Where Do You Go When Google Locks You Out?

Lobais sends in the cautionary tale of a man who was locked out of Google Groups for three years — losing the ability to administer his own open source project in the process. "After about a year of using Google Groups for the PyChess project, I started [noticing] a problem. When I wrote mails to the list, no one would answer. And when I answered other peoples' post[s], they seamed to ignore them and press for new answers. As I tried to check the online group to see what was happening, I got a 403 Forbidden error. After a short while I realized that this error was given for any page on the groups.google.com subdomain. The lockout meant that I was unable to manage the PyChess mailing list. I was unable to fight increasing spam level, and more importantly I couldn't reply to anybody in my community. I wasn't even able to visit the Google help forums, which are all on groups.google.com. As the services are free of charge, I never really expected any support options. ... How can we know how often this kind of thing happens? If any admin can lock you out by a sloppy click, and give you no option to defend yourself, then it is bound to happen once in a while."

Re:"No option to defend yourself"?

[Jah-Wren Ryel]

Why not create another account to let your users know what's going on, and to contact Google support staff?

Why not read the fine article and discover the he did just that and it didn't help?

anyone actually read the article ?

[Anonymous Coward]

looks like none of the above actually read the article, its not asking for help as he has contacted support through the enterprise support option and all has been resolved, he's just saying on the free support it's taken google 3years to fix the issue.

to be fair to google, I wonder how many support calls from non paying customers they must get a day so probably from the work load 3 years is probably quite fast :-)

my only other comment would be, why has this made /. not exactly news worthy.

Re:"No option to defend yourself"?

[somersault]

I have just read it, while he did create another account to let his group know what was going on. It really doesn't sound like he tried very hard to get in touch with Google for proper support, he just waited three years for an answer to fall into his lap.

He at one point complains that all the support pages linked into Groups so he couldn't access them, but he clearly could after creating his second account. The guy just sounds a bit lazy, the way he whines at the idea of moving to a different hosting/forum provider etc

Re:free but not cheap

[CBravo]

Google doesn't respond to its own abuse either. Via their cache they often do requests (to check if the pages still exist?) on our servers. These sometimes trigger our www-burglar-alarm (they actually do something that is not allowed). When you send an abuse mailing you never hear again.

Feedback is not one of their strong sides.

Re:anyone actually read the article ?

[BikeHelmet]

to be fair to google, I wonder how many support calls from non paying customers they must get a day so probably from the work load 3 years is probably quite fast :-)

Oh, I don't know - 20,000? That'd be one every 4 seconds.

No support from Google

[jonfr]

Google has no support for anything. Not Youtube, poor support for Android it seems, and rather poor support for the Google Groups also it seems. I wonder what else is not supported properly at Google.

You have been warned!

Re:free but not cheap

[IamTheRealMike]

Google doesn't respond to its own abuse either. Via their cache they often do requests (to check if the pages still exist?) on our servers. These sometimes trigger our www-burglar-alarm (they actually do something that is not allowed). When you send an abuse mailing you never hear again.

Hello, a Googler here. I'm not sure what your specific issue is, but if you want to prevent the crawler (GoogleBot) from doing things, you need to set up the robots.txt file appropriately. If you still see the bad requests, they are being triggered by some kind of human action and you'd need to figure out what (the headers sent with the request should tell you).

Re:3 years?

[sammyF70]

I take it you never had to ask Google for support? It can take months until anyone answers your mail IF they even bother. And what you will get is generally just a canned answer pointing you to a FAQ you probably already read a few times. Replying to that generally results in a few more month waiting for a completely uncommited "We're looking into it", or worse "Please contact some other part of Google. It's not OUR problem". Google's user support sucks so hard, they should use it to fix the BP oil leak. I had to deal with them as a *paying* customer (Android Developers do pay a fee after all), and it was like talking to badly programmed chatbots running on a steam-powered difference engine.

Re:Appeals process

[IamTheRealMike]

or at least give an answer as to how customers broke the Terms of Use so that they can correct such behavior in the future.

Unfortunately there's no way to explain what triggered an abuse check to good users without also explaining it to spammers, and obviously that would reduce the anti-abuse systems effectiveness very quickly.

So, full disclosure, I work on abuse at Google. False positives are obviously a problem and we try to minimize them. When they do occur, there's usually a way to appeal it, either automatically by using SMS/phone verification or by writing into support and getting a manual review (contrary to what you might read we do have free support for our products and large numbers of people use it every day). It sounds like in this case Groups did not provide an appeal path, or at least didn't do so three years ago. I'll check to see if this is still the case.

Finding a way to improve the appeals process without letting through large amounts of spammers is a tricky problem and we know we could do a better job of it today. Throwing up a call center isn't quite as trivial as it sounds for a bunch of reasons.

Re:free but not cheap

[Troed]

If I'm allowed to select a security question myself it's a random combination of characters.

The answer to all security questions on all services I'm signed up for is a random combination of characters.

Reason: It's the weakest link in a security system and should never be used, ever.

(I use LastPass to make sure I don't need to remember passwords - and before someone answers that I've just given my passwords to a service, no, I haven't. Study their architecture)

Re:free but not cheap

[CBravo]

The robots.txt file is ignored if the final target is not in the domain.

Thanks for the header-reminder.

Re:What are you complaining about?

[redhookgroup]

For the user in the original article that is true. For lots of Android developers, not so much. We have to pay a fee to become an Android developer, and consequently we would expect at least a basic level of support. I've written 1/2 dozen times to them over both technical issues and financial issues regarding sales. To date - I have never received a single response. Of course some of these questions/concerns are only 1.5 years outstanding so I apparently only have 1.5 more years to wait. ;)

Re:free but not cheap

[CBravo]

the link is fake and was never created by our cms.

Re:free but not cheap

[scdeimos]

the link is fake and was never created by our cms.

Are you logging http-referer (typo as per the RFC) headers? You might find that the fictitious link is coming from someone else's page and Goog's just following it.

Re:Appeals process

[IamTheRealMike]

Sure, we'd like to do that. I was discussing it with management quite recently actually. There are a bunch of tricky issues specific to the case of dealing with abuse disables that we still need to think through fully and figure out good answers for, but I won't be surprised to see something like this happen in the longer term.

Re:Appeals process

[IamTheRealMike]

Yeah, we do that for most products. Totally agreed that Groups should provide/have provided a more helpful error than a 403 Forbidden.

Re:Usenet

[panda]

Usenet died in September 1993. In fact, on Usenet it is always September 1993.

Re:free but not cheap

[Kjella]

The robots.txt file is ignored if the final target is not in the domain. Thanks for the header-reminder.

Time for a dummy redirect inside your site first? Disallow that directory in robots.txt and robots should stop following before they get redirected to the final site.

Re:I have a similar problem with gmail

[RJFerret]

On my gmail account, I get e-mail sent to another gmail account that is similar to my account name but 3 letters longer. Whenever I send mail to that account, it goes directly to me.

This might not apply, just a shot in the dark, but the "3 letters longer" doesn't begin with + does it?

You can put "+whatever" after your gmail account name and the account will receive it. This feature permits tracking the source of spam and filtering out emails you don't wish to receive. (IE, "me+sd@gmail" arrives at "me@gmail")

Apparently you can also include periods anywhere in an email address and they are stripped out and delivered to the account. So "me@gmail" and "m.e@gmail" both go to the former.

If this is the case, the simplest solution is to filter those messages to trash.

Re:free but not cheap

[Anonymous Coward]

have you searched in google for

link:www.yoursite.com/whatevertheurlis

To get a list of pages google perceives as linking to it?

Re:No support from Google

[Lehk228]

There are several critical errors in Google's sample code provided to Android developers. The errors have been pointed out, and fixes supplied, by kind-hearted developers who wanted to help others. Yet it is apparently too much effort for Google to update the sample code, meaning that every new developer coming to Android must struggle with the same problems.

[citation needed]

Re:free but not cheap

[Piranhaa]

He already has stated it was from a Google IP address.

Re:free but not cheap

[CBravo]

No we don't get a spew of messages. Google is the only one. FWIW: I wanted to know the origin of the link they requested and they did not bother to reply.

It is not one of my worries: I mentioned Googles response policy and this is an example.

Re:free but not cheap

[Chyeld]

On every single CMS I've seen that uses that setup, the edit link is publicly listed in the article or article list. As others have stated, setup your robots.txt properly. That isn't Google's problem.

Re:free but not cheap

[Johann Lau]

In the Netherlands you can view http://example.com/command=view&id=12345 [example.com] but you are not allowed to change that to http://example.com/command=edit&userid=5&id=12345 [example.com]

And what makes you so sure Google did not just followed a link? put differently, how do you know it's the fault of google and not the CMS/webmaster? are you sure it wasn't a rogue spider simply giving a Googlebot UA string, that is, did you check the ip addresses. etc... ?

Also, going to that page and being greeted with a "you need to be logged in to do that" message is not the same as trying to log in. not by any stretch of the imagination.

If your CMS doesn't check credentials AND you're not excluding bots from these URLs via robots.txt, you have a huge problem - but Google is not it ;)

Did I mention the link was not found in Google itself?

Not every link that is spidered shows up instanlty (or ever) in search results, so that doesn't really mean anything.

Re:I Think the Reason He Was Locked Out Was...

[Anonymous Coward]

Except 'fora' is the correct latin pluralization for this noun case.