply as to why. Even then, when trialling the paid-for support, they still managed to bill him when they shouldn't have.

      As for not being news-worthy, how else can people highlight these kinds of issues?!

    2. Re:anyone actually read the article ? by RichiH · · Score: 4, Funny

      Post it to the relevant mailing lists? Oh, wait..

  7. Re:"No option to defend yourself"? by somersault · · Score: 5, Informative

    I have just read it, while he did create another account to let his group know what was going on. It really doesn't sound like he tried very hard to get in touch with Google for proper support, he just waited three years for an answer to fall into his lap.

    He at one point complains that all the support pages linked into Groups so he couldn't access them, but he clearly could after creating his second account. The guy just sounds a bit lazy, the way he whines at the idea of moving to a different hosting/forum provider etc

    --
    which is totally what she said
  8. Re:3 years? by sammyF70 · · Score: 4, Informative

    I take it you never had to ask Google for support? It can take months until anyone answers your mail IF they even bother. And what you will get is generally just a canned answer pointing you to a FAQ you probably already read a few times. Replying to that generally results in a few more month waiting for a completely uncommited "We're looking into it", or worse "Please contact some other part of Google. It's not OUR problem". Google's user support sucks so hard, they should use it to fix the BP oil leak. I had to deal with them as a *paying* customer (Android Developers do pay a fee after all), and it was like talking to badly programmed chatbots running on a steam-powered difference engine.

    --
    "DRM is like the Ford Pinto: it's a smooth ride, right up the point at which it explodes and ruins your day."-C.Doctorow
  9. Re:gratis but not free by dwmw2 · · Score: 5, Insightful

    I think you've misunderstood the term 'Free Software'. The word 'Free' in Free Software is used to refer to *freedom*, not the cost.

    So with software the situation is actually the other way round to the way you present it. If you are using Free(dom) Software, then you have the source and can do whatever you need with it and you aren't held hostage by someone else's actions. If you're using non-Free Software, *then* you seriously shouldn't complain when it blows up in your face.

    Using non-Free Software (even if it's gratis) often starts out as the 'cheap option' -- not necessarily in terms of cost, but in terms of local knowledge and training and effort. But it often ends up costing more, because of its inherent limitations and because you can't actually *fix* it to meet your requirements, or even get bug-fixes for it without having to replace it wholesale with a new version.

  10. Re:No support from Google by Andy+Smith · · Score: 5, Interesting

    A few months ago I needed to contact Google UK over an unpaid fee for their use of a photograph. Even though they have an office with staff, they have made every effort to be invisible and uncontactable. If you do get hold of the office number, and call it, you are given a myriad of options. If you work your way through each option, they _all_ ultimately tell you to go to the Google web site and send an e-mail. There is no possible way to get put through to a human in any department. Google do not like talking to people.

    ps. To add to your comment about poor support for Android: There are several critical errors in Google's sample code provided to Android developers. The errors have been pointed out, and fixes supplied, by kind-hearted developers who wanted to help others. Yet it is apparently too much effort for Google to update the sample code, meaning that every new developer coming to Android must struggle with the same problems.

  11. I Think the Reason He Was Locked Out Was... by RobotRunAmok · · Score: 5, Funny

    ...he used "fora" as the plural for "forum" and triggered some kind of douchebag filter. These douchebag filters were first created as an experiment by Google in the late '90's to keep out the folks who wrote "boxen" as a plural for "box," but were later taken off-line. I fear that one of the filters may have missed the purge and now it is evolving, learning...

  12. What are you complaining about? by amn108 · · Score: 4, Insightful

    Google does not owe you anything. When will people realize that? You outsource everything to Google, then complain when they lock you out. This is why one should avoid services like Googles, and it will be worse when they will try to convince you you should use some Web 2.0 computer operating system. In fact, this has nothing to do with computers - if you sleep, drink, eat and work at somebody elses property, don't expect to feel like home. It's sort of surprising (or maybe not!) to even encounter such questions on Slashdot - you actually expect everything to work fine, when you are but a mere invisible client to a benemoth that Google has become. If you want to be smart, rent your own domain name and website for 100$ a year, spend a week coding it (obviously if you can do PyChess, you should be able to do some PHP and databases), and tap yourself on your shoulder - you have just achieved independence from Google, and are now part of a distributed Internet model, instead of the ugly, error-prone, monopolized client-server system, where even contacting support is a reason for headache. Now, c'mon - WHAT DID YOU EXPECT? Google has millions of users, they have bold ambitions, but you cannot server the entire planet EFFICIENTLY with one corporation, no matter how large (bureaucracy takes over), you just can't. This was ought to happen, either to you or somebody else, and it will happen again, make no mistake about it.

    1. Re:What are you complaining about? by redhookgroup · · Score: 5, Informative

      For the user in the original article that is true. For lots of Android developers, not so much. We have to pay a fee to become an Android developer, and consequently we would expect at least a basic level of support. I've written 1/2 dozen times to them over both technical issues and financial issues regarding sales. To date - I have never received a single response. Of course some of these questions/concerns are only 1.5 years outstanding so I apparently only have 1.5 more years to wait. ;)