[remus]

I'm not sure how you can make that judgement without extra context (that is almost certainly tightly held within google). For example, what actually is the error rate? How does that compare to improper access that is successfully prevented?

Obviously any real person losing access to their account is a rubbish experience for that person, but an error rate of 0% is not possible with any system (including those with plenty of humans involved) when there are billions of users involved. I think a much more interesting question is "what's the acceptable error rate?"

[cycomanic]

I highly doubt that Google even tracks the error rate. I mean that you somehow need to make a viral post on HN to get your account back is evidence of that, they don't even know they made a mistake. Also based on the number of posts that we see here it's a nonneglible error rate. How many users does HN have a couple of 10thousand. So 32 posts makes it maybe 1 in a 1000, even if it is a 1 in 10000 or even 1 in 100000 error rate that's a pretty high probability to loose your online identity.

[jeffbee]

> I highly doubt that Google even tracks the error rate.

Please. Google has an entire team devoted to account abuse quality research.

https://storage.googleapis.com/pub-tools-public-publication-...

[cycomanic]

So if there is no way of contacting a human if you have been locked out of your account, how do they determine a false lock out? I am serious, every thread here on HN about being locked out said that the affected person tried all other avenues and did not get anywhere near a real human. So that would make all research flawed wouldn't it? Because it simply checks that the algorithm is consistent. Let's not assume malice. However, that doesn't make it much better because it means the account abuse quality research team is borderline incompetent.

[remus]

> So that would make all research flawed wouldn't it? Because it simply checks that the algorithm is consistent. Let's not assume malice. However, that doesn't make it much better because it means the account abuse quality research team is borderline incompetent.

I don't think it follows that you need to speak to an affected user to confirm they were improperly locked out of their account. You could have a human review the account history and the steps that led up to the suspension and so on to make a decision about whether it was a good decision or not. No doubt you'd get more info if you spoke to the affected user, but that in itself is not perfect (a scammers whole game is trying to convince google they're someone else, after all.)

I guess what Im getting at is that I think there is a lot of grey areas when you're trying to do account recovery at scale. No doubt there are cut and dry cases where people are locked out of accounts they've used for a long time (and that's shit for the people affected), but there are also plenty of scammers who'd put a lot of effort in to convincing a support person that they should have access to an account. I just don't think having support staff is the panacea it is often portrayed as.

[thatjoeoverthr]

One can easily make that judgment. The absence of extra context is a good reason to make that judgment. Google has a reputation for closing accounts and refusing to communicate. Google does not contest this reputation. They give no numbers and share no rate. "What's the acceptable error rate?" isn't an interesting question if you have no numbers. We do, however, have other companies and service providers.

[ClumsyPilot]

> How does that compare to improper access that is successfully prevented?

Last year I had an email from immigration services and I had to reply within 10 days. If I lost access to my email, I would be deported right now. They don't call, they just email. Why? I don't know, but that's what it is.

On the contrary, if someone get's access to my email, what can they do? Send random porn to my contacts? No-one will care.

As long as I can call the provider and fix the problem, it is irrelevant.

[jefftk]

> if someone get's access to my email, what can they do?

Take over every account you have that's configured to send password resets to that address.