The ramblings of a giant squid…
squid

Google thinks deleting is suspicious.

Friends-Romans-Countrymen, Rules, Security, Technology

Sunday night I was up late.  I wasn’t sleeping and decided to log into GMail to do some clean-up.  This is a regular task for me – I go in, empty the bin, delete old mails, sort the inbox into categories, etc.  I’ve been doing this for years, usually from the same computer at home which has had the same IP address for at least a year.

So imagine my surprise when I got notified by Google that this deleting was considered “suspicious activity” and they suspended my account!  This leaves me without access to my primary email account to which a huge number of my subscriptions send mail, plus my calendar, my YouTube account, and my Google Play account for my two Android devices.

“No worries!” think I, “I have two-factor authentication enabled, I just need to sign in again!”.  Nope.  User name, password, and no offer of the two-factor prompt.  Just a snotty “you are suspended” notification.

They sent a notice to my “backup” email – a feature everyone apparently REALLY should engage, to let me know about the suspension and how to fix it.  I dutifully followed their instructions until I got to the part about two-factor authentication.  Here it asks if I have lost access to my second factor, which I have not.  If I select “other problem” it sends me to a help file with no way back. To get past this question, I have to lie and say I lost my second factor.

Here’s the thing.  Deleting email may well be suspicious in some, perhaps many situations… However, since I was doing it from a machine that has logged in to that account, quite literally, hundreds if not thousands of times, one might think that it isn’t so suspicious.  Of course, it chaps Google’s corporate arse when you delete things because it reduces their ability to target advertising.  I believe this is truly the root of the matter… it bugs Google when you delete stuff and as a result, I must be punished.

Furthermore, in my account, I had about 4000 emails, give or take, plus whatever was in spam and the bin.  I emptied the bin and spam and also deleted maybe 100 more old mailing list mails and unneeded other stuff.  100 out of 4000 hardly constitutes a mass deletion.  So realistically, it was hardly a suspicious mega-delete.  If I deleted 2500 mails, I could see a flag going up.  Nothing should ever happen for emptying spam or the bin.

Still further, since I have two-factor enabled, why could it not just log me out and force me to reauthenticate.  THAT IS THE ENTIRE POINT OF TWO FACTOR AUTHENTICATION.  The second factor is considered a strong mechanism to validate that you are who you claim to be.  Instead Google locks me and all my applications out.  Worse, their own account recovery process has no way of accounting for unfair, unreasonable, and inappropriate lockouts for users of two-factor authentication and forces them to lie about it to recover the account.  In effect, use of two-factor authentication with Google appears to make things LESS secure since you can’t use it to recover and they don’t actually use it to authenticate you.

Finally, this is probably costing me money as they drag their heels fixing the problem due to some work-related mail that I exchange there.  Yes, I know it’s a free service, so I can’t expect them to jump to a height of my choosing.  I can, however, expect the service to function as advertised and not to unreasonably abuse its users.  We do, after all, provide them with their advertising fodder.

Related Posts

1 Comment

Comments are closed

Search the Squidzone

The Happy Squid Store

Squid Tweets