I am not given any other options than to Contact Support about it, which I did yesterday and got an answer today that tells me nothing more than the very few that I know:
> Microsoft disabled access to the account due to a serious violation of the Microsoft Services Agreement https://www.microsoft.com/en-us/servicesagreement. As stated in the Microsoft Services Agreement, you will no longer be able to access any Services that require Microsoft account. For any subscriptions associated with the account, Microsoft will immediately cease charging the credit card on file for recurring charges. [...] Pursuant to our terms, we cannot reactivate your account, nor provide details as to why it was closed. This represents Microsoft’s final communication regarding this account.
I hope that I am not violating any other terms by sharing these messages. I do it out of frustration to know what exactly I might have done to deserve this, something more detailed than "you have violated our Terms as you eat your dinner", because without knowing which action of mine caused this, I either;
a) Will be unable to understand my mistake and not repeat it,
b) Will fear out of doing nearly everything and refrain from them, such as using a VPN on Amazon's AWS at Ohio, which I am sincerely suspicious of.
Microsoft's own way of justice is against the legal systems in all the modern countries, which always makes sure that the accused knows their faults, as one of their rights, and for the benefit of the accused not getting involved in such acts for a second time, for that they this time will know.
This is why I don't put anything that I care about on a service or system I don't control. If I want to host videos I care about staying online, they live on a VM configured for a pretty common LAMP stack which exists on a hypervisor that I own and control down to the bare metal and the contract for the colo rack space and 208VAC power.
Using this example, that same 1RU system has a connection to an ISP that I know and trust. It's not going to go offline unless I were to do something so terribly abusive (in terms of network abuse) or illegal that it would cause them to admin down the 1000BaseT port facing it. Or it could theoretically go offline if I used it for illegal outbound network activity and somebody from the local FBI field office showed up with a warrant to take it (again highly unlikely, because I don't do that shit). Those are just about the only circumstances in which a third party could bring it offline.
This sounds like a challenge. Does the winner get a bottle of scotch?
It is a mistake to think that consequences that come with other businesses or the government believing you are doing something illegal can only occur if you actually do something illegal. (It's also a mistake to think that the government could o my seize your computer if it thought you did something illegal with it; though if they didn't but thought it had relevant evidence they might ask nicely before getting a warrant, rather than jumping straight to compulsory process. But that's politeness, not a legal mandate.)
Second strike: Mon, Jul 9, 2018 at 10:36 PM
Third strike: Mon, Jul 9, 2018 at 11:31 PM
The last / third strike came with a "Your YouTube account has been terminated" and any attempts to login or view any of my videos gives a page missing and the Google account associated with it doesn't even appear in any of my menus.
I don't really care that much it was a dumb joke channel I made to poke fun at how often profanity is used in rap music. The part I find pretty perplexing is that I _removed_ the profanity from the music and the channel was flagged for offensive content.
If the answer is “yes” you should take corrective action right away and make that answer “no.” Or at least minimize the number of accounts for which the answer is “yes”.
The reality is that this could happen to anyone, for any or no reason. Don’t pin your life to an online account you have no real right to.
For the apps, couldn't you create a new account (sure you'd have to buy the apps again) and be back up and running?
I have all my photos on iCloud. But they are also in the Photos library with full resolution on my computer. If apples locks my account, I don’t lose my photos.
Same thing with Dropbox. Synced but still available on my computer.
Same with Gmail. Synced with Mail on Mac. Downloaded regularly.
I simply try to make sure my data is always on my computer and migratable. Not the application itself.
a) buying my own domain
b) ensuring that the authoritative ns1/ns2/ns3 records for that domain are hosted at a diverse set of geographically diverse nameservers, for example an ns1 that you run and then using route53 and another non-route53-service for authoritative slaves.
c) setting the MX records for it to either a mail server that you run, or a third party mail server. This is sort of a compromise approach. You can use office365 or google if you don't want to fully host your own mail. You say you don't want to deal with the hassle of mail deliverability, so use either of those and let them handle the spam filtering, SPF and DKIM. Mail that's hosted by office365 is trusted by just about everything out there, in terms of not having other peoples' SMTP daemons reject or blackhole your mail. If either of those cuts you off for some arbitrary reason in the future, you at least have the ability to change the MX records to another service as you see fit.
Edit: A Plex server is a really easy way to back up photos from multiple devices as it syncs and you can control that entirely in house.
The more I see things like this happening, the less I want to entrust anything important to MS, Google, Amazon, etc.
- "Install Microsoft Authenticator to log in with your phone"
- "Sign up for OneDrive to protect against ransomware attacks"
- "Do more with Microsoft Edge!" (this one shows up when you change your default browser)
I prefer my operating system to not upsell me.
But I still ended up needing a Microsoft account for the download. I was surprised to find I already had one (for the email I was using) , but I did and I was able to use it to download/install/validate the software.
Only later did I realize it was an account I created for my son to play Minecraft... hopefully he doesn't manage to get me banned from the Microsoft ecosystem.
I didn't even know a Microsoft account was an option when I set up my desktop :)
E.g. my email, calendar and contacts are at FastMail with my own domain, cloud storage is at Dropbox but looking to migrate to pCloud (after their recent fiasco). For notes I use Evernote, but investigating Standard Notes. I also don’t buy DRM-ed books or other products, e.g. I buy DRM-free audio books from Downpour. I have a Spotify account but I regularly buy the music I like. I have an iPhone but I’ll be damned if I’ll let Apple dictate my web browser therefore I use Firefox and apps that play along with it.
My Google and Microsoft accounts are basically unused. I use Docs at times but I regularly back them up automatically. I don’t even use Google’s Search anymore. I have some apps purchased for Android but I stopped using Android for now. If they block me for anything, I couldn’t care less.
These companies that have products in multiple markets are after lock-in of their users by any means necessary. Don’t fall into that trap. The alternatives cost more, but your freedom and privacy are worth it.
I am a (former) Evernote employee. Before I joined I didn't use Evernote. After I left I started using Evernote extensively (Hard to use the app when you are constantly messing up your test account doing dev work :-) )
From my experience there I know that:
1) the people there really care about the customers. If there is any sort of problem, the customer support will really go to bat for the customer. There are more than a few times where CS ensured that a bug fix made it in.
2) If there is any sort of data corruption, Evernote will stop the weekly release to get back the data before doing the next release.
3) You can get a hold of a live human being to get support
4) Evernote has a explicit policy of never going to an ad model.
5) User privacy is highly important.
6) User security is highly important - if Evernote had a choice between Evernote as a company getting hacked or a user (not even a customer) getting their account hacked. Evernote errors on the side of protecting the users' security.
Please reward this positive company by paying for the product - that is their only revenue source :-)
But the thing I miss with Evernote is the ability to create end-to-end encrypted notes. I don't necessarily want all notes to be encrypted, just some.
I hope they add this capability.
I'm interested in switching away but nothing I've found beats Gsuite in terms of ease of use, and paying for Gsuite for my domain means I don't have my data pawed over like plain gmail accounts are.
Personally I found it hard to migrate to G Suite after being off for about 3 years and couldn't do it.
For example FastMail is less featured, but the web interface is really responsive and the keyboard shortcuts are better. Whereas Google Admin is a nightmare and GMail has gotten really sluggish in the latest iteration for no good reason.
GMail has labels, many people are addicted to those. But regular IMAP folders play better with desktop email clients and I prefer desktop clients. GMail's labels are cool for classifying stuff (e.g. My Projects), however IMAP folders are good for separating the junk. For example I don't want Mailing Lists in my archive.
G Suite has many limits that bother me that do not apply to FastMail:
- Limits maximum IMAP connections to 15: https://support.google.com/mail/answer/7126229?hl=en
- Limits bandwidth: https://support.google.com/a/answer/2751577?hl=en
- Limits maximum number of user aliases to 30: https://support.google.com/a/answer/33327?hl=en
I have hit all of these limits at some point.
FastMail works with something called "sub-domain aliasing". So if you have `user@domain.com`, you can come up with addresses on the fly, like `google@user.domain.com`. I do that for every online service I use. And the web client is friendly to that too. E.g. you can define "wildcard identities" or you can set certain identities to be used per folder.
Sadly Gmail only supports "plus aliasing". This is weaker because it's easier to remove the alias and because many websites, including big names, do not accept "+" as a valid symbol.
You can configure G Suite to redirect all email via a regular expression, so you sort of have it, however it doesn't work if you want to also send email, which you need to reply for support and stuff. This is because Gmail will not sign your emails with DKIM unless the email is a genuine user alias, no dynamically created email addresses allowed, except for plus aliasing.
Speaking of which, even when you send from a legitimate user alias in GMail, GMail will leak your primary email address via the Return-Path and other email headers. This means that user aliases in GMail do NOT work for maintaining privacy. For example one practice I have is to create a throw-away email address that I put on my blog. I don't want my email to get in the hands of spammers via my website. And I get contacted via it and sometimes I reply. Personally I don't want my primary email address to leak when doing that, but that's what GMail does. And I'm not even mentioning that adding email aliases is freaking painful, as you have to add it once in Google Admin and a second time in GMail's web interface.
Basically GMail is useless if you want to have multiple email aliases.
Another use-case I have for FastMail is to send email from my own VPS. I have two VPSs actually and I want them to send emails on important events. FastMail allows me to set a "SMTP only" password. And in case my VPS gets compromised, theoretically at least the attacker will not have access to my email archive. And FastMail's limits on sending email are pretty relaxed. You can send notification emails from your own VPS without worry. Just don't send spam as they'll probably react to that.
It's ironic, but for all of GMail's praise, it's actually pretty bad at handling email.
Also, not sure what exactly you're using from G Suite, but Google Drive is absolute trash for synchronizing files, including its File Drive Stream, its latest iteration. I've seen it ignore updates, I've seen it generate conflicts, I've seen it corrupt content. Google Drive is good for its web functionality, but you can't rely on it to actually copy your files. If I fear the desktop sync will corrupt my files, then I cannot use it, sorry.
Then it's just a matter of keeping backups of your email.
It would take me at most 1 hour to move, on the clock. I know because I moved between email provides about 3 times already.
("imapsync" helps)
AFAIK all iOS web browsers must use WebKit so really are little more than a shell on top of Safari.
https://rclone.org/
https://hbr.org/2018/07/a-study-of-thousands-of-dropbox-proj...
Quote:
> Dropbox gave us access to project-folder-related data, which Dropbox had aggregated and anonymized, for all the scientists using its platform over the period from May 2015 to May 2017 — a group that represented 1,000 university departments (from the top 100 universities and their Dropbox collaborators from other anonymized universities of any rank).
This was done without the consent of those involved.
Wired seems to cover the story: https://www.wired.com/story/dropbox-sharing-data-study-ethic...
That was when I realized I could not participate in plus: I realized how important my gmail account had become. I am diversifying and backing up today, but gmail stays a single point of failure.
The result: Even if google drive and a lot of their services sound really nice, I simply do not dare using them. I can't even take the risk of paying them: Anything non-gmail is a chance for them to obliterate my digital life.
Opening a second account is probably a bad idea: One day some algorithm will find out and either merge them or simply nuke both.
Not shooting at google specifically, this AskHN proves microsoft is just as bad. But it sounds to me these companies will have to do something or lose user trust.
Nuking both would be nuts except in extreme edge cases. It could potentially nuke the accounts of all spouses and parents and kids who share a laptop at home. Granted, everyone has their own writing style and computers seem good at identifying text written by people based on the latter, but that's still a big risk for the tech company.
It is cheaper and less risky for them to be completely insane pants-on-head bonkers once in a while than to find out what has happened and tell you. They don't care as they are big, you are small, and unless you annoy them enough to actually notice you, nothing is going to happen.
I live in Turkey, I use VPN (on AWS at Ohio) not to circumvent anything else than the imposed restrictions of my own country, and not some other countries' or companies'. Along with countless others, Wikipedia and Imgur are some well-known websites that are made unaccessible from Turkey. With Windows 10's VPN client, you don't even recognize that you are on VPN. The overhead is so low (relative to the basic internet speeds), that I don't even notice that VPN is on most of the time. I usually open it when I want to visit some Wikipedia page, and turn it back off after recognizing delay/lag on the games I'm playing online. Not even videos load recognizably slower, not on my VPN on AWS at least.
Within last 10 days, I had encountered the news about Dragon Ball Z - Season 1 being free on Microsoft Store, one like this I just found searching: https://www.neowin.net/news/first-season-of-dragon-ball-z-no...
I wanted to give both the anime and the Microsoft Store's video section a try, and did nothing more than just opening the Microsoft Store, finding the content, getting it for free and watching the first episode. My guess is that this might have been the problem.
If this really is the case, then I could not possibly know I was fooling Microsoft Store: - I did not and still do not know if the content was not available, free or paid, from Turkey. There were no indications of the content being unavailable to Turkey on the Store page. - Microsoft Store did not ask me if I am from Ohio, I never said I was from Ohio. I regularly use VPN for personal reasons, unrelated to this matter. I did not use VPN to make Microsoft Store think that I am from Ohio. Microsoft Store itself may have falsely assumed that I am from Ohio, and granted me the right to watch a content for free. It is Microsoft Store's fault for immediately assuming my location from the way I connect to the Internet.
If my guesses are true, then Microsoft's Microsoft Store is the culprit for being overly presumptuous about my location, not asking me for approval, hence not putting me responsible, and giving me free access to some content as a result. I may not be put responsible for Microsoft's presumptions that I haven't approved.
I agree. It's very likely that, by using a US VPN, you circumvented geo-restriction in the Microsoft Store. You could test that by creating another Microsoft account, under a fake name, using a commercial VPN service with a non-US exit. Then try to get the Dragon Ball Z episode from Microsoft Store. If you need help, feel free to email me.
This type of behaviour should be banned by the European Union.
You should be provided with the exact reason of why your account is being closed , regardless of who is the provider of the service.
It's unacceptable that companies like Microsoft, Facebook, Airbnb feel entitle to behave like this knowing how critical the service provided by those companies are for some organization. Plus the fact that those suspensions are usually done automatically by an algorithm powered by Machine Learning or something similar.
This type of mechanism could destroy an entire organization if the account of CEOs , CTOs, CFOs are suddenly locked down without possibility to access their emails , their contacts, their meetings and others business critical information.
This is outrageous.
The intent is to not reveal that the account had been linked to (for example) financing of terrorist organizations, but in reality I think it causes more problems than it solves. A real criminal who has their account shut down is probably going to be pretty aware of what the reason is. On the other hand, many times something like this can happen due to a mistake by a government agency, an account takeover, or some other situation where the owner of the account has no idea what went wrong or how to fix it, and finds themselves blackballed by multiple financial institutions with no recourse.
I’m not a fan of PayPal by any shot, but I would wager a nontrivial number of the customer support nightmare stories we’ve all read actually come down to this, and their hands are completely tied.
You are talking specifically about the financial and banking industry. Working in the banking industry , compliance regulation prevents banks from communicating about why your funds are frozen so the SEC can investigate and determine whether are not a fraud or suspicious activity were committed.
Such thing does not exist in the IT Industry. Microsoft ran their in house auditing tools , determined the account was suspiscious , set a flag "is_suspicious" as "true" in their database and the next day a batch ran and suspsended their account.
IT Audit for GAFA is 100% automated , there is no human interaction unlike Banking , Insurance and Finance.
Hence, the fact that BFA must communicate after the investigation about what fraud you committed to properly charge you in court and banned you from the services( You can even be banned in an entire country from owning a bank account depending on the severity ) but they must tell you why.
That is not the case for tech, it is completely unregulated which is why it's making me this upset.
Or is it just as the mentioning of terrorist mean that we leave the confines of modern democracy and enters the territory of fascists policies, as we become what we fight?
the fact that accounts are locked and funds frozen by hacked together system dependent on irrational machine learning algorithms and never heard in open court is the premise for any number of dark dystopian science fiction stories and deeply scary and yet we seem to keep enacting laws and frameworks that rewards companies like Microsoft for arbitrary enforcement by making it impossibly expensive to challenge punishment dished out private enforcers(microsoft/facebook/youtube etc.) who can be punished by the state for not enforcing aggressively enough
If they're barred by law from saying why, fine. If not, they should have to provide at least some reason, and a way to appeal.
Past a point, this becomes like those building regulations and other points of governance, that are not actually publicly available.
And your democracy fails. Because how can people govern, including themselves, when they don't even know what the rules are? Where the "lines" are?
Maybe, ultimately, it would be more useful to effectively inform the public about such funding, than to hide it away.
Also, there's been another round of conversation in the last some days, about "cashless" payment systems and societies.
What happens, when some initiative or data point -- or someone's personal agenda -- flags you as "suspect"?
When your cards are suddenly deactivated, your accounts frozen, and no one will tell you why? Nor for how long?
This secret behavior -- this secrecy -- needs some serious and effective limitations.
Or we are all going to be at risk of violating society's "terms of service", and made pariah, without explanation nor recourse.
Slippery slope...
It probably already is. Under Article 15 of the GDPR, you have the right to access personal data and to an explanation of how that data will be processed. A database entry saying "this account has breached clause x.y of our ToS" constitutes personal data within the scope of GDPR.
Under article 16, you have the right to correct any inaccurate data. Under Article 22, you have the right to opt-out of any wholly automated decision-making process that "produces legal effects concerning him or her or similarly significantly affects him or her".
Article 23 does impose some restrictions on those rights, e.g. in matters of national security, defence or criminal justice, but those restrictions are narrow and specific. If someone tells you "your account is banned and we can't give you any further information", they're likely in breach of the GDPR.
https://gdpr-info.eu/chapter-3/
As an example, people lost their money to PayPal and had their accounts banned because their address contained a street named after a sanctioned location.
Corporations are panicking. They spend billions of dollars on due diligence now and this is the result you are seeing. They don't want to spend even more billions of dollars on fines.
Obviously they can't tell you "transferring over 500 USD per month to Africa looked dodgy to us, so we closed your account". They are keeping details secret, which makes sense because next time you'd just circumvent their checks.
> As an example, people lost their money to PayPal and had their accounts banned because their address contained a street named after a sanctioned location.
That is ridiculous. Modern companies have no problem Hoovering up and analyzing vast amounts of intelligence on consumers for marketing purposes. PayPal almost certainly has liasons with any number of three-letter agencies that also feed them intel related to criminal or terrorist activity. Link analysis and graph database software has reached commodity status; it's affordable and available. Directing them to do something to stop transactions between accounts known to be affiliated with terrorism is a reasonable request.
If their solution to money laundering bans accounts based on something so naive as terms found in a street address, their unbounded, colossal incompetence is not the fault of any government. PayPal has never had their shit together-- run-of-the-mill fraudsters have no problem keeping accounts open, but yours will eventually be seized without notice or explanation.
On the converse, though, termination without reason does serve a purpose. For example, if this was because of illegal content being stored on the service, Microsoft may be complying with law enforcement and doesn’t want to tip off the suspect.
I strongly believe account remediation is better than all out termination, and that termination should only be enacted in the most severe of cases (repeat offenses or potentially criminal conduct).
the suspect is already going to be tipped off by the fact his account is banned
Deleted Comment
You might even require a $5 bond to appeal or something, to prevent spurious appeals.
https://support.microsoft.com/en-us/help/4051701/global-cust...