Sorry, Google, I’m going rogue!
My journey with Google Cloud Platform API begins two weeks ago.
I had an idea that would help my users with Gmail emails over at ltd.ninja get their software imported into their library FAST. The concept was simple:
- Scan your inbox headers to see which domains you get emails from
- Compare them to my database of software companies
- Hand pick each item to select which software you want to import
At the very start of the project I reached out to Google Cloud Platform to approve my scope. All I’m getting here is the header information (metadata). It’s not like my code can even see the message body or do something malicious, so I explained everything in detail and this is the response that I got:
Let me restate one more time:
At this point of time security assessment is not required.
Well, goodie! I went to work.
I built out a tool, conditioned my databases, added extra pages, created an explainer video, hired a voice actor, created new login pages and added a ton (and I mean a ton of content). When I kept responding to my GCP agent they kept saying “not enough content explaining how it works and how it benefits the user”. Or as I read it: “add more text that no one will ever read”.
Okay! After many days of coding, dozen or so back and forth emails and multiple YouTube videos of step-by-step explaining the tool to my GCP agent everything was perfect. Or so I thought…
I’m not sure if you care to read that all out, but basically they said: Well, you did a good job adhering to our rules over the last week and a half. Remember when we told you that you don’t need to have an assessment? WE LIED, and it will cost you $75,000 (or more).
We apologize for any confusion there
Are you kidding me Google Cloud? Google Developers, are we all getting this crazy run around and get hit with a $75,000 pay-wall? I’m running a small business here (a tiny business in fact), I can’t afford to shell out $750 for an assessment let alone 100 times that. What is going on!? Does Google simply not care about the little guys? Why would you first tell me I don’t need an assessment and then ten (hard working) days later flip the script? Is this Google doing this or did I just had a bad luck with one of their agents?
Here’s how the final product looks like:
So where do we go from here?
Hmm, it seems that the big G isn’t going to budge here. My agent pretty much started ignoring me now, and each time I reply to them, they just press the same long-winded macro button and won’t answer any of my questions.
Sooooo…
I’m going rogue! I’ll just leave my app unverified and whatever happens, happens. My apologies to my users who will be hit with this wall:
It’s either that, and you ignore Google’s warning, or all my efforts are for nothing. I’m guessing at least 3/4 of my users won’t even try the app when they see this warning, but, oh well, whatchu gon do?
And, hey Google Cloud! Thanks for exposing my real email address here. I guess since I can’t shell out $75K for someone to tell me that my code is secure it’s okay that the whole world knows where to send their spam.
Rant over! But seriously, Google Developers, if you’re reading this, is this baiting approach a standard over at Google? I can’t see how a major player would allow their agents to mislead their customers on purpose. Shame.
