Tell HN: Need help, locked out of Google account with 10 years of personal data

Hacker News Discussion ↗

Account lockout experiences & fears

  • Multiple commenters report similar permanent or semi-permanent lockouts from Google and other platforms (e.g., Facebook, Apple), often tied to 2FA or “suspicious activity” triggers.
  • Losing access is described as a “digital nightmare” because many critical services (government, healthcare, banking, utilities) rely on that email.
  • Some users eventually regained access after days, weeks, or even years; others never did.

Perceived causes and Google’s security model

  • Common triggers mentioned: moving countries, IP changes, VPN use, changed or expired phone numbers, and complex 2FA flows that loop or break.
  • Several argue Google’s account recovery is opaque and overly reliant on SMS-capable numbers, with poor messaging and no human support for consumers.
  • Others counter that from Google’s perspective the behavior looks highly suspicious and automated protection is expected.

Recovery strategies discussed

  • Try logging in via incognito, from a familiar IP, without VPN, and with cleared cookies; wait after “too many attempts” messages.
  • Attempt to re-acquire the old phone number (e.g., via telecom “quarantine” and paid “pretty number” programs).
  • Use EU GDPR tools: Subject Access Requests to at least retrieve data, and potentially right-to-rectification, with escalation to data protection authorities.
  • Some mention internal Google processes reachable via employees, legal letters, or ad-account leverage, but details are sparse or anecdotal.

Critiques of dependence on Big Tech

  • Strong sentiment that large platforms are not aligned with users’ interests and can arbitrarily cut off access.
  • Some describe trusting Google as once “logical,” others liken it to a “faustian bargain” or parable of the scorpion and the frog.

Alternatives, redundancy, and self-hosting

  • Suggested alternatives: Fastmail, Proton, Apple iCloud, Dropbox, paid smaller providers, self-hosted or managed email using own domains, NAS + VPN/Tailscale.
  • Advocates stress paying for services and ensuring human support.
  • Skeptics note problems: self-hosted domains hit spam filters, domains can be lost (billing, registrar issues, seizure), and self-hosting email is complex.

Email, identity, and risk management

  • Broad worry that email addresses, which no one truly “owns,” have become the single point of failure for digital identity.
  • Suggested mitigations: own domains with forwarding, multiple recovery channels (secondary email, phone), backup codes, hardware security keys/passkeys, and regular local backups or Google Takeout exports.