Google suspended my company's Google cloud account for the third time

Original Article ↗ Hacker News Discussion ↗

Blame, risk tolerance, and “why not just leave GCP?”

  • Many commenters argue that after the second and third suspensions, staying on GCP is the company’s responsibility: they’re prioritizing convenience over reliability.
  • Others push back that most of their customers are on GCP, and alternatives (OIDC, API keys, per-customer service accounts) add significant setup or usability burden for customers.
  • There’s disagreement over how “cumbersome” OIDC really is: some say it’s scriptable and manageable; others say a 7‑step setup is guaranteed to be misconfigured by customers.

Google Cloud as an unreliable business partner

  • Strong consensus that GCP (and Google generally) is risky for anything critical unless you’re a very large customer with named support contacts.
  • Multiple anecdotes: accounts locked over trivial billing issues, opaque suspensions for ads or app submissions, “Login with Google” suddenly disabled, problems changing verified addresses, and long outages of Workspace with no effective recourse.
  • People note the fear of losing not just infrastructure, but also Gmail, Google Fi, Android dev access, or YouTube income if an automated system flags you.

Automation, scale, and support failures

  • Discussion centers on Google’s heavy reliance on automated abuse detection: if the system flags you, you’re out, often with only vague ToS language.
  • Some see this as an inevitable consequence of massive scale and fraud pressure; others say it’s a choice—Google could afford meaningful human review but optimizes margin and liability instead.
  • Several note that Google’s own docs recommend patterns (like shared service accounts) that appear to be punished by internal anti‑abuse systems, implying deep organizational disconnect.

Legal, regulatory, and structural responses

  • Commenters debate whether affected businesses should sue (breach of contract, tortious interference), or at least use small-claims court to force escalation beyond tier‑1 support.
  • Others call for regulation of “critical” identity/email providers and limits on purely automated decisions (citing GDPR as an example).

Broader lessons: cloud and dependency

  • Repeated advice: don’t rely on any hyperscaler or single platform for irreplaceable data or core identity.
  • Suggestions include owning your domain, using smaller or multi-vendor email/infra providers, and avoiding social logins where business continuity matters.