Cautionary tales on online accounts

One of the reasons is that online accounts are common targets.

They are accessible from the whole world, and the security of those accounts is not clear. The fact that those accounts might be vulnerable does not even depend on the fact that you are using a strong password, multi-factor authenticaion or passkeys.

It is not uncommon to read that tokens, password or other private data have been shared ^🗄️ by ^🗄️ accident ^🗄️ on ^🗄️ the internet ^🗄️.

And if that is not enough, data has been hacked and exposed by other means, not only by accident.

Another reason I do not like online accounts is convenience.

I do not always have a high-speed connection to the internet, or a connection at all. Accessing local data is always faster than accessing data stored remotely.

Plus, most websites and phone apps that require an online account are not really user-friendly or accessible.

For example, I can locally search and list files and their content the way I want. I can even choose which tools to use, normally using the most appropriate for the task.

With online accounts, only if the interface to this account, often a website or an app, has implemented those functionalities the way I want. Which is never.

Another inconvenient aspect of online accounts is the different ways the provider implements the login functionality. Often, a password is not enough; there might be more than one, or you might need to use a specific program. In other cases, OTP codes are sent to another device, and some want to use the "sign in with" functionality provided by other accounts.

The worst offender I have right now is an application that

Suffice to say, I avoid using it as much as possible.

Another hot topic is how the user data is handled.

Private data might be uploaded online; who can access it?

Unfortunately, it is not always easy to answer that question.

Even if the data is not really private, or you "have nothing to hide", it would still be better to share as little information as possible.

For example, whether I am religious or not does not really affect my life: interactions with other people, which laws apply to me, and so on. It is not something necessarily private; in many religions, it is common to gather together in a community, have certain symbols where you live, or simply talk about it. If you observe or interact with a person long enough, you might be able to guess this and a lot more details by simply asking.

If you go back between eighty to ninety years, thousands of people were sent to concentration camps and died there, just because they were Jewish.

A dozen years ago, it would have been unthinkable that something like that would happen again. In the meantime, I’m not so convinced anymore.

As of today, being pregnant in certain states in America puts you in a dangerous situation. If there are any kind of complications, an abortion is legally a viable option only if the mother’s death is imminent; no matter what the current status is. This is unfortunately not something ^🗄️ theoretical ^🗄️.

Even something that does not seem life-changing, like how high is your income, what people you interact with, where you go during vacation, what you said ten years ago, can and is used against the user. It is not that there is a person taking notes on what you do. Those scattered informations are merged by some algorithms, which also decide what to show you when browsing online, how much something can cost, and so on. And those decisions are not made in the interest of the user, but in the interest of whoever collected or bought the data.

Note that those issues are not strictly related to online accounts, but online accounts make the situation worse. When browsing while being logged in Google/Facebook/Microsoft/Apple/Twitter/…​ makes it much easier to assign the collected data to a specific user.

It is hard to say how much difference it does make, but surely much more compared to someone who is not logged in to any of those systems.

Probably the main reason I do not like online accounts is the account termination.

Online accounts are vulnerable to it, especially in the case of major tech companies.

To make things worse, reaching support is getting increasingly difficult. Even if it is possible to reach support, since the termination process is handled automatically, there is often no clear answer to why an account was terminated.

This page is a sort of bookmark for cautionary or nightmare tales.

I am lucky to say it is not something that affected me in some major way, although I realized soon to do everything I can to avoid creating new accounts and avoid tying them together.

Companies, organizations, and states are realizing the same thing; this year is the first year I’ve read multiple times something about digital sovereignty ^🗄️. The concept of indipendence is not new, but it seems that some European nations ^🗄️ are taking the issue more seriously.

While not stated explicitly, I assume the major fear is being unable to access the owned data, supply chain attacks, and account termination. The current political situation ^🗄️ surely made this topic a lot hotter.

Unfortunately, it seems that the lesson learned is not the right one. The current problem is exacerbated by the fact that everything is in the cloud.

In my opinion (but my use cases are obviously different), we should not focus on a "cloud provider we can trust" or a "cloud provider we can self-host" that offers a lot of different things like email, document processor, AI agents, calendars, chat programs, file synchronisation, and so on, all in one.

The focus should be on local-first solutions, like software used to work a dozen of years ago. Data should be processed locally, and then shared or pushed to a central location with a different tool.

It does not even really matter if one is using Windows, Linux, BSD or Mac. All systems, configured properly, can be used for browsing the network, reading and editing documents, especially when the used programs are multiplatform.

This gives everyone the flexibility to use different tools: Microsoft Word, LibreOffice Writer, Calligra Words, and switch between them, without changing the whole infrastructure.⁠^[1]

It should not matter if the tool for sharing files is the same one that offers some storage for synchronizing data and a chat platform. In fact, better have independent tools that can communicate with well-defined protocols.

This makes it simpler to change something without having to change everything at once. This is the issue many organizations are facing. Using a solution that has everything integrated is simpler, but making any change afterwards is harder.

Depending on how the account is used, there can be multiple consequences.

The first might be a financial loss; one might lose access to purchases, subscriptions, and balances. One might be unable to make payments, and thus get mahnung, because, for example, an email with a secret code is sent to the mail account that has been terminated.

Another possible consequence is some sort of business disruption. For example, a developer might be unable to access the Apple or Google Play Store to push updates to fix critical issues, reply to its customers, and continue to develop its product.

Last but not least, it causes stress. For "normal" people, personal data like photos, messages, and notes are at stake. For everyone, it is not clear what happened, if and when one will be able to access their account, and how to proceed.

I believe the most problematic cases are Apple and Google.

Apple, because

Google because

Both seem to be the only providers for virtual cards (Apple Pay and Google Pay).

Both Apple and Google have a lot of users, so an extremely small percentage getting their accounts banned is still a lot of people. And in both cases, since the account is central to many workflows with mobile devices, the consequences can be disastrous.

It is easy to claim that one account has been wrongfully terminated or disabled, as we only read or hear the story from the perspective of the end user.

So how does the story look from the other side?

I do not know! I’ve never stumbled on a case where there was an official response yet. This is not something that inspires confidence.

This is also hard to say.

Even if "only" 0.1% account are banned wrongly without recourse, for a company with over 2 billion users, it is still over two million accounts. There are nations with fewer residents!

Not everyone will write online that their accounts have been banned; in fact, the majority will not write anything, and even those who write something will generally not be picked up by the media.

Everyone can write on the internet that their account was blocked.

Which is why, although I read a lot more about blocked accounts, I’ve linked only those.

Some of those online accounts certainly have advantages, but there is often a pattern.

For example, iCloud and Google are surely practical for synchronizing files and doing backups, simply because both Apple and Google make it very inconvenient to do those operations by other means.

On Windows 11, not doing an online account requires some tinkering, as the setup process does not really take that option into account.

The more useful you find your online account, the greater the risk of having it blocked and facing real consequences.

The harder it is to get rid of it, the more you should try to avoid it.

Thus, the more separate digital identities are, the better. I do not want one to take out others, for example, having a Gmail account locked because the Login with Google has been used for logging in on an unrelated platform.

If an account is used in the browser, use a different browser and profiles. This reduces the risk of tying them together by accident.

Some think that being a "loyal customer" helps their case, but in practice, it does not mean anything. It might mean something if you know someone in person, you have direct contact within the company, or the company somehow recognizes you. Otherwise, your account is (apparently) not that valuable to the company.

For the average Joe, there is no chance that having spent years promoting products, using the same platform, having an account, or having spent a lot of money will change anything. If there are millions of users worldwide, one average Joe more or less will not make any difference.