12

How to avoid losing your entire digital life in an instant

TL;DR: Don’t put all your eggs in one basket. Download all your data and store offline regularly.

A New York Times article this week, really got me thinking about how I organize my digital life. Sorry it is long but please take the time to read this, the lessons learned from this person’s experience can apply to 99% of us and there are things we can do now to prepare and be resilient against losing our entire digital life in an instant.

Here’s a brief summary of the article. A dad noticed a rash occurring on his toddler son’s genitals and took pictures with his Android smartphone to document the problem and track its progression. The parents contacted their doctor who requested the photos so they could review them in advance to their doctors appointment. The husband texted the photos to his wife’s iPhone and she then uploaded them to the doctor’s patient portal. The doctor prescribed antibiotics and the rash cleared up for the toddler.

Two days later, the dad’s phone received a message stating that his Google account was suspended because of “harmful content”. He then thought about it and realized that Google probably thinks he was sharing child porn. No big deal though, he could just contact Google and clear it up, he did nothing wrong. He filled out a form requesting a review of Google’s decision and explained his son’s infection and that the doctor requested those pictures. A few days after that, he received a response stating that they will not reinstate his account.

It gets worse… Google then contacted the authorities and the San Francisco Police Department opened up a case against this dad. He received a letter in the mail stating that they were investigating him, and served warrants to Google and his internet service provider. This would include all of his internet searches, location history, messages, documents, pictures, and videos. The dad contacted the investigator and tried to clear his name, the investigator responded that they have already closed the case because they could tell that no crime had occurred (and clearly had common sense).

The dad appealed his case to Google again sharing the police report that he is innocent, but Google was not going to budge. The New York Times also reached out to Google and asked if this dad could have his account back and they said no as well. He then got a notice that all of his information with Google was going to be permanently deleted. The sorta happy ending to all this though is that because the police had served that warrant with Google, they had a copy of all his data. They are in the process of getting this dad his information.

What a headache right!? Let’s look at all the real damage that was done.

  • This Google account was decades old and contained all of his emails for all that time.
  • His contacts were stored with Google.
  • All of his appointments were in his Google Calendar.
  • All of his phone’s photos and videos were stored in the Google Cloud.
  • His phone’s service plan was with the Google Fi provider so he lost that as well.
  • He received is 2 factor authentication codes through text messages tied to that Google Fi phone number

This dad really put all his eggs in one basket and got sucked into the convenient ecosystem that Google has set up. Look up at that list and think about what you would do if you could no longer receive, send, or view old emails, could no longer receive calls or texts, couldn’t get into your accounts that needed a text message verification code, lost all your calendar appointments, and years of pictures and videos of your family. I personally would be devastated! It could be even worse if you took important notes in Google Keep, bought lots of apps, music, movies, and books through your Google account, subscribed to various YouTube channels, and more.

The lesson here is that you could be totally innocent and did nothing wrong and get your entire account banned, and even if you plead your case and any normal person with common sense would be on your side, they can still have your account banned.

Below are my tips on what I do and want to do better to avoid situations like this from totally disrupting my life. Please share your thoughts and advice as well, I want to hear if there is some better or different approach I can take to make things better.

Email – This actually happened to me last month. I was switching email accounts and for a weekend didn’t have access to my emails. It made me feel vulnerable that I could no longer contact certain people, receive notices from my bank, or get important medical test results that I was waiting on. Email is vital.

Easy step – Download a copy of your emails through Google Takeout. This will give you an offline copy of your existing data.

Medium step #1 – Have all of your emails automatically forward to a secondary Google or other email account.  That way if you got banned from one account, a copy would exist in another account.

Medium step #2 – Switch to another email provider that isn’t able to see the content of your emails. ProtonMail is a great solution.

Advanced step #1 – POP/IMAP your emails to your computer for offline viewing.

Advanced step #2 – Set up a custom domain. If your main email gets banned, you can then move it to another service and continue as normal.

Calendar –

Easy step – Export weekly/monthly your Google Calendar or any other calendar service you have. This offline file can then be imported into another Google account or pretty much any other calendar service and be rebuilt without losing all your appointments.

Medium step – Move to a totally offline calendar solution and don’t sync it to the cloud. Still keep your regular backups though in case your device gets broken. I like the app Simple Calendar for Android.

Photo and video storage – This all might have been avoided if he hadn’t set his phone to automatically upload his pictures and videos to the cloud.

Easy step – Turn off cloud sync with Google or iCloud. Yes, Apple also scans and flags potential bad pictures on their service too.

Easy step – Plug your phone into a computer monthly and download all your pictures and videos to it.

Medium step – Move to more secure cloud storage like ProtonDrive or Sync.com where they cannot access or see what you store with them.

Phone service –

Easy step – Having a different phone provider like Tmobile or Verizon will make it not as life disrupting if you lost you Google account.

Medium step – Create another Google account and use it solely for Google Voice, which gives you a free additional phone number that you can use to make and receive calls and text messages.

2 Factor Authentication – 

Easy step – Prioritize software based 2FA over text or email based 2FA. It is commonly an option everywhere except for banks in my experience. That way if you lost access to your phone number, you can still get into accounts. An easy solution is to use Authy.

Easy step – Many sites will offer backup recovery codes if you don’t have access to your authenticator app, store these to get in again.

Medium step – Move to a totally offline 2FA application like Aegis for Android or OTP Auth for iOS. Back these up manually on a regular basis in case your device is ever lost or destroyed.

Advanced step – When setting up 2FA with each service, download your seed codes into your password manager. Then if your authenticator app breaks or whatever, you can manually rebuild.

Contacts – 

Easy step – Download and backup your contacts offline monthly.

Medium step – Request alternative phone numbers and emails for each of your contacts and set up alternatives for yourself and give those to all your contacts. Make sure everyone can reach everyone at any time by any means possible.

Medium step – Print off your contact information and store in your emergency binder.

Good tip for all the above and everything else – 

Download all your data regularly and store offline. If that’s through Google Takeout, or manually for each service, this is the best thing you can do to prevent total loss. Then back that up again somewhere else, preferably at a friend’s house.

Gone are the days you can take pictures of your kid running naked in the sprinklers without having to worry about getting your account suspended. There are many other situations where you can fall victim to such things like driving past a house where someone is getting murdered and your location data is on and police think you are the murderer, or someone uses your unlocked device and looks up bad things that then gets tied back to you. Don’t fall into the thinking that “This will never happen to me” because that dad probably was thinking that and look at what he has had to go through now.

3

  • Comments (3)

    • 4

      Great post, Supersonic. I especially like you break down each item into multiple, small steps and rate them as easy/medium/advanced. This is a good reminder that there are often several small things we can do, and doing one small thing is often a big improvement over doing nothing.

      I also prefer app-based 2FA rather than linking it to a specific phone or phone number that can be lost, stolen, or broken. I use BitWarden as a password manager, and you can store 2FA codes right alongside the password. There is some debate that this is less secure. But it means I can still access my accounts even if my phone dies.

      I also like physical security keys for 2FA. This is one reason I include them in the Digital Recovery Kit – you can store it offsite, and if you lose access to your phone or account, you still have a way back in.

      • 2

        Glad you liked my post, I hope it helped at least one person, it got me thinking at least. 

        Physical security keys like you have there are excellent and even more secure than app based codes! Great work

    • 2

      I saw a post on Reddit today (will link down below) where someone had his Google account disabled for no reason. He submitted multiple tickets to Google asking why and they wouldn’t give him a reason and won’t reverse their decision. It reminded me about this post so I came to talk about it now, but the guy in the Reddit post didn’t use Google Photos, so it wasn’t from that. I learned from that guy and this post that any account can be taken down for any or no reason at all and we need to not rely on other people’s services. Your tip on downloading information is a good one.

      Here’s the post I saw today: https://www.reddit.com/r/google/comments/xa1j35/google_disabled_my_account_for_no_reason_they_are/