Inactive Google Account Policy
support.google.comI don't work for google. I use Google, I have multiple Gmail as well as hosted by Google workspace domains.
Overall I think this is reasonable. I can't see why people are upset, when the general burden to make it "live" is low.
There are specific corner case problems: people who cannot login for various reasons, can't get Google humans to help, and who get mail forwarded so are limping along. And, there are a surprisingly high number of people who seem to trip up over account recovery. If I had one criticism of google here, it's that they're judge, jury and executioner. There's no appeal mechanism for ordinary mortal. It's capricious, sometimes squeaky wheels get oiled, sometimes not.
I pay for google 1 and I takeout periodically.
Don't depend on "free" for critical functions.
>Don't depend on "free" for critical functions.
All the cards are stacked against the users though. It's not that easy for a non-tech person to use any sort of email/photo library etc that isn't free from Google/Apple etc.
Even self hosting email is impossible now. You won't be able to send emails because nothing trusts you.
If Google intentionally incentivized everyone to move their entire digital lives into their platform for profit, they should have some sort of responsibility for that. There have absolutely been significant impact to people's lives because they've gotten locked out of their account for reasons that even Google can't explain, and there is no recourse or action they can take.
> for reasons that even Google can't explain, and there is no recourse or action they can take.
It's even worse. When it was publicized that Google wrongfully flagged multiple accounts and tipped the police for child porn, they refused to reinstate those accounts. Instead, they chose to retaliate by further defaming the account owners on the record. That was after the police cleared their names and they haven't made a single apology to this day.
This is my judge/jury/executioner thing. Objectively only google decides what Google does with our data, and only google decides if they are right or wrong. "We can't be sure we're wrong" is their getout clause in the court of public opinion regarding CSAM.
Another line of reasoning i see frequently is "you don't know all the material facts" which is of course also almost always true. So the original complainant may have multiple things going on, may have been abusive, using facilities otherwise for commercial gain against T&C, had innocuous but IPR abusing files, you name it. None of this would ordinarily trigger lockout. Google just avoid having to say sorry and re-enable by handwaving "other reasons" statements.
> Even self hosting email is impossible now. You won't be able to send emails because nothing trusts you.
That's not been my experience - I've successfully self-hosted email for nearly a decade now.
Really nice guide here: https://thomas-leister.de/en/mailserver-debian-stretch/
There are people who have experienced problems.
https://cfenollosa.com/blog/after-self-hosting-my-email-for-...
Of course there are; I'm assuming the GP has too. All I'm saying is that I've personally had no trouble, thus disproving the assertion that it's impossible to self-host. I don't know what I've done differently - perhaps I'm lucky with the IP range that I'm in?
IP range is definitely a problem. I manage to get blacklisted a couple times per year by Hotmail, who still only support IPv4, despite SNDS always saying everything is fine. They don’t seem to care that blocking a whole IPv4 netrange of a reputable VPS provider because some other customer was sending junk mail will cause collateral damage.
IP/domain reputation is also probably an issue; I’ve been using the same IP address and domain names for over a decade so services like Talos are reasonably satisfied I’m harmless. If someone sets up a server and it has never sent mail for their domain before—or, worse, they get a radioactive IP address—it may be hard to become accepted by other email providers.
I get the sense that the relative lack of trouble I have maintaining a mail server is more to do with being effectively grandfathered in and worry that if I ever have to shift away from my current provider that email sending is going to become a lot harder since I won’t have my IP reputation any more.
It's possible to self host.
It's impossible to self host with the guarantee most emails sent from that host won't be outright rejected or flagged as spams by centralised mail services.
Same here, been self hosting on a managed VPS for about a decade for my business, there's very little maintenance, our deliverability is excellent.
Not that there are zero issues, in particular if you set up a brand new mail server with zero reputation, it can take a while to get yourself out of the hole.
I think for normal people though it makes a lot more sense to just pay for email. I'm not sympathetic at all to someone who complains about the quality of service of free Gmail. You are the product, so for the ten millionth time, it's going to suck for you somehow. Fastmail costs 3 bucks a month, if you have 3 bucks, go buy it, it's better (or buy one of their many decent competitors).
Ive been selfhosting email for past 3 years now.
Got a second parallel email server last year.
Mailinabox. A cheap vps.
I had trouble one time when I stupidly used my email as credentials for local testing SMTP server, I was banned for like a day. Had to send an appeal to spamhaus or something.
Other than that, it has been pretty smooth sailing.
I think we're in the fine grained differences between "should" and "must"
I definitely think they should have better account recovery process, if need be for $, prove identity and get your data as takeout if they want to decline service but I would be amazed if any part of the current agreement we make with them could be said to obligate it.
As a defacto monopoly I do tend to think they should be made to have some process. Which jurisdiction?
singing up for email isn't difficult. neither is paying for a place to store your photos. Google is just that much easier so anything require beyond that is now all of a sudden too difficult for the average user. that's on you and your own inherent laziness to take the easy way out.
Some people have mental or physical chronic illnesses that make these things legitimate barriers.
"Don't depend on "free" for critical functions."
Yet that is exactly what so-called "tech" companies enable, and arguably encourage, millions of people to do. They certainly do not discourage people from using their websites and apps, for any purpose, from what I have seen. That would make no sense. Imagine Google showing a warning along the lines of "Do not use Gmail for important purposes." Instead the message might be "Here is something to enhance security". These companies have conflicts of interest vis-a-vis computer users. It's like an opioids company tasked with preventing addiction. The best they can do is promote treatment of addiction. This is a poor analogy because selling drugs is regulated. Handing out free email accounts, in order to conduct commercial surveillance, is not.
> Google also reserves the right to delete data in a product if you are inactive in that product for at least two years.
This part is unreasonable no? I sometimes don't use a product for a while, like google drive for instance, and the prospect of coming back to it and discovering that all my data has been deleted is a bit on the dreadful side. I don't want to have to keep track of which product Ive been using and how long since I last signed into all the time.
Are you finding the "delete data" part unreasonable, or the "two years" part? If it's the duration, I am curious what time limit you might find reasonable.
If it's the "delete data" part, I can see why a company might not serve a piece of data in perpetuity when an user appear to have abandoned it, unless we want the company to assume ownership of that data.
I think, it's the "can't keep all alive by using one sub product" part. If I use e.g. email, my drive should be fine. From this, it's not even clear if adding and removing content to drive via email would maintain drive for "activity"
My reading of https://support.google.com/accounts/answer/12418290 is that any activity on the account that required login counts as activity, independent of which sub-product is being used. Although it would help if they could clarify.
I think the product is the bad part. Should be if an account is inactive then they can delete data not if a product hasn’t been used. If you use gmail, your gdrive shouldn’t empty even if it has been 2+ years since you used the drive.
If you care about having your data stored permanently, I think it is fair to say you should pay for it (eg: Google One subscription) or buy something on the Google Play Store as listed under the inactivity exceptions policy.
If you expect to get something served to you for free forever, Google has a bridge to sell you.
We already pay with our data. None of these services are free and you know it.
Consider, with how much data Google has, that they don't care about having your data, especially if it's clearly been untouched for years.
Though either way, my point stands: If you value Google storing your data, pay for it. If you don't, that implies you don't actually care about your data because you refused to place any explicit value on it.
No, my point stands. We already paid, and continue to pay, Google. Google is wanting to double dip.
Yes. I think it's pretty Awful. "Reserves the right" isn't "will" but it becomes clear it could be "at will"
> Don't depend on "free" for critical functions.
It's not free at all, Google uses every bit of data you reveal to them to power their ad business. It's a form of payment even if we don't talk about it this way.
This line of thinking also reveals an explanation for this new "Inactive Account" policy. Google doesn't care to keep old data — one needs to either feed them new signals they can sell / use to train their AIs or else... your account gets deleted.
It’s fair to delete data. It’s not fair to delete the account.
People have email addresses linked up to all kinds of other accounts. Sometimes my only way into an old non-Google account is a gmail address I made a long time ago. Often there is no way to change the email address linked to an account.
Wish you could check your inactivity status more closely than their suggested "if you're not sure, just sign in to the Google account". I have a couple Google accounts that are just pulling email to a separate mailbox and who knows if that's active or not. Maybe I'll have to buy something on one of those accounts just to get it exempt?
Also reading this closely there's separate timers per product? This is worse than making sure my domains aren't going to expire...
Exactly. You can buy a $1.99 movie on your Google account and that stops expiry indefinitely.
As much as I hate to feed the machine, having a financial transaction on the record definitely feels like the most approachable way to stay flagged as active.
Solid suggestion. Of course, capricious Google could always change their mind tomorrow, but it is something actionable.
> I have a couple Google accounts that are just pulling email to a separate mailbox and who knows if that's active or not.
Probably not. I think the point is to ensure there's human interaction. Don't expect any automated activity to affect the timer.
I didn't realize that. So if I have Mozilla Thunderbird running on a computer fetching emails from an account, it isn't good enough?
> Reading or sending an email
I would need to actually mark incoming emails as read?
I mean, this is just my guess; I could be wrong. But the vibe I get is that you basically have to do something non-trivial via the web (log in, create something, delete something, whatever) to show that a human is paying attention to the account and not just an automated system. Don't rely on automated means like IMAP, regardless of what actions you're performing with those.
I assume it’s tied to logging in or using the account while logged in. Email is a separate system, it’s possible they linked up the email system to the accounts system, but the easiest way to implement this would just be to update a timestamp every time someone logs in or makes an authenticated browser request.
Welp, back to Firefox containers it is then.
For those who don't know, you can have multiple Google sessions in different Firefox containers in a single Firefox profile/window.
This is an official Firefox adding as far as I know. It works with Firefox sync for me (not enabled by default).
https://addons.mozilla.org/en-US/firefox/addon/multi-account...
> but the easiest way to implement this would just be to update a timestamp every time someone logs in
You don't have to speculate here. They clearly say "Activity might include these actions you take when you sign in or while you’re signed: Reading or sending an email, Using Google Search, etc."
So it's not just "did they log in".
> Probably not.
100% not. I have a bunch of Google Accounts (not even with a Gmail inbox attached) that just forward on email alerts from Google Ads, etc. And have been getting these update emails since July 14th.
> Exceptions to this policy:
> Your Google Account contains a gift card with a monetary balance.
So, all I need to do to keep a Google Account active indefinitely is just link an unspent $10 gift card to the account? Sweet!
This could be an effect of California law that doesn't allow businesses to expire gift certificates. They have to honor it as long as they're still in business.
Why would you do that though? You can always open new accounts for free, than "pay" $10 for one..
The whole ruse is because people store so much data with Google and dont want to bother with backing it up/cant back it up easily (i dont know, i never used G that much)
Plus, email is your everything now. Its your login, its your invoice book.
> Before this happens, Google will give you an opportunity to take an action in your account by:
> Sending email notifications to your Google Account
> Sending notifications to your recovery email, if any exists
Further up it says that reading an email counts as being active.
So if you have IMAP access does that count when you simply read that email?!
I have gmail accounts with IMAP that haven’t logged into the web interface in years. I can’t be the only one in this boat. This is very ambiguous and troubling.
If you read your Google account's emails, you had to log in (POP3 and IMAP both require authentication). If you logged in, that means the account is active. Sounds simple enough to me.
I think this is the end of my Gmail account, which has been locked for some time due to suspicious activity. All it does is forward email, but no more.
I forward multiple gmail accounts to a single account and use the "Send mail as" feature to also send mail from those other accounts. Will either of those actions trigger the "Reading or sending an email" activity that Google referred to?
I think of likely reasons this happens is username exhaustion. >100 million people are born every year, it won’t take centuries for us to fill up every namespaces with dead accounts.
Before that inevitably happens, there will probably be a point we all have to switch over to identification not by user selected username but random alphanumeric ID string, with display names only for search, free from uniqueness requirements and somehow impersonation resistant. A lot of social media actually uses such ID in the backend/for internal uses(variable length primary key!? Of course not!), maybe it’s time frontend experiences think about that, too.
> I think of likely reasons this happens is username exhaustion
I think Google never recycles usernames due to security reasons:
https://support.google.com/mail/thread/48938290
https://twitter.com/Google/status/974054535974006784
Maybe you are suggesting that this policy is about to change?
I have a Gmail account [1] and I regularly get email for other people who share my name (at least three others). I find it amazing they think that's their email address (or other people think that they'll reach the right person by just <firstname><lastname>@gmail.com).
[1] Not my primary account but I got it to give Gmail a try when it was first opened to the public. I personally found it 'meh' but kept the account for testing purposes with my own email server.
I was very happy to get the non-numbered version of my very common name back when gmail was new and invite-only.
It has turned out to be a monkey's paw wish, though. I get medical records, legal filings, private and personal correspondence, bills, everything. Trying to contact anyone involved to let them know that I'm not the me they think I am barely works. It's both maddening, and bizarre to me that so many people don't know their own email address, for genuinely important stuff.
Same here, I have access to so much private data from homonyms.
My username on Google is same as here, and I occasionally get emails for a Barbara with my last name who apparently mistyped her email when buying a car a few years ago.
> I think of likely reasons this happens is username exhaustion.
I disagree, there is a solution out there, it's just more work because the client-software has to be smarter. We can take inspiration from how our meat-space society functions, where everybody maintains their own contextual aliases as metadata, something that can be personalized or shared.
For example, imagine we have a big global commenting site, and my own metadata says "Terr_ believes ID 49985189215 is Bob Smith."
When I ask the software to contact "Bob Smith", it knows who I mean from that mapping. When I publish something for other people to see and add a special reference to Bob Smith, it contains "{49985189215 which author knows as "Bob Smith}". People who already know 49985189215 as "Bobby Smith" would see that pop up on their screen instead, and the rare few which have a conflicting "Bob Smith" would see it rendered differently, making it obvious I don't mean their Bob Smith.
It gets more complex though when you consider the same user with multiple contexts: "I'll call Bob" at home might easily be a totally different person than "I'll call Bob" in the workplace.
Yeah exactly my thinking. The user 499…215 is going to have some his own identity, but is also socially defined in contexts of friends or social bubble system like Google+ Circles/Discord Server/Mastodon Instance. That has to become the default over coming decade, perhaps half a decade.
Or they could just create a second email domain every 30 years, if that’s even a problem in the first place.
Here is my ICQ number and I promise it is better than MSN
haha that is funny thay solution was already there but wasnt that modelled on the idea of everyone having a phonenumber ?
at some point you have to with enough mass..
Now if only I could get the data out of my account. I've spent far too long arguing with people at Google, but I can't get into my account because I lost the phone number attached to it, even though I have the password, and a recovery email address and all the mail from my Gmail gets forwarded to that address as it comes in.
They say I have no right to my data since I can't log into the account, but I don't think the law works that way. I have a right to my data, they are entitled to give it to me if I can prove I am who I say I am, which I can.
I had a scenario where the reset flow to my account wasn’t working - it would send the code, but the code would not work.
Google had no ability to speak to a human, and don’t care about me or you in the slightest.
There is officially no way to speak to a human. I'm in the same reset flow trap.
I wanted to get my data out, and there are various laws in various jurisdictions that require this ability. Because of this Google was forced to provide tech support via phone to help you get your data out. Believe me, I've spent a lot of time arguing with those folks. They do have access to some sort of internal email/phone directory though with lots of interesting contacts they are willing to give you to get you off the phone, but I've not had success yet with any of them.
For what it’s worth, i obtained the number associated with the account by requesting it from a phone provider (it was decommissioned/unused)
Imagine all the normal people who can not run their own mail server and do not have the paranoia or the time to set up 3 of everything and never miss the periodic chores to keep them all alive just to guard against one of them being cancelled.
You certainly don't want anything important like your retirement account to rely on something transient like your isp email, or even a paid email from some smaller company that you might forget to pay on time one year, or they just decide they don't like you for not even necessarily anything you did.
So you use gmail or hotmail etc, not because they are free, because they arre presumed to outlive everything else, and be safer because of that. And that much is completely true and not a mistake.
There are a few really bad things on a collision course here that hasn't been properly dealt with at a society/regulation level yet:
* gmail, and email in general, is not an inconsequential thing like a Spotify account, or like email when it was new and nothing important in life depended on it yet. Life-critical things depend on it now. There are many things now where your email is the ultimate way a service provider knows you. There is no office you can go to to clear up any kind of account error as an ultimate option.
* Yet, providers are allowed to TREAT it as a trivial inconsequintial thing.
* google absolutely is responsible for actively drawing people to use gmail and become dependant on gmail and other google services. It isn't good enough to say they don't make anyone, they do actively pursue it. Same goes for others not just google.
* too many consequential things are allowed accept mere email and login credentials as the only form of proof of identity without an equivalent for the ultimate option you always used to have for any possible thing: "Go down town to the credit union office and present myself and my drivers license and my birth certificate, or 20 other people from the community who all simply say "yeah that's her, I'm even the doctor who delivered her, and she's even your own siter in law so you know she was married to the house owner, so give her her house deed even though the husband died in the war last year and the town clerks office burned down and no one can produce the piece of paper now"
I don't know what I would do if betterment.com decided not to honor my login or I couldn't repond via either of the two email addresses on file. It's 2 different addresses from two different providers, but even 2 is still only 2. If one can break, two can break. So much of my life's resources all hinging on something so flimsy. This is not robust. Now multiply that by x billion other people, most of whom are not aware how fragile their access to these important things is, and how little they can do about it if they are unlucky and have a problem.
> So you use gmail or hotmail etc, not because they are free, because they arre presumed to outlive everything else, and be safer because of that. And that much is completely true and not a mistake.
I would absolutely not consider a free account on anything to outlive a paid product. Quite the opposite: If I'm not paying for any kind of SLA, written in an agreement, I assume the account in question is temporary, could disappear at any moment, and treat it as such: Never rely on it for anything where you'd be screwed if you suddenly got locked out.
There have been so many, many, many, many of these "I got locked out of my free Xyz account with no appeal possible!!" stories, I'm shocked that people still rely on them. And if you say, well, you shouldn't have put your 401(k) retirement account behind that E-mail address, they call you victim blaming. People, your free account is worth what you pay for it.
Given that G states that "doing a search" is considered to be "activity" it shouldn't be too hard to rig up an automated account shaker which at large but not too large intervals - something between 16 and 22 months - logs in on some headless browser, searches Google for a random thing and logs out again.
> logs in on some headless browser
What if the account is secured by 2FA? Are you advocating to disable 2FA for the sake of your automated continuity of the account?
You can automate 2FA too.
Why
Two years it too short.
The reason I now use gmail and not hotmail is because Microsoft did a similar thing 20 years ago. When I lost my hotmail account, I thought I might as well use gmail from now on. Reason I didn't log into my hotmail account was because I used the mail address I got from the university.
The listed exceptions in short mean that any account which has conducted monetary transactions on Google Play are exempted from inactivity. Sounds simple, fair, and easy to me.
Just buy a book, movie, game, or a subscription of some sort and it won't go inactive ever.
How does this affect old YouTube videos (and possibly other historical public content)? (obviously, save everything you love while you still can in case things get removed or difficult to archive due to attestation/DRM)
This is totally fair, since the service isn't paid with money.
I can't help but feel that they're slowly turning into a Yahoo though, given this policy and their now terrible search results.
Back then, maybe two decades back, Google was seen as evil as it declined to acknowledge that it will delete user data after the user has closed its account.
Time changes.
No one said anything about Google absolutely deleting data. They specifically state, "reserves the right to delete an inactive Google Account and its activity and data" ... and further below "and all of its content and data may be deleted"
Call me suspicious, but reserves the right and may be deleted to me says that they may not actually have plans of deleting the account data outright. Maybe they just can't even guarantee being able to completely wipe all the associated account data. I think they could have the external appearance of having deleted the account with no real internal change.
Oh and here's a question. If they delete an account, and then someone goes in and registers the same name, then what? Talk about an opportunity for further account hijacking (for example, password recovery from old logins). To prevent this, presumably they would still at least maintain a record that the account previously existed and cannot be registered again.
Didn't they say they weren't going to allow email address reuse?
Found it > After a Google Account is deleted, the Gmail address for the deleted account cannot be used again when creating a new Google Account.
In an email they sent
Thanks for the find. That's at least good news and good to know.
This isn't new and there are numerous posts about this and discussions.