I know whenever this happens, a lot of HN-types like to act smug about how "you should have known to not trust a company with your data, do your own backups"
But for everyone else (skipping over the fact that you could have a little more compassion to someone who lost decades worth of important, sentimental data), running your own backups is way more work than should be necessary compared to the mainstream solutions. Especially since most people will likely not hit this scenario anyway, it's just a lottery of the unlucky.
And honestly why are we just accepting that these organizations sitting on infinitely growing wealth can use it to incentivize us to give us all their data for convenience and otherwise worry-free management of it, and then just lock you out one day based on bad algorithms, and offer next to no customer support to resolve it because they don't want to spend a tiny fraction of their operation budget on a department for that?
I'm not sure how you'd enforce regulation on something like that but if we're gonna let big tech run rampant and collect all this data on the population, it seems like the bare minimum to offer a better experience for stuff like this.
1970-01-01 · 1h ago
>(skipping over the fact that you could have a little more compassion to someone who lost decades worth of important, sentimental data)
Someone who lost *access* to decades worth of important, sentimental data. It is extremely likely that 100.000% of their data still exists in its original form. That one word makes a world of difference for my compassion levels. If it exists, access can be restored. My compassion is for the frustration level toward getting a human at MS, which is a different and weirder problem.
jmull · 3h ago
> smug
It's weird to characterize giving good advice as smug. Damaging too, since you're actively discouraging the dissemination of good advice.
Really, quite a bizarre case of internet shaming.
Vaslo · 2h ago
There’s good advice and there is “being an asshole.” Unfortunately, many HNers don’t read their emails as the recepient does and they sound very preachy and condescending instead of helpful unfortunately(or maybe it’s on purpose.)
Your last sentence is exactly what the OP is talking about.
znpy · 1h ago
I just want to echo the (very good) comment by jmull:
> Well, the previous poster had to invent a quote. And you're the one name calling here. Look in the mirror my friend.
Yeah, look in the mirror.
jmull · 2h ago
Well, the previous poster had to invent a quote. And you're the one name calling here. Look in the mirror my friend.
OptionOfT · 2h ago
Not to mention that companies incessantly push for you to use their services to safeguard your data. Microsoft ENFORCES usage of an online account these days.
They tell you that you need to hand over your money to keep your data safe. The explicitly have things like Vault to keep your special documents even safer!
znpy · 1h ago
> Microsoft ENFORCES usage of an online account these days.
Wait until the EU Commission hears about this.
It's crazy that we need the EU Commission to talk sense into US companies.
layer8 · 3h ago
I agree that what you describe should be done, but until we are there (which likely won't be soon), not trusting big tech and ensuring backup copies of anything important is sound advice.
JohnFen · 54m ago
> And honestly why are we just accepting that these organizations
I suspect that's what people who remind others not to trust these services are thinking, and that's why the reminder. If you rely on these services, you are accepting exactly those bad things. We can equally decide not to accept them by not using the services or, at the very least, by considering them unreliable and acting accordingly (such as not allowing important data to exist solely in them).
atmavatar · 2h ago
> And honestly why are we just accepting that these organizations sitting on infinitely growing wealth can use it to incentivize us to give us all their data for convenience and otherwise worry-free management of it, and then just lock you out one day based on bad algorithms, and offer next to no customer support to resolve it because they don't want to spend a tiny fraction of their operation budget on a department for that?
We aren't. That's why we tell people not to trust a company with their data.
That's like complaining people telling you to avoid a super cheap space heater are elitist and unsympathetic to those with less money, while at the same time decrying that everyone accepts that the manufacturer gets away with selling a space heater that occasionally burns your house down.
aaomidi · 3h ago
I’ve been supportive of a bill that bans, banning accounts. Only allows you to put them in read only mode.
sebstefan · 2h ago
If you're Google and you bust someone for having child porn, you shouldn't have to keep hosting child porn. Maybe a mandated period to download your data when you get locked out and put in read-only. Say they have to give you a month.
And closing off the visibility of your content to others, obviously
dns_snek · 39m ago
What a ridiculous straw man, nobody has argued that Google should be forced to host child porn.
When we sign up, the deal is that they store our data securely and indefinitely as long as we pay for the service. Why should they be allowed to unilaterally break contracts and set deadlines that wipe out our data without a legal due process after paying them for 30 years?
We supposedly live in a democracy where we should have laws that the common person wants, so I'm asking you, why should we be happy with your version of the law?
Why shouldn't we demand a law that prohibits them from wiping our data without a court decision or a signed waiver from the account owner? Failing that, they should be on the hook for compensation of 10 times of the total amount we paid for the service since inception, or $1 million* (for the sake of the argument), whichever is higher.
aaomidi · 2h ago
Honestly, I'm not going to entertain these hypotheticals.
Given that Google has banned an account of a dad for having pictures of his son he was going to share with his doctor under the reasoning of "CSAM" I don't trust Google to be the Judge, Jury, and Executioner.
znpy · 2h ago
> "you should have known to not trust a company with your data, do your own backups"
Hey, yeah, I'm one of those people, and I'm not backing down.
The """cloud""" as solutions of all technical problems ("don't bother with NASes and external drives, just save to the cloud") is mainly dumbing down the average user, and these are the results.
If you don't have your data on (at least) a physical drives in your home, you already lost it.
msgodel · 2h ago
Everything you create should be in git or similar. All this value added crap is an unprofessional hack and should be treated as such.
The lack of compassion comes from those of us who know how to use computers correctly getting tired of being told to take this stuff seriously.
rhabarba · 2h ago
> Everything you create should be in git or similar.
Everything you create should be on a machine you control, preferably in a house different from the one where you created it. Version control is optional (and Git probably overengineered for your one-man projects, but that's a different discussion).
sebstefan · 3h ago
Yes - lots of uninteresting discussion about the importance of having backups.
> This feels not only unethical but potentially illegal, especially in light of consumer protection laws. You can’t just hold someone’s entire digital life hostage with no due process, no warning, and no accountability. If this were a physical storage unit, there’d be rights, procedures, timeframes. Here? Nothing. Just a Kafkaesque black hole of corporate negligence.
^ This is what's worth discussing, not opinions about that guy's backups, or what the cloud is, or that this is known to regularly happen. We're already all tech-adjacent
hedora · 3h ago
Related: passkeys.
hyperman1 · 3h ago
A good backup strategy is still hard. Over the years, it became clear to me that ther are not only technical but also legal failure modes. So 'a virus ate it' or 'the drive died' are not enough. We now also have 'I sent a photo of my kid to the docter and the kiddy porn alert went off' or 'The Google algo says no' or even 'Someone called the police on my neighbour and they just took the whole building to evidence'.
hedora · 3h ago
Also, “the house burnt down” or “the bank sold the contents of my safe deposit box, including the restore key”.
E2E encryption is the only approach I’ll even consider for cloud backup. There’s also the problem where a product manger decides to recompress all your images to save space, or normalize the exif or whatever.
I used to use Amazon Cloud Drive, but then they banned encrypted files, so I moved elsewhere.
erehweb · 3h ago
Number of people saying that you should just make sure you have backups. That's true, but there's still a role for government to play to prevent this sort of thing. We don't let companies sell poisonous food - why do we let them offer digital services that can be arbitrarily frozen?
frogperson · 3h ago
We 100% allow companies to poison our food and water. If there is profit, there is a loophole.
Texas just lifted regulatio s to allow fracking run off into drinking water.
Sammi · 2h ago
You're nit picking a tangential point.
anonzzzies · 3h ago
Agreed, this should not be allowed. Period. But as long as no one does anything, make backups.
IAmBroom · 2h ago
Data is ephemeral. A backup can be ruined in a millisecond. The government can't react fast enough.
Trust but v\e\r\i\f\y\ back up on your own media.
nedt · 1h ago
Yeah Microsoft can be pretty bad with that stuff. When my sons account, which was also what he used for Minecraft, was stolen I even reached out to a real person. Could they help us get the account back? No because they most protect the owner of the account. Which is even more crazy if you think about it because that would be my son and not the thief they gave the account to.
lousken · 2h ago
This belongs to /r/assholedesign
If you force people into bitlocker, at least have a setup wizard at the start that forces them to export the key/print the key, or maybe even ask them if they want their stuff encrypted. For a regular home desktop, it's rarely a need and too much hassle
Secondly, why not offer use something like LUKS does just with a password?
TPM is a horrible way to secure things anyway and you need a PIN for true security.
Data is far more important than society, regulation, individuals give it mind. Doubly so if the data is technically in another jurisdiction. And it's a classic insurance scenario too - redundant storage seems like money thrown in the fire, but after a disaster like OP's, lost data seems invaluable.
Service providers are at the very least part of the problem. For one, they project a lot of confidence for safety, but protect themselves well legally in case of any event - and automate away as much customer interaction as they can.
A nice improvement would be customer service that takes the issues seriously. But, I realize, that is far more complex and expensive than how it sounds.
southernplaces7 · 3h ago
As applies to other major data services providers with shit-useless customer support and arbitrary algorithmic "service" decision-making, DO NOT FUCKING TRUST your data to rest exclusively within anything that they own and control.
Export your email archives, spread your personal files across multiple devices and services, and ideally, keep copies of your files on your own backup HDs or at the very least with one other cloud provider, that also happens to be small enough for you to reach a human if something goes wrong.
At least Microscum can't yet lock one out of their own PC or laptop at this stage. This person trusted too much in their OneDrive service.
To note: looking particularly at people who've let themselves become Google-dependent here, just as much as anyone silly enough to trust 30 years of their work exclusively to fucking Microsoft of all things.
blibble · 3h ago
> At least Microscum can't yet lock one out of their own PC or laptop at this stage.
tell that to the people that received the dreaded Bitlocker unlock screen after a broken windows update
key is... stored in your MS account
southernplaces7 · 2h ago
I... wasn't aware of that particular tidbit, but all the more worrisome. At least it was a genuine error and not part of a deliberate Microshit policy of enforcing the ability to lock one's computer down.
nine_k · 2h ago
BitLocker has rescue codes, or something. I remember using them in such a situation. It was a corporate machine, and I had been instructed to obtain the rescue codes the first thing upon receiving it.
hedora · 3h ago
I have a windows 8 phone that’s up to 30 days between pin guesses.
I probably should give up and recycle it.
southernplaces7 · 2h ago
But can you not remove the PIN screen entirely if you have access?
sidewndr46 · 3h ago
Doesn't BitLocker allow them to do exactly that? Your local files are encrypted by a key they hold
southernplaces7 · 2h ago
To whoever downvoted this perfectly reasonable range of suggestions that anyone sane should apply given what we all know full well about these companies ability to freeze accounts and comically dystopian user "support", Why? Respond constructively, as adults do, if you have some disagreement.
khurs · 3h ago
For anyone non technical, always use your own domain so if your email service locks you out, you can move to another instantly.
"For anyone non technical" and "always use your own domain" sound a bit of opposite things to me
khurs · 3h ago
For anyone non technical, either ask a lllm to explain it to you like you are 5 (eli5), search online for ‘how to add a custom domain to [your email provider]’ or seek assistance.
Importantly, don’t register the domain name (website url) at the same company your email is with.
Simulacra · 3h ago
It takes less than 15 minutes to go to GoDaddy and purchase a domain. I encourage everyone to own their name.
the__alchemist · 3h ago
What do you mean by own their name?
betaby · 3h ago
Rent some characters from a random company for $15/year.
hedora · 3h ago
Also, recursively rent another domain to host the recovery email address.
It’s turtles all the way down.
anileated · 3h ago
> always use your own domain so if your email service locks you out, you can move to another instantly.
What to do if your domain is taken away legally (e.g. via trademark dispute) or due to a random combination of unlucky factors is bought before you can extend it?
Besides what email do you specify when buying domains? Where do you host that email? How do you deal if that email locks you out?
I hope don't say "use me@example.com to register example.com" because that circle seems like a fun thing to solve in a pinch.
layer8 · 3h ago
Domain registrars usually allow a fallback email address, or, at least for the ones I use in my country, allow communication by phone or postal mail to restore access.
As a general rule, using smaller independent providers gives you more resilience and recourse than relying on big tech.
nicksergeant · 3h ago
Many non-technical people don't even know what a domain name is, or what they're used for. Most people think "I go to websites by typing it into Google and clicking the link".
jpl56 · 3h ago
New fear unlocked : account frozen due to sudden peak of activity (which happens logically if you _use_ it).
Cloud as backup #2, a hard drive as backup #1 and another hard drive in another location as backup #3
noworriesnate · 3h ago
I use BeeFiles for all my important files. I can access them anywhere, it’s not a subscription it’s a one time purchase, and it supports backup to external hard drive as well as backup to an online service (subscription based).
Synology really did a good job of building something non technical people could use as an alternative to onedrive etc.
OptionOfT · 2h ago
One issue I have with Synology is that when you film in slow motion (120/240fps) it will upload the 30fps 'flattened' version.
er0k · 1h ago
remember when RMS said "cloud computing is a trap" and we all laughed and laughed...
1970-01-01 · 3h ago
'What if I told you it's just someone else's computer' meme is evergreen.
anonzzzies · 3h ago
I dont know how people are so weird to trust any provider ever. Its nice for a bit and then it rots. You always keep everything on pathetically cheap drives at home. Always. You have to assume you will get screwed even if you pay in the age of AI flagging and 0 protections or recourse. How many stories do we need for this to happen?
theandrewbailey · 5h ago
Sadly, this reminds me of a facetious story I wrote several years back when Google tried to build a neighborhood in Toronto. It follows a Google fanboy that moves in, only to get locked out when something abruptly decides "No, you don't live here anymore."
> But one day, you come back to your apartment. It's locked, and won't accept your authentication method. Since your technocrat landlords despise plain old metal keys for some reason (What are you, a peasant?), they provide one of several alternative methods for you to open doors. (Why can't those cyborgs be more like normal people?) They advise you to never share how or with what you use to login to them. Whatever it is, it's not working. You hope there's not an electrical outage somewhere.
> Because you're living in the future, everything is connected to the internet. Like most everything else, your door has a display mounted into it. A message appears, informing you that since you've violated the terms of service, your account has been terminated. You're locked out from all your stuff! There is a customer service robot downstairs, so you try to get some answers from it. Unsurprisingly, the robot is not helpful, not sympathetic, and it won't listen to an unperson.
r0fl · 3h ago
This would never work in Toronto.
Ontario tenancy laws are so pro-tenant that not even Google could evict a tenant that quickly.
tonyhart7 · 3h ago
"Ontario tenancy laws are so pro-tenant that not even Google could evict a tenant that quickly."
that's good then, I bet the rent price is pro tenant too
BobaFloutist · 37m ago
Wow, that's so relevant! It sure doesn't sound like you have an axe to grind!
FirmwareBurner · 3h ago
Laws being far too pro tenant don't usually result in lower rents for the tenants, but the contrary.
Landlords then prefer to keep their apartments empty instead of risking a bad tenant or have very high bar to entry in order to get an apartment.
Simulacra · 3h ago
Never completely trust the cloud. I will never forget when Mat Honan did this and lost everything, while editor of Wired. Always backup offline as much as in the cloud.
I wish he wrote a follow up on his current security practices.
He said someone socially engineered and took over his Apple account and reset all his devices. He said he had trouble with 1password as it only existed on the wiped device. He had to get a backup from Dropbox which fortunately was accessible on his wife’s machine. I didn’t understand what happened to his Google and Amazon but he had to reset them too.
The only thing I can think of is to have local and cloud backups of your data which is the only thing that matters.
EGreg · 3h ago
I gotta say, this is complicated enough that most people don’t do it, and there is a big business opportunity here.
Resilio Sync (using bittorrent) kinda sucks for backing up to a USB hard drive that’s been connected.
SynThing is what I use. Even so. What I would really want is something that “just works” with multiple encrypted backups around the world, deduplication and chunking.
But for everyone else (skipping over the fact that you could have a little more compassion to someone who lost decades worth of important, sentimental data), running your own backups is way more work than should be necessary compared to the mainstream solutions. Especially since most people will likely not hit this scenario anyway, it's just a lottery of the unlucky.
And honestly why are we just accepting that these organizations sitting on infinitely growing wealth can use it to incentivize us to give us all their data for convenience and otherwise worry-free management of it, and then just lock you out one day based on bad algorithms, and offer next to no customer support to resolve it because they don't want to spend a tiny fraction of their operation budget on a department for that?
I'm not sure how you'd enforce regulation on something like that but if we're gonna let big tech run rampant and collect all this data on the population, it seems like the bare minimum to offer a better experience for stuff like this.
Someone who lost *access* to decades worth of important, sentimental data. It is extremely likely that 100.000% of their data still exists in its original form. That one word makes a world of difference for my compassion levels. If it exists, access can be restored. My compassion is for the frustration level toward getting a human at MS, which is a different and weirder problem.
It's weird to characterize giving good advice as smug. Damaging too, since you're actively discouraging the dissemination of good advice.
Really, quite a bizarre case of internet shaming.
Your last sentence is exactly what the OP is talking about.
> Well, the previous poster had to invent a quote. And you're the one name calling here. Look in the mirror my friend.
Yeah, look in the mirror.
They tell you that you need to hand over your money to keep your data safe. The explicitly have things like Vault to keep your special documents even safer!
Wait until the EU Commission hears about this.
It's crazy that we need the EU Commission to talk sense into US companies.
I suspect that's what people who remind others not to trust these services are thinking, and that's why the reminder. If you rely on these services, you are accepting exactly those bad things. We can equally decide not to accept them by not using the services or, at the very least, by considering them unreliable and acting accordingly (such as not allowing important data to exist solely in them).
We aren't. That's why we tell people not to trust a company with their data.
That's like complaining people telling you to avoid a super cheap space heater are elitist and unsympathetic to those with less money, while at the same time decrying that everyone accepts that the manufacturer gets away with selling a space heater that occasionally burns your house down.
And closing off the visibility of your content to others, obviously
When we sign up, the deal is that they store our data securely and indefinitely as long as we pay for the service. Why should they be allowed to unilaterally break contracts and set deadlines that wipe out our data without a legal due process after paying them for 30 years?
We supposedly live in a democracy where we should have laws that the common person wants, so I'm asking you, why should we be happy with your version of the law?
Why shouldn't we demand a law that prohibits them from wiping our data without a court decision or a signed waiver from the account owner? Failing that, they should be on the hook for compensation of 10 times of the total amount we paid for the service since inception, or $1 million* (for the sake of the argument), whichever is higher.
Given that Google has banned an account of a dad for having pictures of his son he was going to share with his doctor under the reasoning of "CSAM" I don't trust Google to be the Judge, Jury, and Executioner.
Hey, yeah, I'm one of those people, and I'm not backing down.
The """cloud""" as solutions of all technical problems ("don't bother with NASes and external drives, just save to the cloud") is mainly dumbing down the average user, and these are the results.
If you don't have your data on (at least) a physical drives in your home, you already lost it.
The lack of compassion comes from those of us who know how to use computers correctly getting tired of being told to take this stuff seriously.
Everything you create should be on a machine you control, preferably in a house different from the one where you created it. Version control is optional (and Git probably overengineered for your one-man projects, but that's a different discussion).
> This feels not only unethical but potentially illegal, especially in light of consumer protection laws. You can’t just hold someone’s entire digital life hostage with no due process, no warning, and no accountability. If this were a physical storage unit, there’d be rights, procedures, timeframes. Here? Nothing. Just a Kafkaesque black hole of corporate negligence.
^ This is what's worth discussing, not opinions about that guy's backups, or what the cloud is, or that this is known to regularly happen. We're already all tech-adjacent
E2E encryption is the only approach I’ll even consider for cloud backup. There’s also the problem where a product manger decides to recompress all your images to save space, or normalize the exif or whatever.
I used to use Amazon Cloud Drive, but then they banned encrypted files, so I moved elsewhere.
Texas just lifted regulatio s to allow fracking run off into drinking water.
Trust but v\e\r\i\f\y\ back up on your own media.
If you force people into bitlocker, at least have a setup wizard at the start that forces them to export the key/print the key, or maybe even ask them if they want their stuff encrypted. For a regular home desktop, it's rarely a need and too much hassle
Secondly, why not offer use something like LUKS does just with a password?
TPM is a horrible way to secure things anyway and you need a PIN for true security.
Data is far more important than society, regulation, individuals give it mind. Doubly so if the data is technically in another jurisdiction. And it's a classic insurance scenario too - redundant storage seems like money thrown in the fire, but after a disaster like OP's, lost data seems invaluable.
Service providers are at the very least part of the problem. For one, they project a lot of confidence for safety, but protect themselves well legally in case of any event - and automate away as much customer interaction as they can.
A nice improvement would be customer service that takes the issues seriously. But, I realize, that is far more complex and expensive than how it sounds.
Export your email archives, spread your personal files across multiple devices and services, and ideally, keep copies of your files on your own backup HDs or at the very least with one other cloud provider, that also happens to be small enough for you to reach a human if something goes wrong.
At least Microscum can't yet lock one out of their own PC or laptop at this stage. This person trusted too much in their OneDrive service.
To note: looking particularly at people who've let themselves become Google-dependent here, just as much as anyone silly enough to trust 30 years of their work exclusively to fucking Microsoft of all things.
tell that to the people that received the dreaded Bitlocker unlock screen after a broken windows update
key is... stored in your MS account
I probably should give up and recycle it.
And follow the 3-2-1 rule https://www.veeam.com/blog/321-backup-rule.html
Importantly, don’t register the domain name (website url) at the same company your email is with.
It’s turtles all the way down.
What to do if your domain is taken away legally (e.g. via trademark dispute) or due to a random combination of unlucky factors is bought before you can extend it?
Besides what email do you specify when buying domains? Where do you host that email? How do you deal if that email locks you out?
I hope don't say "use me@example.com to register example.com" because that circle seems like a fun thing to solve in a pinch.
As a general rule, using smaller independent providers gives you more resilience and recourse than relying on big tech.
Cloud as backup #2, a hard drive as backup #1 and another hard drive in another location as backup #3
Synology really did a good job of building something non technical people could use as an alternative to onedrive etc.
https://theandrewbailey.com/article/203/Insanity-Locked-Out....
> But one day, you come back to your apartment. It's locked, and won't accept your authentication method. Since your technocrat landlords despise plain old metal keys for some reason (What are you, a peasant?), they provide one of several alternative methods for you to open doors. (Why can't those cyborgs be more like normal people?) They advise you to never share how or with what you use to login to them. Whatever it is, it's not working. You hope there's not an electrical outage somewhere.
> Because you're living in the future, everything is connected to the internet. Like most everything else, your door has a display mounted into it. A message appears, informing you that since you've violated the terms of service, your account has been terminated. You're locked out from all your stuff! There is a customer service robot downstairs, so you try to get some answers from it. Unsurprisingly, the robot is not helpful, not sympathetic, and it won't listen to an unperson.
Ontario tenancy laws are so pro-tenant that not even Google could evict a tenant that quickly.
that's good then, I bet the rent price is pro tenant too
Landlords then prefer to keep their apartments empty instead of risking a bad tenant or have very high bar to entry in order to get an apartment.
https://www.wired.com/2012/08/mat-honan-data-recovery/
He said someone socially engineered and took over his Apple account and reset all his devices. He said he had trouble with 1password as it only existed on the wiped device. He had to get a backup from Dropbox which fortunately was accessible on his wife’s machine. I didn’t understand what happened to his Google and Amazon but he had to reset them too.
The only thing I can think of is to have local and cloud backups of your data which is the only thing that matters.
Resilio Sync (using bittorrent) kinda sucks for backing up to a USB hard drive that’s been connected.
SynThing is what I use. Even so. What I would really want is something that “just works” with multiple encrypted backups around the world, deduplication and chunking.
There’s also BackBlaze.
They don't seem to be super trustworthy, at least not as the single copy of all your data.