Google claims impossible to access my email I have password to. Is it?

Question

I am bringing this to your attention because, if nothing else, I find it to be an interesting and thought provoking situation, and if any group could realistically do something about these kinds of problems (my case not withstanding), it&rsquo;s you all.I am trying to access an email from my early twenties for nostalgia and archival purposes, and I know my username and password but the old email I used for recovery is with a now defunct provider. I attempted to purchase the domain of that provider, but it&rsquo;s registered to a domain reseller and I offered up to $200 with no response, and even that amount seemed absurd to me.Following all of Google&rsquo;s docs, I saw there was no avenue via Google to access the account without that recovery email. There more I thought on it, the more it seems like a policy that fails a smell test of human decency. Here is an exchange I am having on the Google community page:https://support.google.com/accounts/thread/166498610?hl=enInterestingly enough, a prime reason I am trying to access this email is to complete my process of &ldquo;De-Googling&rdquo; (if you are interested, I can tell you about this experience; I am near completely degoogled now and have a nice, secure alternative in place) I want to archive all my Google data to my own servers, then remove the data from Google. Getting access to these loose ends gives me closure and peace of mind. I find it scary that a third party can have access to information about me, in this case thousands upon thousands of lines of my writing and exchanges, then simultaneously deny my access &mdash; even when I have all the authentication methods required when the initial &ldquo;contract&rdquo; of use was established.I think all of us need to take a bit more care when it comes to user data. These are more than just products and services; these are people&rsquo;s memories. People with wants, needs, joys, fears, and a whole range of experiences. Technology and processes should do their best to offer value while minimizing suffering invoked. They should augment the human condition, not diminish in. In a case like mine &mdash; which is uncommon but not unprecedented &mdash; I entrusted a service believing I would have access to it with a username and password. I had an understanding ofthe risk profile with that and was okay without 2fa. The provider changed the contract without my consent and in doing so, has cut away my memories offloaded from my brain to their service. There is something here that feels really wrong.Sidenote:If this seems complainy or ranty, I apologize to your senses. I don't see it that way; if I did, I would not be posting. If you do feel that way, I'd like to know and have a conversation about it, and I would like to know your opinion on methods to properly talk about these kinds of issues in tech.

unknownaccount · Accepted Answer

Ensuring the recovery email provider being used for your account remains active is your (the users) responsibility. You call the recovery email &ldquo;invalid&rdquo; but in this case it&rsquo;s a perfectly valid email address because somebody owns that domain. There&rsquo;s no way you can expect Google to make a special arrangement for you to change the email at the behest of social engineering. What you&rsquo;re trying to do is get a google employee to removing/changing that recovery email against standard protocol and I hope it doesn&rsquo;t happen for (everybody else&rsquo;s) security&rsquo;s sake.

carapace · Answer

I can't help you, sorry, but I can commiserate. I have (had) an ancient account on Yahoo, lost access to it, lost my backup drive (it was in storage for years, I eventually found it again but it's effectively a brick) and then Yahoo reincarnated itself a few times(?), anyway, the data is toast, it probably still exists somewhere but there's no realistic way that I'm ever going to see it again.
- - - -
I think about this stuff a lot. On the one hand, I have trained myself over the years never to blame the user. On the other hand, since we are rapidly wiring up our civilization and society to depend utterly upon computers I feel it behooves the average person to educate themselves about them at least to a level of basic computer literacy (or risk becoming a kind of serf or peasant.) On the gripping hand, there certainly are groups of people (corp, state) who seem really into the idea of creating a "peasant" class that supports them but has no effective power over them. Those folks strive mightily to shepherd their customers into their silos (the metaphor becomes a bit mixed, sorry.)

olliej · Answer

At its core - from Google's PoV - they've decided to protect your account with two factor authentication. Their system couldn't verify your machines actually belonged to you, and so attempted to verify via the 2nd factor.
The whole point of 2FA is that it isn't bypassable, otherwise what would be the point? Complaining at them over any medium (including a complaint on a forum like HN) is indistinguishable from any other social engineering/hacking attempt. Someone attempting to social engineer their way into an account by definition wants to look as much like legitimate customer.
The core issue from your point of view is that they appear to have chosen to arbitrarily use your recovery email as a second factor without first telling you and/or getting consent.
At the more extreme end Apple's iCloud encrypts the increasing majority of data with keys that they fundamentally have no access to - the recovery devices (and you can make a non-device recovery key that I assume is tied to their iCloud key vault or whatever it's called). In the event you lose your recovery devices + account recovery key your data is gone - no one has the decryption keys, and Apple's only available option for you is an account reset. I know much less about the state of Google's cloud account encryption, but they always seemed more interested in having the ability to analyze account data.

Vladimof · Answer

It happened to me... I had to give them a phone number (any, apparently) to get access back to it. I also had the correct password, and even the previous password but I didn't enable 2FA.
Sometimes it is also possible to unlock the account using another device that previously accessed it.
This is ridiculous... I now forward all my emails to another account just in case it happens again.

GistNoesis · Answer

A long-shot, but given that you know your credentials, have you tried an other interface like a mail client connecting through POP/IMAP/SMTP (if you have ever enabled them in the past).

bradknowles · Answer

I have a similar problem with an iCloud account. That domain no longer exists, and so therefore I can't ever reset that password, and I can't ever access that account again.

lesuorac · Answer

I assume an arbitrator or judge would be able to help you much better than any of us.

shkkmo · Answer

If your main goal is the deletion of the data, you might be able to use GDPR processes to accomplish that.