I am not given any other options than to Contact Support about it, which I did yesterday and got an answer today that tells me nothing more than the very few that I know:
> Microsoft disabled access to the account due to a serious violation of the Microsoft Services Agreement https://www.microsoft.com/en-us/servicesagreement. As stated in the Microsoft Services Agreement, you will no longer be able to access any Services that require Microsoft account. For any subscriptions associated with the account, Microsoft will immediately cease charging the credit card on file for recurring charges. [...] Pursuant to our terms, we cannot reactivate your account, nor provide details as to why it was closed. This represents Microsoft’s final communication regarding this account.
I hope that I am not violating any other terms by sharing these messages. I do it out of frustration to know what exactly I might have done to deserve this, something more detailed than "you have violated our Terms as you eat your dinner", because without knowing which action of mine caused this, I either;
a) Will be unable to understand my mistake and not repeat it,
b) Will fear out of doing nearly everything and refrain from them, such as using a VPN on Amazon's AWS at Ohio, which I am sincerely suspicious of.
Microsoft's own way of justice is against the legal systems in all the modern countries, which always makes sure that the accused knows their faults, as one of their rights, and for the benefit of the accused not getting involved in such acts for a second time, for that they this time will know.
This is why I don't put anything that I care about on a service or system I don't control. If I want to host videos I care about staying online, they live on a VM configured for a pretty common LAMP stack which exists on a hypervisor that I own and control down to the bare metal and the contract for the colo rack space and 208VAC power.
Using this example, that same 1RU system has a connection to an ISP that I know and trust. It's not going to go offline unless I were to do something so terribly abusive (in terms of network abuse) or illegal that it would cause them to admin down the 1000BaseT port facing it. Or it could theoretically go offline if I used it for illegal outbound network activity and somebody from the local FBI field office showed up with a warrant to take it (again highly unlikely, because I don't do that shit). Those are just about the only circumstances in which a third party could bring it offline.
This sounds like a challenge. Does the winner get a bottle of scotch?
:)
edit: actually, yes, the winner would get a bottle of scotch. I have had people that I know and trust, with my permission, attempt to gain external access to it, without success. Not claiming I'm any sort of netsec wizard, just that I have a layered defense of most common security precautions for anything that has a public static IP address these days. Nobody has been successful yet. It could theoretically be brought down by:
a) social engineering the ISP it's hosted at (unlikely, they know me, I know them)
b) physical removal (its reverse DNS gives no indication of where it's physically located other than within a major metro area, could be at one of about twenty different datacenters. all of which have reasonably good physical security in place).
c) false legal claims causing some legal authority to bring it down, theoretically possible, but unlikely given the strong EFF/ACLU supporting political stance of the owners of the ISP it's hosted at. They would fight anything short of a court order that they could be held in contempt of.
d) Extensive sustained DDoS. I don't have any enemies that would be interested in wasting a DDoS on this, but its upstreams have a LOT of extra peering and transit capacity to absorb DDoS up to the 150Gbps range.
e) hardware failure, it's not perfectly 1+1 redundant in everything. but I have backups of every VM that can be brought up fairly quickly on a temporary dedicated server in a new, different, geographically diverse location fairly quickly.
f) some terrible unknown zero day exploit on one of the few daemons that listens to the public interface, through which some method of accomplishing a user and then su/sudo root shell might be possible.
It is a mistake to think that consequences that come with other businesses or the government believing you are doing something illegal can only occur if you actually do something illegal. (It's also a mistake to think that the government could o my seize your computer if it thought you did something illegal with it; though if they didn't but thought it had relevant evidence they might ask nicely before getting a warrant, rather than jumping straight to compulsory process. But that's politeness, not a legal mandate.)
Yes, there is also danger in civil lawsuits.
Second strike: Mon, Jul 9, 2018 at 10:36 PM
Third strike: Mon, Jul 9, 2018 at 11:31 PM
The last / third strike came with a "Your YouTube account has been terminated" and any attempts to login or view any of my videos gives a page missing and the Google account associated with it doesn't even appear in any of my menus.
I don't really care that much it was a dumb joke channel I made to poke fun at how often profanity is used in rap music. The part I find pretty perplexing is that I _removed_ the profanity from the music and the channel was flagged for offensive content.
Sounds like a recipe for griefing.
If the answer is “yes” you should take corrective action right away and make that answer “no.” Or at least minimize the number of accounts for which the answer is “yes”.
The reality is that this could happen to anyone, for any or no reason. Don’t pin your life to an online account you have no real right to.
For the apps, couldn't you create a new account (sure you'd have to buy the apps again) and be back up and running?
I have all my photos on iCloud. But they are also in the Photos library with full resolution on my computer. If apples locks my account, I don’t lose my photos.
Same thing with Dropbox. Synced but still available on my computer.
Same with Gmail. Synced with Mail on Mac. Downloaded regularly.
I simply try to make sure my data is always on my computer and migratable. Not the application itself.
a) buying my own domain
b) ensuring that the authoritative ns1/ns2/ns3 records for that domain are hosted at a diverse set of geographically diverse nameservers, for example an ns1 that you run and then using route53 and another non-route53-service for authoritative slaves.
c) setting the MX records for it to either a mail server that you run, or a third party mail server. This is sort of a compromise approach. You can use office365 or google if you don't want to fully host your own mail. You say you don't want to deal with the hassle of mail deliverability, so use either of those and let them handle the spam filtering, SPF and DKIM. Mail that's hosted by office365 is trusted by just about everything out there, in terms of not having other peoples' SMTP daemons reject or blackhole your mail. If either of those cuts you off for some arbitrary reason in the future, you at least have the ability to change the MX records to another service as you see fit.
Edit: A Plex server is a really easy way to back up photos from multiple devices as it syncs and you can control that entirely in house.
The more I see things like this happening, the less I want to entrust anything important to MS, Google, Amazon, etc.
- "Install Microsoft Authenticator to log in with your phone"
- "Sign up for OneDrive to protect against ransomware attacks"
- "Do more with Microsoft Edge!" (this one shows up when you change your default browser)
I prefer my operating system to not upsell me.
The only problem with my Microsoft account seems to be that I didn't create one. Not a problem to me, but obviously a problem at Microsoft. |But then I'm only the guy who BOUGHT the computer and deliberately avoided creating a MSFT account. What do I know? Funny how there's no "go away and never bother me again" option on that alert.
more and more, Microsoft makes me feel like a visitor in my own home (computer).
Of all the obnoxious things with Windows 10 there was nothing that made my blood boil more than being in the middle of a competitive Overwatch match and have Windows pop up over my screen telling me to install Skype.
(The second place award goes to when I was using one of those early developer builds of Windows 10 and the license expired. Next time I booted the machine it booted into a blue screen telling me that, because it had expired, they went ahead and deleted a system file that made the OS impossible to boot. The exact details are fuzzy now, but that's the gist of it. I'm seriously not making that up. Important system file deleted; OS dead)
It's one of those talking, singing, humming, weather-reporting, poetry-reading, novel-reciting, jingle-jangling, rockaby-crooning-when-you-go-to-bed houses... With stoves that say, 'I'm apricot pie, and I'm done,' or 'I'm prime roast beef, so baste me!' and other nursery gibberish like that... A house that barely tolerates humans, I tell you.
lol, "do more ..." a browser that doesn't even support basic API like EventTarget or CustomEvent constructors. they learned nothing since IE debacle.
It's not the same but I made the mistake of trying the Microsoft launcher on my Android phone. Maybe I was thinking it was the MS Authenticator app. What a disaster! It took me a while to figure out how to revert back.
For the curious to undo the MS launcher: settings > apps > click dots in top corner > Default Apps > Home Screen > Choose a different launcher
At least they were forced to offer LTSB for enterprise customers. Though I recently read they are rebranding the name.
But I still ended up needing a Microsoft account for the download. I was surprised to find I already had one (for the email I was using) , but I did and I was able to use it to download/install/validate the software.
Only later did I realize it was an account I created for my son to play Minecraft... hopefully he doesn't manage to get me banned from the Microsoft ecosystem.
In the future this can only exist if people pay for it, and clearly ... that's not going to happen.
I didn't even know a Microsoft account was an option when I set up my desktop :)
I'm no entirely familiar with the differences and I've been planning on buying a Win10 Pro license, so any advice would be helpful :)
It's also used for putting files on the cloud and renting VPSes, but those uses are much less common.
E.g. my email, calendar and contacts are at FastMail with my own domain, cloud storage is at Dropbox but looking to migrate to pCloud (after their recent fiasco). For notes I use Evernote, but investigating Standard Notes. I also don’t buy DRM-ed books or other products, e.g. I buy DRM-free audio books from Downpour. I have a Spotify account but I regularly buy the music I like. I have an iPhone but I’ll be damned if I’ll let Apple dictate my web browser therefore I use Firefox and apps that play along with it.
My Google and Microsoft accounts are basically unused. I use Docs at times but I regularly back them up automatically. I don’t even use Google’s Search anymore. I have some apps purchased for Android but I stopped using Android for now. If they block me for anything, I couldn’t care less.
These companies that have products in multiple markets are after lock-in of their users by any means necessary. Don’t fall into that trap. The alternatives cost more, but your freedom and privacy are worth it.
I am a (former) Evernote employee. Before I joined I didn't use Evernote. After I left I started using Evernote extensively (Hard to use the app when you are constantly messing up your test account doing dev work :-) )
From my experience there I know that:
1) the people there really care about the customers. If there is any sort of problem, the customer support will really go to bat for the customer. There are more than a few times where CS ensured that a bug fix made it in.
2) If there is any sort of data corruption, Evernote will stop the weekly release to get back the data before doing the next release.
3) You can get a hold of a live human being to get support
4) Evernote has a explicit policy of never going to an ad model.
5) User privacy is highly important.
6) User security is highly important - if Evernote had a choice between Evernote as a company getting hacked or a user (not even a customer) getting their account hacked. Evernote errors on the side of protecting the users' security.
Please reward this positive company by paying for the product - that is their only revenue source :-)
But the thing I miss with Evernote is the ability to create end-to-end encrypted notes. I don't necessarily want all notes to be encrypted, just some.
I hope they add this capability.
The major barrier (as I recall) is getting such a feature to play nicely with multiple installed clients and the web client.
I'm interested in switching away but nothing I've found beats Gsuite in terms of ease of use, and paying for Gsuite for my domain means I don't have my data pawed over like plain gmail accounts are.
Personally I found it hard to migrate to G Suite after being off for about 3 years and couldn't do it.
For example FastMail is less featured, but the web interface is really responsive and the keyboard shortcuts are better. Whereas Google Admin is a nightmare and GMail has gotten really sluggish in the latest iteration for no good reason.
GMail has labels, many people are addicted to those. But regular IMAP folders play better with desktop email clients and I prefer desktop clients. GMail's labels are cool for classifying stuff (e.g. My Projects), however IMAP folders are good for separating the junk. For example I don't want Mailing Lists in my archive.
G Suite has many limits that bother me that do not apply to FastMail:
- Limits maximum IMAP connections to 15: https://support.google.com/mail/answer/7126229?hl=en
- Limits bandwidth: https://support.google.com/a/answer/2751577?hl=en
- Limits maximum number of user aliases to 30: https://support.google.com/a/answer/33327?hl=en
I have hit all of these limits at some point.
FastMail works with something called "sub-domain aliasing". So if you have `user@domain.com`, you can come up with addresses on the fly, like `google@user.domain.com`. I do that for every online service I use. And the web client is friendly to that too. E.g. you can define "wildcard identities" or you can set certain identities to be used per folder.
Sadly Gmail only supports "plus aliasing". This is weaker because it's easier to remove the alias and because many websites, including big names, do not accept "+" as a valid symbol.
You can configure G Suite to redirect all email via a regular expression, so you sort of have it, however it doesn't work if you want to also send email, which you need to reply for support and stuff. This is because Gmail will not sign your emails with DKIM unless the email is a genuine user alias, no dynamically created email addresses allowed, except for plus aliasing.
Speaking of which, even when you send from a legitimate user alias in GMail, GMail will leak your primary email address via the Return-Path and other email headers. This means that user aliases in GMail do NOT work for maintaining privacy. For example one practice I have is to create a throw-away email address that I put on my blog. I don't want my email to get in the hands of spammers via my website. And I get contacted via it and sometimes I reply. Personally I don't want my primary email address to leak when doing that, but that's what GMail does. And I'm not even mentioning that adding email aliases is freaking painful, as you have to add it once in Google Admin and a second time in GMail's web interface.
Basically GMail is useless if you want to have multiple email aliases.
Another use-case I have for FastMail is to send email from my own VPS. I have two VPSs actually and I want them to send emails on important events. FastMail allows me to set a "SMTP only" password. And in case my VPS gets compromised, theoretically at least the attacker will not have access to my email archive. And FastMail's limits on sending email are pretty relaxed. You can send notification emails from your own VPS without worry. Just don't send spam as they'll probably react to that.
It's ironic, but for all of GMail's praise, it's actually pretty bad at handling email.
Also, not sure what exactly you're using from G Suite, but Google Drive is absolute trash for synchronizing files, including its File Drive Stream, its latest iteration. I've seen it ignore updates, I've seen it generate conflicts, I've seen it corrupt content. Google Drive is good for its web functionality, but you can't rely on it to actually copy your files. If I fear the desktop sync will corrupt my files, then I cannot use it, sorry.
Hmm, I just now sent from a Gmail alias to a non-Google account. Don't see my primary address anywhere in the received headers.
Could the circumstances under which you see leakage be specific to some particular use case?
Then it's just a matter of keeping backups of your email.
Now, if my domain host goes belly up, I'll probably have a somewhat painful process of porting my domains elsewhere. It's still doable but it would probably mean a few days of downtime.
It would take me at most 1 hour to move, on the clock. I know because I moved between email provides about 3 times already.
("imapsync" helps)
You can host your own email just like you can generate your own electricity. It's definitely worth it for other people and we definitely need more people that self host to keep email an open standard, but personally I've got better things to do.
AFAIK all iOS web browsers must use WebKit so really are little more than a shell on top of Safari.
https://hbr.org/2018/07/a-study-of-thousands-of-dropbox-proj...
Quote:
> Dropbox gave us access to project-folder-related data, which Dropbox had aggregated and anonymized, for all the scientists using its platform over the period from May 2015 to May 2017 — a group that represented 1,000 university departments (from the top 100 universities and their Dropbox collaborators from other anonymized universities of any rank).
This was done without the consent of those involved.
Wired seems to cover the story: https://www.wired.com/story/dropbox-sharing-data-study-ethic...
That was when I realized I could not participate in plus: I realized how important my gmail account had become. I am diversifying and backing up today, but gmail stays a single point of failure.
The result: Even if google drive and a lot of their services sound really nice, I simply do not dare using them. I can't even take the risk of paying them: Anything non-gmail is a chance for them to obliterate my digital life.
Opening a second account is probably a bad idea: One day some algorithm will find out and either merge them or simply nuke both.
Not shooting at google specifically, this AskHN proves microsoft is just as bad. But it sounds to me these companies will have to do something or lose user trust.
Nuking both would be nuts except in extreme edge cases. It could potentially nuke the accounts of all spouses and parents and kids who share a laptop at home. Granted, everyone has their own writing style and computers seem good at identifying text written by people based on the latter, but that's still a big risk for the tech company.
It is cheaper and less risky for them to be completely insane pants-on-head bonkers once in a while than to find out what has happened and tell you. They don't care as they are big, you are small, and unless you annoy them enough to actually notice you, nothing is going to happen.
I live in Turkey, I use VPN (on AWS at Ohio) not to circumvent anything else than the imposed restrictions of my own country, and not some other countries' or companies'. Along with countless others, Wikipedia and Imgur are some well-known websites that are made unaccessible from Turkey. With Windows 10's VPN client, you don't even recognize that you are on VPN. The overhead is so low (relative to the basic internet speeds), that I don't even notice that VPN is on most of the time. I usually open it when I want to visit some Wikipedia page, and turn it back off after recognizing delay/lag on the games I'm playing online. Not even videos load recognizably slower, not on my VPN on AWS at least.
Within last 10 days, I had encountered the news about Dragon Ball Z - Season 1 being free on Microsoft Store, one like this I just found searching: https://www.neowin.net/news/first-season-of-dragon-ball-z-no...
I wanted to give both the anime and the Microsoft Store's video section a try, and did nothing more than just opening the Microsoft Store, finding the content, getting it for free and watching the first episode. My guess is that this might have been the problem.
If this really is the case, then I could not possibly know I was fooling Microsoft Store: - I did not and still do not know if the content was not available, free or paid, from Turkey. There were no indications of the content being unavailable to Turkey on the Store page. - Microsoft Store did not ask me if I am from Ohio, I never said I was from Ohio. I regularly use VPN for personal reasons, unrelated to this matter. I did not use VPN to make Microsoft Store think that I am from Ohio. Microsoft Store itself may have falsely assumed that I am from Ohio, and granted me the right to watch a content for free. It is Microsoft Store's fault for immediately assuming my location from the way I connect to the Internet.
If my guesses are true, then Microsoft's Microsoft Store is the culprit for being overly presumptuous about my location, not asking me for approval, hence not putting me responsible, and giving me free access to some content as a result. I may not be put responsible for Microsoft's presumptions that I haven't approved.
I agree. It's very likely that, by using a US VPN, you circumvented geo-restriction in the Microsoft Store. You could test that by creating another Microsoft account, under a fake name, using a commercial VPN service with a non-US exit. Then try to get the Dragon Ball Z episode from Microsoft Store. If you need help, feel free to email me.
This type of behaviour should be banned by the European Union.
You should be provided with the exact reason of why your account is being closed , regardless of who is the provider of the service.
It's unacceptable that companies like Microsoft, Facebook, Airbnb feel entitle to behave like this knowing how critical the service provided by those companies are for some organization. Plus the fact that those suspensions are usually done automatically by an algorithm powered by Machine Learning or something similar.
This type of mechanism could destroy an entire organization if the account of CEOs , CTOs, CFOs are suddenly locked down without possibility to access their emails , their contacts, their meetings and others business critical information.
This is outrageous.
The intent is to not reveal that the account had been linked to (for example) financing of terrorist organizations, but in reality I think it causes more problems than it solves. A real criminal who has their account shut down is probably going to be pretty aware of what the reason is. On the other hand, many times something like this can happen due to a mistake by a government agency, an account takeover, or some other situation where the owner of the account has no idea what went wrong or how to fix it, and finds themselves blackballed by multiple financial institutions with no recourse.
I’m not a fan of PayPal by any shot, but I would wager a nontrivial number of the customer support nightmare stories we’ve all read actually come down to this, and their hands are completely tied.
You are talking specifically about the financial and banking industry. Working in the banking industry , compliance regulation prevents banks from communicating about why your funds are frozen so the SEC can investigate and determine whether are not a fraud or suspicious activity were committed.
Such thing does not exist in the IT Industry. Microsoft ran their in house auditing tools , determined the account was suspiscious , set a flag "is_suspicious" as "true" in their database and the next day a batch ran and suspsended their account.
IT Audit for GAFA is 100% automated , there is no human interaction unlike Banking , Insurance and Finance.
Hence, the fact that BFA must communicate after the investigation about what fraud you committed to properly charge you in court and banned you from the services( You can even be banned in an entire country from owning a bank account depending on the severity ) but they must tell you why.
That is not the case for tech, it is completely unregulated which is why it's making me this upset.
This is particularly true when products frequently gain new features or integrations with other company-provided services, as changes in one system might allow an account that’s partially suspended to be able to perform legally-forbidden actions in another (think: something like iMessage gaining Apple Pay support). Yes, you can solve these things with engineering, but not only can that easily cost more than it’s worth, but you also open yourself to massive company risk if you fuck it up and regulators catch wind.
Or is it just as the mentioning of terrorist mean that we leave the confines of modern democracy and enters the territory of fascists policies, as we become what we fight?
the fact that accounts are locked and funds frozen by hacked together system dependent on irrational machine learning algorithms and never heard in open court is the premise for any number of dark dystopian science fiction stories and deeply scary and yet we seem to keep enacting laws and frameworks that rewards companies like Microsoft for arbitrary enforcement by making it impossibly expensive to challenge punishment dished out private enforcers(microsoft/facebook/youtube etc.) who can be punished by the state for not enforcing aggressively enough
It's not. It's also not practiced exactly that way.
There is always a maximum duration for those things, and after that duration secrecy is gone.
Also, before locking somebody's account, the law enforcement people have to get in front of a judge, and make a really good case for why it should happen. Normally judges do not like people asking for unilateral actions (on most places judges are very competent lawyers, and if there is something that lawyers really love is their antagonistic system for decision making).
Money laundering laws are not like anti-terrorism ones.
If they're barred by law from saying why, fine. If not, they should have to provide at least some reason, and a way to appeal.
Past a point, this becomes like those building regulations and other points of governance, that are not actually publicly available.
And your democracy fails. Because how can people govern, including themselves, when they don't even know what the rules are? Where the "lines" are?
Maybe, ultimately, it would be more useful to effectively inform the public about such funding, than to hide it away.
Also, there's been another round of conversation in the last some days, about "cashless" payment systems and societies.
What happens, when some initiative or data point -- or someone's personal agenda -- flags you as "suspect"?
When your cards are suddenly deactivated, your accounts frozen, and no one will tell you why? Nor for how long?
This secret behavior -- this secrecy -- needs some serious and effective limitations.
Or we are all going to be at risk of violating society's "terms of service", and made pariah, without explanation nor recourse.
Slippery slope...
Sincere question: what are you conveying by using that spelling of (I assume) "terrorism"?
It probably already is. Under Article 15 of the GDPR, you have the right to access personal data and to an explanation of how that data will be processed. A database entry saying "this account has breached clause x.y of our ToS" constitutes personal data within the scope of GDPR.
Under article 16, you have the right to correct any inaccurate data. Under Article 22, you have the right to opt-out of any wholly automated decision-making process that "produces legal effects concerning him or her or similarly significantly affects him or her".
Article 23 does impose some restrictions on those rights, e.g. in matters of national security, defence or criminal justice, but those restrictions are narrow and specific. If someone tells you "your account is banned and we can't give you any further information", they're likely in breach of the GDPR.
As an example, people lost their money to PayPal and had their accounts banned because their address contained a street named after a sanctioned location.
Corporations are panicking. They spend billions of dollars on due diligence now and this is the result you are seeing. They don't want to spend even more billions of dollars on fines.
Obviously they can't tell you "transferring over 500 USD per month to Africa looked dodgy to us, so we closed your account". They are keeping details secret, which makes sense because next time you'd just circumvent their checks.
> As an example, people lost their money to PayPal and had their accounts banned because their address contained a street named after a sanctioned location.
That is ridiculous. Modern companies have no problem Hoovering up and analyzing vast amounts of intelligence on consumers for marketing purposes. PayPal almost certainly has liasons with any number of three-letter agencies that also feed them intel related to criminal or terrorist activity. Link analysis and graph database software has reached commodity status; it's affordable and available. Directing them to do something to stop transactions between accounts known to be affiliated with terrorism is a reasonable request.
If their solution to money laundering bans accounts based on something so naive as terms found in a street address, their unbounded, colossal incompetence is not the fault of any government. PayPal has never had their shit together-- run-of-the-mill fraudsters have no problem keeping accounts open, but yours will eventually be seized without notice or explanation.
Meanwhile the EU imposed a 3 billion dollar fine on Google for, and this is sadly not a joke, depreffing incredibly annoying shopping comparison sites, specifically this one [1][2] and a few others. Go on, visit it. And then tell me how much the quality of the internet is lowered by making that site harder to find.
(the real reason: the Kelkoo CEO, and I'm not even joking, convinced a secretary of the EU competition commisioner (the previous one) that they were a viable EU-based competitor to Google. Yes, really, that's the level of intelligence the EU commission had, they believed that Kelkoo would be doing internet search engines better than Google)
What exactly makes you think that when we're talking lesser amounts they'd be more careful ? Doesn't it make more sense that when they want something, like say, imposing sanctions or find someone that may have spied on them, they don't just go "all info on these users or it's a $100 million fine" ?
Because reality is more like "Block this list of users because the police chief's wife's tennis partners' ball producer's 2-year old niece says they stole a teddy from her dog or it's a $1 billion fine. Oh never mind she found it. Did you block em yet ? BLOCK EM !"
[2] https://www.politico.eu/pro/politico-pro-morning-tech-google... (non-paywalled mirror @ http://blog.digitalmedialicensing.org/?p=3823 )
On the converse, though, termination without reason does serve a purpose. For example, if this was because of illegal content being stored on the service, Microsoft may be complying with law enforcement and doesn’t want to tip off the suspect.
I strongly believe account remediation is better than all out termination, and that termination should only be enacted in the most severe of cases (repeat offenses or potentially criminal conduct).
the suspect is already going to be tipped off by the fact his account is banned
You might even require a $5 bond to appeal or something, to prevent spurious appeals.
https://support.microsoft.com/en-us/help/4051701/global-cust...
They are too small for anyone to give a mess about.
If you sue them they'll have to reveal what they think you did. Other than that you're probably only entitled to access to your data so you can transfer it to another provider, as well as maybe a prorated refund if applicable (and you'd probably have to hire a lawyer for that, too, because they possibly won't answer any further inquiries on your part).
You mentioned a university licence. Many vendors explicitly prohibit usage of such licences for purposes other than educational ones. This might be the cause of your problem, for example if you used your account for hosting a commercial application on Microsoft Azure.
Another option would be talking to a consumer organization (not sure if this is applicable because a university licence might not qualify as a consumer licence).
Other than that: Caveat emptor. I know this sounds trite and doesn't really help in your current situation but when you entered that contract you very likely agreed to the terms Microsoft now uses against you.
Yes of course, he should have simply not used e-mail.
Sue them for what? Surely they reserve the right to deny service to anyone?
Even if the contract contains language allowing them to do that (worth checking!), if he signed the contract as a consumer (not as a business) this might be against consumer protection laws.
Welcome to the modern world.
I read frequently on the /r/androiddev subreddit about Android devs who have had apps suspended or accounts closed for reasons beyond their comprehension.
I frequently read about people wanting tech platforms to start censoring more actively (Twitter, FB, Youtube?) and for them to boot controversial people for using their free speech (even if offensive).
Unfortunately giving "the accused" any sort of recourse doesn't seem to be a priority when the PR machine is going against a tech company - it's easier for them to use the banhammer.
So that can suck, if you don't know why you've been banned or possibly when you are banned by mistake, but that is the risk of using these kinds of services.
Now you might think the AG won't have time for you, but the AG is not sitting there reading the incoming email and deciding to act. The AG clerk on duty will check that basic facts and dates are present in your email (make sure to include them), and ask the BigCo for their side of the story; all that before anyone even looks at the merit of the case. The BigCo will now face a choice - continue corresponding with the office of AG (which is billable lawyer time plus a drain on management brainpower), or shut you up by giving you back your stuff (which is free).
Probably just like everybody else.
I frequently take downloads of my Google content with Google Takeout but haven't been doing the same for Microsoft. Recently started adding important content to my MS account, and probably ought to start doing the same for that service.
edit: yeah, yeah, yeah all the cool kids don't use Microsoft stuff. For some of us, there may reasons we do, and I suggest this MS service might do the trick. I'm still testing what all is included in this export. UPDATE apparently this tool just exports a json file including usage information of each MS service but not the data contained within those usage sessions i.e. a file I've created in OneDrive Excel. Hmmmm.... going to continue the hunt.
Also: keep backups outside of the Microsoft ecosystem.
Even for spam they wouldn't block you like this right weather. It's due diligence.
Am I correctly interpreting their statement as saying that they're constrained by their own self-imposed policies?
Well now that's just an eventually.
On a side note, as a published author on Amazon, I've heard horror stories in the usual author forums of Amazon doing the same to authors, pulling all their novels off their site without warning and terminating their account. Amazon does have some remediation pathways (unlike the AirBnB guy), and many authors had their accounts restored after weeks or months of perstering support (although the damage is done).
New account banned after changing Hotmail settings.
I'm thinking content scanning or Microsoft Account telemetry.
By any chance, did you have child nudity (ex: photo of child bathing, etc.) on your OneDrive? If so, I wonder if PhotoDNA picked it up (see https://www.neowin.net/news/man-arrested-after-microsoft-fin...).
I was wondering what it was I could have done. I was thinking of all the "grey area" things I may have been up to - then I paused and thought: "why am I concerned they could know so much?" because it's possible.
That was the final week I used Windows.
It will get worse before it gets better, and I'm actually thankful.
I have a paid OneDrive account that stores all my family photos.
Reading this has made me realise it could so easily happen to me. I'm going to make double sure I back up everything locally too, from now on.
MS only has my photos though. Google really has me by the balls. Ten years of emails with friends and customers, and pretty much every login I have is tied to my gmail. If that was taken I away I would be truly boned
That's my only complaint, but it isn't a small one. Having advertisements so deeply baked in to an operating system is disgusting.
One of their principles is "Your data is your own".
I migrated from Gmail at the beginning of the year and I haven't looked back once. My Gmail is still active and is forwarding to my fastmail account, but at this point it wouldn't really affect me if they shut it down.
While time consuming the process of switching only happens once, and now my data is my own again. If you want you can also buy a domain and set up your fastmail to use that, so in the future you keep your email address(es) regardless of provider.
Were you storing files? If so what kind of files.
You might find there's some kind of activity you've been doing but thought was ok, or you were storing files which got flagged for porn or copyright.
- provide a reason if they ban you
- always let you take out your data (unless not legally possible)
- have decent customer service ?
This is undoubtedly unfair, but I honestly wonder: if this is even legal?
And it's the same problem with software in general these days, no matter if you pay you don't own it so you don't have a right to use it.
If a company can take everything away from you at the turn of a dime, you should at least be entitled to know why it was done.
This is one* of the reasons why I never use single sign on for other services.
* other reasons include:
not wanting SSO to know where I'm going, when I'm going to it. It's none of their business!
Not wanting a cascading breach
Why do we do it?
Because these sort of stories represent probably something like one in a million failure rate. That is ridiculously successful. And those "simple things" you say are really not all that simple.
But they give you the option to provide a text able phone number and give you 10 minutes to use the texted Access Code?
I have had that happen 3 times......... they after your cell phone number and holding your account hostage to get it.
They will not respond to any other option nor give evidence of what they claim violated any Terms of Use. They just say "Suspected".
