Google restricting Google AI Pro/Ultra subscribers for using OpenClaw
discuss.ai.google.dev708 points by srigi 16 hours ago
708 points by srigi 16 hours ago
So purely from a hacker perspective, I'm amused at the whining.
Like, a corporation had a weakness you could exploit to get free/cheap thing. Fair game.
Then someone shares the exploit with a bunch of script kiddies, they exploit it to the Nth degree, and the company immediately notices and shuts everyone down.
Like, my dudes, what did you think was going to happen?
You treasure these little tricks, use them cautiously, and only share them sparingly. They can last for years if you carefully fly under the radar, before they're fixed by accident when another system is changed. THEN you share tales of your exploits for fame and internet points.
And instead, you integrate your exploit into hip new thing, share it at scale, write blog posts and short form video content about it, basically launch a DDoS against the service you're exploiting, and then are shocked when the exploit gets patched and whine about your free thing getting taken away?
Like, what did you expect was going to happen?
Additional information from Google employee https://x.com/_mohansolo/status/2025766889205739899 :
"We’ve been seeing a massive increase in malicious usage of the Anitgravity backend that has tremendously degraded the quality of service for our users. We needed to find a path to quickly shut off access to these users that are not using the product as intended. We understand that a subset of these users were not aware that this was against our ToS and will get a path for them to come back on but we have limited capacity and want to be fair to our actual users."
> We understand that a subset of these users were not aware that this was against our ToS and will get a path for them to come back on but we have limited capacity and want to be fair to our actual users.
It feels like a good default for this would be something similar to video game bans: where you get a "vacation" from the service with a clear reason for why that is, but can return to using it later. Given how much people depend on cloud services, permanent bans for what could be honest mistakes or not knowing stuff would be insane.
Getting your Google Workspace account nuked because an employee hooked their company Gemini account to OpenClaw would certainly be a novel business risk.
As far as I can tell, most of the offenders just had their access to Antigravity and Gemini CLI suspended, not the rest of the Google ecosystem.
There are probably some boundaries set by Google's legal team, especially for Workspace.
Google services are banned at the very large company I work at and that's not because they are technically poor.
It's just that the last time we had to deal with their customer support, they were so bad someone at the exec level said they were banned from now on. It's to the point we have to explicitely schedule high level meetings and carve out exceptions when they happen to buy products we use.
We work with nearly everyone in the cloud space except Google. That should tell you everything you need to know.
what you described is that using google is a novel business risk
Google has gigantic power over its users. Consider that for some reason, Google banned your gmail account, which you are using for large number of logins for different essential services.
All it takes is Google to ban you from one service and you’re locked out of things like, oh I don’t know, GCP…
yes. i am not using google ai services because i am afraid i might accidentally get permanently banned
I posted an "Ask HN" around this a while back. I think we will see a lot more of it and we will be hurting legitimate users. I like your temp ban idea but I doubt they would give reasons why.
> give reasons why
Because it'll be an LLM guided bot handing out bans, so no one will actually KNOW why.
While I see the point of limited capacity, it also shows that Google did not plan for rate limiting / throttling of high usage customers. This is ALWAYS the problem with flatrate pricing models. 2% of your customers burn 80+% of your capacity. Did see that in former times with DSL, not too long ago with mobile and now with AI subscriptions. If you want to provide a "good" service for all customers better implement (and not only write in your T&Cs) a fair usage model which (fairly) penalises heavy users.
Good on them that they want to provide a way to bring back customers on board that were burned / surprised by their move.
BUT: The industry is missing a significant long term revenue opportunity here. There obviously is latent demand and Claws have a great product market fit. Why on earth would you deactivate customers that show high usage? Inform them that you have another product (API keys) for them and maybe threaten with throttling. But don't throw them overboard! Find a solution that makes commercial sense for both sides (security from API bill shock for the customer / predictable token usage for the provider).
What we're seeing right now is the complete opposite. Ban customers that might even rely on their account. Feels like the accountants have won this round - but did not expect the PR backlash and possible Streisand effect...
Yeah this is a massive fuckup on Google's part and they are taking it out on their customers as per usual.
It's not hard to define a quota system and enforce it. If the quota is too high then reduce the quota. If people are abusing the quota with automated requests then detect that and rate limit those users.
If I'm paying $200+ a month I should be able to saturate Google with requests. It's up to Google to enforce their policies via backpressure so that they don't get overloaded.
Then again this is the same company that suspended people's gmail because they sent too many emotes in YouTube chat. Sadge.
> If I'm paying $200+ a month I should be able to saturate Google with requests
Says who? You?
The customer? Who always wants a lower price?
> Google did not plan for rate limiting / throttling of high usage customers
Antigravity has very low daily and weekly quotas unless you pay for their most expensive plan, so it means these people drop $200+ a month to run these bots, insanity
> so it means these people drop $200+ a month to run these bots
It doesn't mean that it's the only thing they're doing, could be they have the plan for other purposes, and also use it for that.
> Good on them that they want to provide a way to bring back customers on board that were burned / surprised by their move.
Are they though? Another comment (https://news.ycombinator.com/item?id=47116205) seems to indicate these people are all indefinitely suspended with no path to unsuspend them:
> [...] I must be transparent and inform you that, in accordance with Google’s policy, this situation falls under a zero tolerance policy, and we are unable to reverse the suspension. [...]
> it also shows that Google did not plan for rate limiting / throttling of high usage customers.
There is a (pretty generous and imo reasonable) request quota that reset every 24h
There is consensus on r/gemini that the window is a matter of hours now, not 24h.
I subscribe to the AI Pro plan. I knew of a published limit of 100 Pro prompts per day, but before this month it seemed they were relaxed about it. I have now started to be rate limited on Pro when nowhere near that quota, due to too many prompts within a short time window (probably due to short prompts and not aggregating my questions). So now I use the Thinking (basically Flash) model and bump up to Pro for certain queries only.
There will always be a minority who spoil it for the majority.
I don't know why you rely on some Reddit consensus when you can just open Gemini CLI and enter /stats to get the confirmation that you get 200 Pro requests per 24h, and the counter starts when you do your first request.
Unless there is something I'm missing
> will get a path for them to come back on
That's not what support has been telling their $250 a month customers.
we are unable to reverse the suspension [1]
I get the need to move fast to stabilise the service but similar to an outage it doesn't take much to put a banner on the support page to let customers know bans are temporary until they can come up with a better way of educating customers. Further more it doesn't much to instruct ban appeal teams to tell customers all bans are under review no matter what the reason is to buy them time to separate Claw bans from legitimate abuse bans that need to be upheld.
The fact that users are paying $250 for a service they can't use for at least the last 11 days kills any sympathy I had that Google needed "quickly shut off access", it's like they just sat on their hands until the social media storm hit flash-point.
After 11 days there still isn't even an official statement, just a panicked tweet from a dev likely also getting hammered on socials, goodness knows how long before accounts are restored and credits issued.
Even the original Google employee in the forum thread just ghosted everyone there after the initial "we're looking into it".
come on, using a monthly paid subscription to obtain auth tokens to use claws bots is quite obviously agains T&C. you need to pay api prices for that. I am sure 100% of those knew they were doing something wrong but proceeded anyway.
Sometimes I wonder where I am when people are so shocked. I genuinely don’t understand who would think this is allowable? Is this simply a younger generation and I am old now? API keys vs the auth tokens smells the same as public vs private APIs, don’t be surprised you get shut off if you are using a private API.
So the timeline is basically
* User uses Google oauth to integrate their open claw
* user gets banned from using Google AI services with no warning
* user still gets charged
If you go backwards, getting charged for services you can't access is rough. I feel sorry for those who are deeply integrated into Google services or getting banned on their main accounts. It's not a great situation.
Also, getting banned without warning is rough as well. I wonder if the situation will be different for business accounts as opposed what seems like personal accounts?
The ban itself seems fair though, google is allowed to restrict usage of their services. Even though it's probably not developer friendly, it's within their rights to do so.
I guess there's some level of post mortem to do on the openclaw side too.
* Why did openclaw allow Google anti gravity logins?
* The plugin is literally called "google-antigravity-auth", why didn't that give the signal to the maintainers?
* Why don't the maintainers, for an integration project, do due diligence checks on the terms of service of everything you're integrating with?
> * Why did openclaw allow Google anti gravity logins?
OpenClaw went from virtually unheard of to a sensation in a couple weeks. There was intense commit activity and the main author bragged about not even reading the code himself. It was all heavily AI driven and moving at an extreme rate. Everyone was competing to get their commits in because they wanted to be a part of it.
The entire project was a fast and furious experiment. Nobody was stopping to think if something was a good idea or not when someone published a plugin for using this endpoint. People just thought “cool!” and installed it.
That's how AI is supposed to be used, no? That's what the providers advertise - it increases development speed, a lot, it replaces devs and so on.
But I guess it's only ok when you work on regular joe facing projects, where the consequences of bugs are on powerless users. If the consequences are on Google, well, that's not acceptable now is it?
> That's how AI is supposed to be used, no? That's what the providers advertise - it increases development speed, a lot, it replaces devs and so on.
Not really. There’s a difference between accelerating development in the hands of an experienced developer versus having somebody just slop code by hoping for the best.
Adopting AI doesn’t equal removing code review. These were two separate choices combined.
The consequences for Google are that the people are misusing the keys and the Google is fixing that. They're not banning anybody using proper API keys
I didn't misuse the keys, my AI agent did. Extremely unfair to punish humans for the actions of bots.
A human is not punished, the access of the robot to the API is restricted. The human has not suffered any damage.
> using AI for vibes is a fast track to bugs and security incidents
Yes, that's what he said.
> Also, getting banned without warning is rough as well.
Agreed. The lesson is: do not become dependent on Google. Ever.
(Unfortunately I still use youtube and a chromium-based browser. Long-term I hope to find alternatives to both problems. Google search I no longer need because Google already ruined it a few years ago; the quality now is just horrible. I can not find anything useful with it anymore.)
Literally just use Firefox.
Firefox is financed by Google and makes them survive (but yes, clearly the only realistic alternative that is not Chromium-based)
They pay to be made the default search engine, true. I'm not aware of there being anything beyond that
What google search alternative have you found? Im trying out ecosia, duckduckgo and brave search, but i find their search results even worse, so in the second query i tend to bang to google..
DDG is good enough that I've switched many year ago and never went back. Any time I use Google (!g) to repeat query (recently it's maybe a few times per year) it fails to show anything useful too, so I don't see any benefit to even check it lately.
Google Search is over. There may not be a free alternative, it they've lost the arms war between phone number incrementing ad pages, AI spew, and rank hackers.
Maybe have to pay for search? I am experimenting with paying Proton another $10/month for a paid lumo+ account. lumo+ is a private chat like ChatGPT that uses a strong Mistral model and also privacy-preserving web_search LLM tooling under the hood. For about a month I just use lumo+ with the web_search tool enabled. I may not do this forever, but for now I like just having one tool to use. Note: I still use gemini for technical work, but lumo+ for day to day chat and web search.
In the past I just use DuckDuckGo for most search, occasionally Google. That also worked well for me.
Have you tried Kagi yet? It's pretty popular among HN folks, and I find it easily worth the price.
Kagi indirectly funds the Kremlin's regime, just to know where your money goes if we're talking about not supporting google.
You make it sound like a significant amount is going to Kreml but I assume the API cost for using Yandex from Kagi is neglectable and only a fraction of that goes to the Russian government. Isn't this more of a symbolic thing to request not cooperating with Russian companies?
For some people it doesn’t matter how negligible. And it’s better to know and make up their own mind.
Damn, how so?
A small percentage goes to Yandex because they use Yandex as an index: https://kagifeedback.org/d/5445-reconsider-yandex-integratio...
I've been using ddg for years now, and it's heen probably 2 years since I needed to use the "!g" escape hatch.
Very very happy with it.
Agree. Historically you would just not get any good results for a search and try Google, but these days it's more likely there just aren't any good results for your search period, regardless of engine. Funny enough that's when I've had better results asking chatgpt or similar because I'm typically after some sort of consensus or summary in those situations.
I use ddg and haven't found better results from searching with google in a long time, but that might just be the kind of things I search for.
It doesn't seem fair at all; though I'm glad to see it's not as bad as I feared (yet?).
> Hoping for some transparency, I left a single, polite comment asking for clarification on why the update was removed. Surprisingly, my forum account was banned shortly after posting that question.
Have you seen the code of OpenClaw? It would not surprise me if there is a mistake in there somewhere that causes the bot to hammer google auth for the refresh token in a very identifiable manner because noone in that repo is bothering to look at the code before merging. Moved fast, broke things.
I don't understand step 1. OAuth client applications have to be registered in GCP, right? They have to request specific scopes for specific APIs, and there is a review process before they can be used by the public. Did none of that happen for the Open Claw client? How is it the users' fault for clicking a "Sign in with Google" button? And if there was a mistake, why not ban the whole client?
I could see a problem with logging into Antigravity then exfiltrating the tokens to use somewhere else... But that doesn't sound like what happened. (And then how would they know?)
I haven't used Open Claw, so what else am missing to make this make sense?
To my understanding, OpenClaw pretends to be Antigravity by using the Antigravity OAuth client ID (and doesn't have its own), and then the takes the token Google returns to instead use with OpenClaw.
When I first tried OpenClaw and chose Google Sign-In, I noticed the window appeared saying "Sign into Google Antigravity" with a Google official mark, and a warning it shouldn't be used to sign into anything besides official Google apps. I closed it immediately and uninstalled OpenClaw as this was suspicious to me, and it was a relatively new project then.
It amazes me that the maintainer(s) allowed something like this...
Ah, ok. I guess there is no way for Google to prevent this since desktop apps are public clients that use PKCE.
I imagine Open Claw must also have registered the Antigravity custom URL scheme in order to receive the redirect.
Remaining question is how Google determines that traffic is not actually coming from Antigravity.
> Remaining question is how Google determines that traffic is not actually coming from Antigravity.
Spiralling here: high volumes, and tool calls that are not typical for an agentic IDE.
If this is like the flow it uses for a codex / ChatGPT subscription it doesn’t even register a handler - the redirect opens as a 404 in your browser and there are instructions in copying the token from the query string!
> OAuth client ID (and doesn't have its own), and then the takes the token Google returns to instead use with OpenClaw.
Still surprised.
Client ID ok.
But openclaw needs the secret also?
Does it also mean Antigravity did not restrict to specific applications?
Antigravity runs on your machine, the secret is there for the taking.
This is true of all OAuth client logins in this way, it's why the secret doesn't mean the same thing as it does with server to server login, you can never fully trust the client.
OAuth impersonation is nothing new, it's a well known attack vector that can't really be worked around (without changing the UX), the solution is instead terms of service, policies, and enforcement.
>>it amazes me that the maintainer(s) allowed something like this...
Really? In today's landscape this is the part that surprises you? I'm seeing these types of decisions repeatedly and typically my only question is do they not know any better, or intentionally not care?
1. Did a human really knowingly decide to allow that?
2. Did a human create the plugin?
3. Are the maintainers human?
By human I mean an animal that is intelligent enough to understand the agreements and what code they are writing.
Most people aren't human then, sad.
I think Dune is easily a top ten franchise among computer people, so that sort of thing is nothing new.
I think as a society we miss some kind of 'laws', or 'rules' around accounts and banning.
I feel that sometimes corporations have all 3 montesquieu powers. Google can define eulas, decide if you should be punished, and apply a ban.
Can a shop decide who to serve? I may be wrong, but big tech should not be able to 'just close' accounts, or demonetize accounts on their whim.
This is draconian.
> Our investigation specifically confirmed that the use of your credentials within the third-party tool “open claw” for testing purposes constitutes a violation of the Google Terms of Service [1]. This is due to the use of Antigravity servers to power a non-Antigravity product. I must be transparent and inform you that, in accordance with Google’s policy, this situation falls under a zero tolerance policy, and we are unable to reverse the suspension. I am truly sorry to share this difficult news with you.
Isn't the reason companies are doing this because they're offering tokens at a discount, provided they're spent through their tooling?
Considering the tremendous amount of tokens OpenClaw can burn for something that has nothing to do with sofware development, I think it's reasonable for Google to not allow using tokens reserved for Antigravity. I don't think there's such a restriction if you pay for the API out of pocket.
> Isn't the reason companies are doing this because they're offering tokens at a discount, provided they're spent through their tooling?
Then maybe they should charge for that instead of banning accounts?
Google decided on their own business plan without any guns to their backs. If they decide to create a plan that is subsidized that's entirely on them.
So the issue is the same as Anthropic. They do charge for it though their API. The users, however, want to use the discounted "unlimited" flat rate through the first-party app instead, then get mad when they are told they have to use the same API every other third-party app does.
No, the problem is that the discounted rate exists in the first place. Essentially these are unfair business practices, product cross subsidization to ensure market dominance. See also: Microsoft and a whole bunch of other companies.
And once they've got their monopoly position there is inevitably the rug-pull. I wonder if some CPO somewhere actually had the guts to put a 'rug pull' item on the product roadmap.
It's not unfair its how every business works. When your product is new or not yet good enough and you want people to try it you give them discounts, or if you want to drive traffic to your service you also do the same.
Even traditional businesses do this with coupons. Is it unfair that Costco sells chickens for under cost because it drives usage to them?
Companies like Uber did use massive funding and price subsidization to try and kill competition and then take a monopoly, but it is hard to assert that this is what google is doing now. And given that other competitors in the space, Anthropic are doing the exact same thing again its not as though they are alone.
Also they could be subsidizing it because they want that usage type as it helps them train models better.
Chatgpt and gpt4 were all ran at a loss and subsidized people just didn't know that. Almost all of the llm companies have been selling 1 dollar of llm compute for 50 cents as they valued the usage, training data, and users more than making profit now.
This next generation of MOE and other newly trained models. Like opus 4.6, Cursor Composer 1.5, gpt 5.3 codex, and many of the others have been the first models where these companies are actually profitably serving the tokens at the api cost.
This year has been the switch where ai companies are actually thinking of becoming profitable instead of just focusing on research and development.
I'd agree with you if this was some new SaaS just opening its doors.
But Google are banning entire accounts, with years, even decades, of personal history, photos, even phone accounts and app development projects.
They very easily could just negate the anti-gravity access, which would be much, much more reasonable.
>But Google are banning entire accounts, with years, even decades, of personal history, photos, even phone accounts and app development projects.
Source? It seems to me only the anti-gravity access was blocked. The link says
> Our product engineering team has confirmed that your account was suspended from using our Antigravity service.
> there’s no way we can restore our accounts to use Antigravity anymore yeah?
Disclosure: I work at Google, but not on anything related to this.
Hmm, you might be right. I'm reading the forum thread linked in the OP.
> ”Thank you for your continued patience as we have thoroughly investigated your account access issue. Please be assured that we conducted a comprehensive investigation, exploring every possible avenue to restore your access.
> Our product engineering team has confirmed that your account was suspended from using our Antigravity service. This suspension affects your access to the Gemini CLI and any other service that uses the Cloud Code Private API.
> Our investigation specifically confirmed that the use of your credentials within the third-party tool “open claw” for testing purposes constitutes a violation of the Google Terms of Service [1]. This is due to the use of Antigravity servers to power a non-Antigravity product.
> I must be transparent and inform you that, in accordance with Google’s policy, this situation falls under a zero tolerance policy, and we are unable to reverse the suspension. I am truly sorry to share this difficult news with you.”
I totally read that (and the other posts in that forum) as a complete suspension of their whole Google Account (another person mentions their GCP access suspended).
But I could be reading it wrong and it's just their AI account (and any service that uses that... I'm not clear on where those boundaries are?)
Still not going to risk signing up for this, because I cannot risk my Google account getting suspended or banned for something I wasn't aware of in the ToS. No warnings is still drastic, even if it's just part of the account.