As a privacy nerd, I was interested in a recent New York Times article that has gone viral on the tech blogs. This article detailed the horror story of a father who lost his Google accounts after a photo of his son was falsely flagged as child pornography.

The man’s son’s genitals looked swollen and was causing the child pain. Their health care provider’s nurse line asked for photos to upload ahead of the telemedicine exam. The parents took photos using an Android device and sent them to an iPhone for uploading to the HCP’s messaging client. These photos were automatically scanned/uploaded by Google, who then decided they were “harmful content” and banned the father from all Google accounts.

This presents a number of problems beyond the obvious loss of access to his email accounts. Of course the loss of historical emails and addresses, but the overall problem is larger than that because Google services are interconnected and have consequences beyond Google. In this case, the father used Google Fi as his primary phone number. Losing Google Fi obviously means that he can’t make or receive calls, but he can no longer send or receive SMS text messages, including the multifactor authentication messages that most banks, credit cards, merchants, or services use as part of their login process. Additionally, any backups or other documents stored on Google Drive are unavailable as well as the ability to make or receive payments via Google Wallet. At this point, the situation is arguably worse than if his identity had been stolen, particularly since Google has doubled down on their decision to ban the man even after exoneration by law enforcement and comment requests by the NYT.

The way forward is obviously to avoid using Google services when possible. Google makes things convenient but, as this example shows, one-stop-shop solutions are risky.

The first (and perhaps most aggressive) option is to ditch Google almost entirely by using a privacy-focused ROM such as GrapheneOS. The problem is that most of these custom ROMs only work on certain devices. If you’re a fan of the latest Samsung phone, you’re stuck. There is also a rather steep learning curve as their default installs do not include Play Store or Google Services; some functionality that you’re used to on a standard Android won’t be there. There are, however, ways to get at least some of your apps, but it does take dedicated work.

While I have a phone number that was issued to me by my phone provider, I generally use one of several VOIP numbers through the MySudo app. I can use these profiles for anything I use my “real” number for but without the risk of exposing it. For 2FA/MFA, I avoid SMS-based authentication as much as possible and use hardware-based (e.g. Yubikey) and software-based (e.g. Authy).

I use Gmail. There. I said it. I use it for a lot of things, primarily as a garbage-dump for “registering” on websites, but I use it. I also use other platforms, such as ProtonMail. I also have a few personal domains that feed my email client. Regardless, the key feature is end-to-end (E2E) encryption. Services like Proton and Signal provide E2E, protecting your data in transit.

The primary issue here isn’t that Google is scanning photos, but rather that their review process is broken. The article is rather sympathetic to the parents and Google is apparently tight-lipped as to why they’re being so stubborn. Exploring the potential reasons behind this is beyond the scope of this post, but I suspect this is a business decision out of their Risk Management department. They have obviously decided that blanket-bans such as this (there are others) outweigh another undisclosed risk. Regardless, it is now incumbent upon us to maximize our own privacy and diversify our data as much as possible.