Hacker News new | past | comments | ask | show | jobs | submit login

Please write this up with more detail, it deserves a HN front page story. That is horrifying.

It's really not as exciting as all that. As a regular user, I suspect you're unlikely to have an experience like mine.

As part of my job, I perform (authorized) phishing simulations for employees of my employer. Typically this involves registering domains that look like my employer's domain (with permission), or domains that look like those of our vendors (again, with permission). I suspect one too many people clicked Gmail's "report phishing" button and their automated system took it from there. So I wasn't at all surprised that the account eventually got suspended, but I was surprised that my appeal was rejected, and closed with zero investigation. Perhaps I shouldn't have been.

Thankfully the only domains I lost were domains used for that purpose. At the time, I did use Google Domains for my personal domains as well, but thankfully I had those associated with my personal Gmail address and not my work account so I could still control them. Needless to say, though, I moved them off onto another registrar immediately.

The experience has also led me to slowly move off of Google products as a whole, with the notable current exceptions of Android and Google Fi.


* before the inevitable "phishing is a violation of their terms of service", it actually isn't. The related section forbids use that violates any laws or regulations, and lists phishing as an example. Authorized phishing simulations do not violate any laws or regulations. Unfortunately, Google failed to follow up with any of the individuals or evidence showing that it was authorized, and just rejected the appeal.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact