Google’s Plan to Delete Inactive Accounts Shows the Internet Isn't Forever

There is a common refrain that emerges in the field of technology and preservation—often, keeping users safe comes at the cost of something good about the internet that we once had.

Example: Years ago, security experts began making the case that https should become standard on websites, with a strong nudge from Google. This had the side effect of making the web basically inaccessible to most devices using vintage software, as they didn’t have the necessary security tools. Trying to search Google on an iMac G3 probably isn’t the safest thing in the world, but decisions like these took the choice away from those users entirely.

And despite the absolute flood of interesting content available in Flash, the risks of malware led its owner, Adobe, to effectively shutter it from the internet, largely blocking nearly 20 years of internet history from being run on modern computers.

It’s in this light that a policy change on the part of Google hits this week. The company announced that it would remove any account that sat inactive for two years from its service, citing the risks of spam and phishing that can emerge from dead accounts over time.

“Our internal analysis shows abandoned accounts are at least 10x less likely than active accounts to have 2-step-verification set up,” Google Vice President of Product Management Ruth Kricheli wrote. “Meaning, these accounts are often vulnerable, and once an account is compromised, it can be used for anything from identity theft to a vector for unwanted or even malicious content, like spam.”

To be clear: In many ways, this decision is a good thing. There are probably millions of zombie email addresses out there that sit unused by their original owners, and presumably they do not have the security standards that the account that buzzes your phone twice a day does.

Google offers a lot of warnings—and even makes it possible to set up a system for approved contacts to access inactive accounts. All you need to do to keep a Google account alive is to log in and do some sort of activity. A single search or load of Gmail is enough.

The problem is, Google accounts are used for a lot of things, and many of those things are public-facing. If you’ve run a blog on Blogger anytime in the past 20 years or so, it’s likely associated with a Google account. People publicly share files with Google Drive, and if that account goes away, so do the publicly accessible files. Just imagine how bad this would be if Google still ran a social network.

(One bright spot of this whole situation: There was something of a panic when the news first came out around YouTube uploads disappearing from the internet, but YouTube creator liaison Rene Ritchie later clarified in a tweet that Google accounts that had uploaded YouTube videos in the past would not be affected at this time.)

Because it’s used for so many things, Google has this messy problem where the things that might actually be insecure (the flood of emails that might be sitting in your inbox, your password) are tied to things that are intentionally public-facing (your old poetry blog, your forgotten 2000s-era attempt to riff on the Angry Video Game Nerd), and attempting to separate the two could be problematic or even legally imperiled.

(Other companies, like Apple or Microsoft, might have this issue as well, but not to the degree of Google.)

I’m sure the bean counters in Mountain View did the research and determined that this was the best solution for such a complicated problem: Separating users’ public work from their personal accounts isn’t very feasible, but there’s a genuine need to stop potential vectors for spam and malware.

Beyond the very obvious flaw in this decision-making process—people die, they lose passwords, their machines get stolen—in many ways, Google’s approach to this problem seems to forget the reason why people signed up for a Google account in the first place.

The internet was sold to us as a never-ending library of stuff, one that is always growing. But libraries are static—a book on a shelf, unmoved, will continue to be a book on a shelf in a decade. Large technology companies like Google presume that you will continue to maintain your place on the internet to the latest standards—and if you don’t keep up, you lose your search position, your analytics will stop working, and you may even lose your account—all in the name of privacy and security. 

Security matters, but it too often comes at the cost of the information that often brought us here in the first place. And security always wins, even when preservation is at stake.

I’m sure security researchers and IT experts will read this and come out in favor of protecting the masses over favoring content nobody is reading. As I said, there is a case for this.

But building the world’s largest library doesn’t mean much when you have to constantly worry about link rot.