[hazbo]

A few years ago I was working at a startup and we had just started moving some stuff over from AWS to GCP. Things were going pretty good with GCP until one day they pulled the plug on everything with no explanation. It turns out that our company credit card details had been fraudulently used without our knowledge. The criminal had decided to use the card to buy Google Ad Words or something like that - this is the same card we use on our GCP billing account. Anyway Google just took prod down with no notice on grounds of fraud. Could happen to anyone.

[theshrike79]

Never mess with Ad Words, that makes the Alphabet Beast angry every time.

I've heard the exact same Ad Words story a few times now, someone used their CC or had at one point in the distant past used with Ad Words and the system flagged it. Everything gone with no warning, no explanation and no way to complain. Even getting to the front page of HN didn't work =)

[paulgb]

We were lucky enough that getting to the front page of HN did work for us[1], but it's worth noting that it doesn't even have to be your card! Simply having a card from an issuer (in our case a legit, YC-backed, US-based startup bank) that got flagged was enough to have our account suspended and appeals denied.

[1] https://news.ycombinator.com/item?id=32237445

[mcv]

Sounds like credit cards are the wrong payment system for GCP. Do they support direct bank transactions? They definitely should, if they don't trust credit cards (which I can understand).

[rurp]

Not to be glib but it sounds like GCP is the wrong cloud system to use in production. Credit card numbers get stolen and show up in weird places all the time, and the way Google handles these cases shows you what Google thinks of its customers. Why build on such an untrustworthy platform when there are alternatives?

[wizofaus]

If other cloud platforms can trust and accept them why on earth can't GCP?

[mcv]

Probably because they're easily stolen and popular for fraud.

I'm never going to blame someone for not trusting credit cards. Only if you don't trust them, you should offer a better alternative.

[thwaway053]

The issue is not trusting credit cars, but how you handle suspected fraud.

Google should know that credit cards can get leaked/stolen. Suspending an account without notification is not the right solution. At least give the customer a chance to defend itself, change payment methods or switch to a different platform.

[fortran77]

But the person you're replying to didn't use ad words! Someone stole his CC number and used adwords.

[theshrike79]

Alphabet doesn't care, as far as they are concerned, someone messed with their Holy Money Machine and doesn't deserve to exist.

[omniglottal]

Again, the "doesn't deserve to exist" refers clearly to a different entity than the paying customer who was punished for zero action of their own.

[theshrike79]

And again, Alphabet doesn't care =)

"This credit card messed with our money machine, it and everyone connected to it are now permanently blacklisted everywhere on our ecosystem."

They genuinely do not care who did what and whose number it was and who got hurt and whether it was used with or without permission. That CC tried to exploit the mighty money machine and that's it.

[samstave]

Someone needs to pipe ad-words into DALLE and see what the ad-words-as-prompts-as-an-AI-service pumps out. Im out of credits at the moment, else I'd do it.

[samstave]

OK - I am a fully paid person on DALLE and MIDJOURNEY. Someone give me some google adwords prompts to pipe to these "things" (scary fn things - artists are dead)

[staticassertion]

I hear way too many stories like this about Google products. Whether it's Youtube, AdWords, GCP, or anything else - you get blackholed by them and there's zero recourse.

I just can't trust Google for something like running production services.

[hbn]

Several years back I wanted to try my hand at making an Android app and putting it in the Play Store. I knew ahead of time from reading all the horror stories that it's best to make a second dedicated developer Google account because once you turn an account into a developer account you're basically painting a target on your back to be randomly deleted by the powers that be. Additionally, not sure if this is still the case but at the time once you converted to a developer account you could never change your account's country again.

[rurp]

The last time I tried to make a new Google account it required a valid phone number, so this might require getting a second phone line these days. I wouldn't trust Google to only disable one account if there is a related one using the same number.

[alyandon]

Even that won't protect you from being banned if Google ever infers that the two accounts are related.

I just refuse to use Google for anything other than mail at this point.

[prirun]

I even got off gmail because of these horror stories. If they banned my gmail account it would be a major pain and I'd have no recourse.

[stuff4ben]

"can't trust Google"

There, fix that for you. If it's mission-critical, there are better customer-focused solutions out there than Google. Despite their massive brain power, they just can't seem to get dealing with users correctly.

[hinkley]

I recall there was a time in my life where I thought that knowing exactly why a project was failing would make me feel better, but it ended up just making me feel worse. Being right while a project crumbles around you is not an accomplishment. Fix what you can, and move on when they get tired of fixing things.

I don't understand why so many people find comfort in being able to blame a vendor for problems that could potentially end in mass layoffs.

[alyandon]

  they just can't seem to get dealing with users correctly

I guess internally it is considered a major failure if they ever have to deal with a user vs their automation incorrectly banning users without recourse. :-/

[upupandup]

Thing is they have products that we use personally and all of those are linked to GCP. So if we do a chargeback on GCP billing that was by error, nobody to respond, they have the potential to impact ALL of our personal Google accounts.

Doesn't get more dystopian than this. Fuck Google.

[hinkley]

Google seems to be a giant case study in "why spend ten minutes doing something when I can spend a week automating it instead?"

How do you have so many employees and yet everything important is run by unsupervised computers?

[samstave]

https://i.imgur.com/0WqDpRV.png

[belter]

Sounds like those Whiteboard interviews need to incorporate Graph Deterministic Algorithms for Highly-Dynamic Networks...

[gumby]

Need another Leetcode section on heartlessly screwing your SaaS customers.

[HeavyStorm]

Wasn't there an algorithm for that?

[hn_version_0023]

Yes, It’s called the Google hiring process.

[doctor_eval]

It sounds like they need a whiteboard session on something like “policy engine to decouple billing status from service status”.

[samstave]

https://i.imgur.com/ctKRD80.png

[samstave]

https://i.imgur.com/x8JPkGO.png

[cft]

For Google a customer is a data point in their machine learning set (hopefully weighted by revenue). The decisions are made by a ML model. If you treat your relationship with Google as such from the beginning, you can extract some value if you use Google for near zero value use cases - spam/marketing emails, disposable non-real time computations, Adwords/AdSense on spammy sites.

Not sure if having an Android phone is safe enough for critical use, because it's entirely tied to a Google account.

[aaaaaaaaata]

GrapheneOS.org, use sandboxed webapps &/or profiles.

[cft]

Does it have push notifications (Google Firebase)?

[le-mark]

This, either be big enough for a dedicated account representative (do they even offer that?) or use for noncritical workloads.

[mhoad]

Does this not cover everything people need right here?

$29/m + 3% of monthly spend https://cloud.google.com/support/docs/standard

Or alternatively $500/m + 3% of monthly spend https://cloud.google.com/support/docs/enhanced

[badpun]

Credit cards in general sound like a shitshow that maybe the consumer have the stomach for, but it should never be used for critical business processes. Doesn't Google accept more reliable forms of payment?