Hacker News

Google restricting Google AI Pro/Ultra subscribers for using OpenClaw

2026-02-2223:07802705discuss.ai.google.dev

I’m seeking assistance regarding a sudden restriction on my Google AI Ultra account that has persisted for three days. I received no prior warnings or notifications regarding a potential violation.…

I’m seeking assistance regarding a sudden restriction on my Google AI Ultra account that has persisted for three days. I received no prior warnings or notifications regarding a potential violation.

The only recent change in my workflow was connecting Gemini models via OpenClaw OAuth. If third-party integrations are the issue, I would expect the platform to block the integration rather than restrict a paid account ($249/mo) without communication.

I have already emailed support but haven’t received a response. Additionally, I found that accessing GCC support requires an additional fee, which seems unreasonable given the existing subscription cost. I WOULD LOVE TO GET THIS RESOLVED!!

5 Likes

Hello @Aminreza_Khoshbahar,

Thank you for bringing this to our attention. We have shared the issue to our internal teams for a thorough investigation.

To ensure our engineering team can investigate and resolve these issues effectively, we highly recommend filing bug reports directly through the Antigravity in-app feedback tool. You can do this by navigating to the top-right corner of the interface, clicking the Feedback icon, and selecting Report Issue.

1 Like

Sir, I am logged out of my account and I can’t even get into the app!! This is so frustrating..

image

1 Like

[UPDATE] Day 4, and still total silence from support. I’ve received zero acknowledgement through official channels or the feedback center. I am now in the process of moving all my data and subscriptions off Google. It’s staggering that an organization of this scale can be this unresponsive to a widespread issue.

Truly a SHAMEFUL standard of customer care.

1 Like

I contacted the Google Cloud Support via “GCP Account Suspension Inquiry”. They told me to contact Google One Support, because the error is tied to the personal subscription, not to a “Google Cloud project billing account”. Google One support told me to contact Google Cloud support :joy:

From emails “gemini-code-assist-user-feedback” or “antigravity-support” still no answer.
And it happens after some days after I bought the subscription for an year…

1 Like

any update? please tell us how did u solved it!

1 Like

Nope, still restricted, tried to escalate by Google One, But they can’t help with the problem either…

2 Likes

Same issue and same sentiment and I cancelled and removed billing for all Google products. Absolutely shameful treatment of paying customers. I emailed each of the contact emails for Antigravity and gemini-code-assist without reply. Unfortunately I prepaid for a year so it looks like I’ll have to sue a trillion-dollar company just to get the measly fee?

1 Like

I have tried to contact everyone I could. And you all know how disgusting their supports are. I am totally disappointed with their customer service. After 3 weeks waiting, the result is that they cannot restore my account. I guess it is time to move on to Codex or Claude Code. Below is their reply after “full investigation by the internal team“:
”Thank you for your continued patience as we have thoroughly investigated your account access issue. Please be assured that we conducted a comprehensive investigation, exploring every possible avenue to restore your access.

Our product engineering team has confirmed that your account was suspended from using our Antigravity service. This suspension affects your access to the Gemini CLI and any other service that uses the Cloud Code Private API.

Our investigation specifically confirmed that the use of your credentials within the third-party tool “open claw” for testing purposes constitutes a violation of the Google Terms of Service [1]. This is due to the use of Antigravity servers to power a non-Antigravity product.

I must be transparent and inform you that, in accordance with Google’s policy, this situation falls under a zero tolerance policy, and we are unable to reverse the suspension. I am truly sorry to share this difficult news with you.”

1 Like

Ok so basicaly, there’s no way we can restore our accounts to use Antigravity anymore yeah? this is unexpected, but until we can figure out how to resolve this issue, I’ll just subscribed using different account

I’m in the same situation…

I’m in contact with Google One but their actions are no help at all, for almost a week they haven’t done anything, they only asked for screenshots/recordings of the login attempt.

Why is there silence from Google? What is the user supposed to do? Create a new account and buy a new PRO/ULTRA, or what? Any information at all?!

I’ve got ban and the only difference from vanilla IDE experience was antigravity-cockpit extension. No reply to my appeal email last 12 hours.

I’m subscribing the AI Pro and just integrated Gemini to OpenCode yesterday. After a just day use, my account is suspended without any warnings. Simply the API returns 403 error to my OpenCode and Gemini CLI like this:

Failed to login. Message: This service has been disabled in this account for violation of Terms of Service. If you believe this is an error, contact gemini-code-assist-user-feedback@google.com.

I emailed to the contact this morning but didn’t get any response yet.

If this is indeed the case, I find it utterly absurd. It seems Google’s response is woefully inadequate; I should explore Claude or other alternatives.

Quick update for everyone stuck in this 403 loop: I just spent the last 8 days fighting through Tier 1 support. Google One support finally admitted on record it’s a ‘known WAF bug’, but then literally routed me to Android App Developer support because they have no backend access to fix it.

The entire support flowchart is completely broken, and they are still billing us $250/mo for bricked accounts. I just documented the entire Kafkaesque support loop over on the google_antigravity subreddit. If you are stuck in this same Catch-22, go search for that post over there and share your Trajectory IDs in the comments so we can get some actual engineering eyes on this mass ban wave.

Hi @K8L, just wanted to share some context regarding this situation as I see you are waiting for a response.

Yesterday, Abhijit actually posted a brief statement acknowledging these 403 ToS issues, noting that the internal team was ‘prioritizing a resolution.’ However, the message was deleted just a few minutes later.

Hoping for some transparency, I left a single, polite comment asking for clarification on why the update was removed. Surprisingly, my forum account was banned shortly after posting that question.

Currently, there seems to be no official communication regarding these 403 errors, although we can see active replies being made to other unrelated threads on the forum.

This situation is quite concerning for us as developers. The automated system is still triggering these mass bans daily during fixed time windows, without any warning and seemingly without a review of the current process.

Fingers crossed this message doesn’t get taken down and my account survives long enough for you guys to read it, haha.

2 Likes

its even worse. i try to make a new google account, which is insane, since i need my old one on my phone. the new one is also restricted for google antigravity. the gemini phone app get the subscription upgrade though. i will never give them money again if this is not resolved soon. no google ultra, no youtube subscription nothing. i rather download other software for add free youtube and give my money to anthropic and everyone else. this is crazy. no warnings, no nothing, just a ban after beeing a customer for decades. i also wanted to buy google pixel because it can run other OS. nope never again. thats how they treat people who try new technology and play arround. fckn put a rate limit or ban openclaw if you detect it instead of perma banning your own customers. fckn crazy.

2 Likes

They want you to pay for tokens, but then don’t want to let you use them. I used to use their AI Studio for testing before deployment, and Google pulled the rug out on us on that one, too. No warning, just gone. I’m fed up with Google. They treat everyone who isn’t an enterprise empire as complete garbage. And frankly, their models are mediocre in comparison to the competition these days.

Page 2

Facing this issue too, I wrote an email to gemini-code-assist-user-feedback@google.com “eight days ago”, and still got no response today. So disappointed

1 Like


Read the original article

srigi

Karma: 407
...
 @Hacker__News
@hacker._news

Comments

  • By saalweachter 2026-02-2314:506 reply

    So purely from a hacker perspective, I'm amused at the whining.

    Like, a corporation had a weakness you could exploit to get free/cheap thing. Fair game.

    Then someone shares the exploit with a bunch of script kiddies, they exploit it to the Nth degree, and the company immediately notices and shuts everyone down.

    Like, my dudes, what did you think was going to happen?

    You treasure these little tricks, use them cautiously, and only share them sparingly. They can last for years if you carefully fly under the radar, before they're fixed by accident when another system is changed. THEN you share tales of your exploits for fame and internet points.

    And instead, you integrate your exploit into hip new thing, share it at scale, write blog posts and short form video content about it, basically launch a DDoS against the service you're exploiting, and then are shocked when the exploit gets patched and whine about your free thing getting taken away?

    Like, what did you expect was going to happen?

    • By miroljub 2026-02-2315:015 reply

      > So purely from a hacker perspective, I'm amused at the whining.

      > Like, a corporation had a weakness you could exploit to get free/cheap thing. Fair game.

      From a pure hacker perspective, I'm surprised there are people calling a legitimate usage a "weakness you could exploit"?

      What weakness? What exploit? People have been using it in a way that was technically possible. And they paid for it, many purchased the product specifically because of it.

      Then Google unilaterally changed the TOS of a product people already purchased and started pulling the rug. And again, there are people who call themselves hackers who approve of that? Even worse, they call people calling out Google for their monopolistic behavior whining.

      • By novaleaf 2026-02-2315:291 reply

        Arn't they yoinking an OAuth token for replay in the Claw app?

        If so, I don't think anybody who knows how auth works could feign complete innocence.

        • By gck1 2026-02-2410:441 reply

          People got banned for calling `gemini -p` (non-interactive mode) from wrappers like pi or opencode, too.

          I understand how grabbing an oauth token via reverse engineering could be a ToS violation. But there's no other purpose for the `-p` flag other than to use it with a wrapper. Unless people enjoy having interactive conversations via non-interactive mode for some reason.

          Even their documentation clearly states this flag exists for "building custom AI tools" [1]. How is OpenCode, OpenClaw etc not a "custom AI tool", where exactly is the line drawn?

          This is just a rug pull.

          [1] https://github.com/google-gemini/gemini-cli/blob/c7237f0c795...

          • By saalweachter 2026-02-2414:05

            Two kinds of oauth tokens at play here.

            Tokens like those generated by the gemini CLI, accounted to the user and metered so you're charged every million or so tokens.

            Tokens like those internal to the Antigravity app, accounted to the product (which is why this was noticed -- the resources allotted to the app were being exhausted) and not metered per token (which is why everyone was trying to use them for everything).

            As the other commenter said, the first person to do this definitely knew what they were doing. All the script kiddies who piled on after, probably not, but that's also part of why "script kiddy" is a derogatory term. Not only do they usually not understand the scripts they run, they also typically do not understand the risks associated with them.

      • By rolymath 2026-02-2315:37

        Google changed the ToS to disallow this usage? I'm pretty sure it was disallowed from the beginning

      • By saalweachter 2026-02-2315:481 reply

        I mean, the "exploit" is really "we have an access key with overly-broad permissions and poor monitoring", but that's ... also kind of like 70% of old hacker stories?

        "The gate code is 1234" "If you punch in this code it tricks the phone network into thinking you're an operator" "The credentials 'guest'/'guest' work on this network".

        You probably could have had five, ten people using the Antigravity API key for whatever and even if someone noticed it probably wouldn't have been worth the time to fix.

        But it's like you learn the gate code for the employee parking lot and instead of just quietly enjoying free parking you start punching in the code and waving more and more cars into the lot until it's jammed full, and then complain when the code's changed and they post a guard outside checking IDs.

        • By tapvt 2026-02-2322:24

          This is where my mind went.

          A curious person or two poking around is one thing.

          A few hundred, or thousands, of "AI enthusiasts," or however you'd like to imagine OpenClaw users, could likely approach the scale of "a problem."

      • By ValentineC 2026-02-2317:14

        > What weakness? What exploit? People have been using it in a way that was technically possible. And they paid for it, many purchased the product specifically because of it.

        It's technically possible, but Google didn't provide a feature allowing the creation of Antigravity or Gemini CLI API keys for use outside the respective apps.

      • By bigyabai 2026-02-2317:331 reply

        > they call people calling out Google for their monopolistic behavior whining.

        Google's monopoly is not in AI, it's advertisement. When you accuse them of ridiculous and unfounded crimes, you're diluting the chance of Google being held accountable. As someone that wants to see Google ripped apart by the FTC, we can't just lie and say everything Google does is criminal.

        • By 8note 2026-02-2320:201 reply

          the monopoly here is on web indexing, isnt it?

          • By otterley 2026-02-2321:182 reply

            Nope. Bing, DuckDuckGo, Yandex, and Kagi all have more-or-less complete indices. There's no moat around scraping the public Web.

            • By neodymiumphish 2026-02-2322:392 reply

              I’m a Kagi user, but I understood this recent post by the Kagi team to mean that they do not index the web themselves and that it’s nearly impossible for them to do so.

              https://blog.kagi.com/waiting-dawn-search

              • By millzlane 2026-02-2723:54

                To me it seems like it's impossible because they can't reorder bing search results or mixed them with other results. Or by their own admission because Google doesn't have a search API anymore. Unless I'm misreading. It's basically "Bing or Google wont allow us to use their products how we want to." And "It will take us over 20 years and lots of money to gain market share."

                I'm paraphrasing here of course. But it doesn't seem impossible. I mean I don't think it's easy either. I also want to add that I don't want to live in a world with only one search engine.

              • By otterley 2026-02-244:40

                My mistake. Looks like they license it from others.

            • By xnx 2026-02-2321:32

              Ddg has a miniscule index, and that exists mainly just to say they have one.

    • By RobotToaster 2026-02-2315:511 reply

      > you could exploit to get free/cheap thing

      $249/mo isn't cheap

      • By panarky 2026-02-2319:20

        If you pay $249 to get $1,200 of compute, "cheap" seems like the right word.

    • By mschuster91 2026-02-2315:442 reply

      > You treasure these little tricks, use them cautiously, and only share them sparingly. They can last for years if you carefully fly under the radar, before they're fixed by accident when another system is changed. THEN you share tales of your exploits for fame and internet points.

      It's the same with vulnerabilities in slot machines. Damn rare but they exist - in 2014, when I worked in that industry, one gang made a big bang: in a single night, casinos across Germany had to say goodbye to probably 10 million € [1]. Of course, that vulnerability made massive waves... but from what I heard back then, it had been circulating for many months beforehand. Of course, 10 million € is nothing to sneeze at, but keeping a low profile could have made everyone in the know far more profit.

      [1] https://www.t-online.de/digital/aktuelles/id_68982394/softwa...

      • By plorg 2026-02-2321:00

        Back in maybe 2017 there was a YC startup called Audm that hired professional audiobook narrators to read magazine articles. I found them through their embeds in The New Yorker. The app was pretty mediocre and I wanted to use it in my podcast app, so I started writing a scraper. Very quickly I realized that the page embeds were making calls directly to their production database with no authentication whatsoever. So I pivoted to dumping the entire archive, hosting it on my LAN, and serving it as RSS over my VPN. It was cool, and I found that articles from some publications would post as much as 2 weeks before publication. Eventually they were bought by the NYTimes, and in 2020 they either set up permissions or moved the infrastructure. I gave up on the project, and I understand that most of the content is no longer available. I unfortunately lost my archive with a lot of data when my storage array died a couple of years later. I think the product space got commoditized very quickly by AI readers (none of which, to my ear, are as engaging as the human professionals). I think maybe 4 other people knew about my project when it existed.

      • By tda 2026-02-2316:543 reply

        I fondly remember finding and exploiting a buggy slot machine on the night the Euro got introduced. A classmate (I never played slot machines) made some money but didn't understand what was going on. I observed and it became apparent (in my slightly intoxicated state) the machine would pay out 2 Euro coins where is should pay out 20 cents. And when playing a 1 Euro game, you would often "win" 80 cents. Pay-out immediately and you got 8 Euro. Of course after a few rounds, the 2 Euro coins ran out and it would do some RNG to pay out 1 Euro with 80% chance. Don't know if I tried feeding it back the 2 Euro coins, I recall just made enough to have a free new years eve

        • By saturnite 2026-02-2317:41

          That reminds me of a vending machine ran into as a little kid. It was in a private place and it had an out of order sign posted. Being hungry and young, I plugged it back in so I could take my chances. Every time I put in a quarter, three or four would fall into the coin return. When it was time to leave, all of the pockets on my cargo shorts were bulging so much that I had to hold my shorts up.

        • By mschuster91 2026-02-2317:12

          that was possibly just some attendant accidentally messing up which hopper they refilled (or with which coins), or someone screwed up the assignment on the control board which hopper was connected to which bus identifier.

          Reminds me I gotta eventually write up what I found reverse-engineering the one armed bandit in my basement LOL

        • By ValentineC 2026-02-2317:171 reply

          How did something like this not pass a Monte Carlo simulation, which I'd assume they'd conduct in an audit?

          • By mschuster91 2026-02-2322:16

            Someone misconfigured or misfilled the coin hoppers most likely.

    • By JKCalhoun 2026-02-2315:14

      Kind of a built-in feature of a Cool Thing is that it will get found/shared/widespread.

      (See Napster.)

    • By lucky-rathore 2026-02-2614:03

      wise. couldn't agree more. I

    • By newalexandria 2026-02-2314:59

      literally this is why we can't have nice things.

  • By tabs_or_spaces 2026-02-233:429 reply

    So the timeline is basically

    * User uses Google oauth to integrate their open claw

    * user gets banned from using Google AI services with no warning

    * user still gets charged

    If you go backwards, getting charged for services you can't access is rough. I feel sorry for those who are deeply integrated into Google services or getting banned on their main accounts. It's not a great situation.

    Also, getting banned without warning is rough as well. I wonder if the situation will be different for business accounts as opposed what seems like personal accounts?

    The ban itself seems fair though, google is allowed to restrict usage of their services. Even though it's probably not developer friendly, it's within their rights to do so.

    I guess there's some level of post mortem to do on the openclaw side too.

    * Why did openclaw allow Google anti gravity logins?

    * The plugin is literally called "google-antigravity-auth", why didn't that give the signal to the maintainers?

    * Why don't the maintainers, for an integration project, do due diligence checks on the terms of service of everything you're integrating with?

    • By Aurornis 2026-02-235:391 reply

      > * Why did openclaw allow Google anti gravity logins?

      OpenClaw went from virtually unheard of to a sensation in a couple weeks. There was intense commit activity and the main author bragged about not even reading the code himself. It was all heavily AI driven and moving at an extreme rate. Everyone was competing to get their commits in because they wanted to be a part of it.

      The entire project was a fast and furious experiment. Nobody was stopping to think if something was a good idea or not when someone published a plugin for using this endpoint. People just thought “cool!” and installed it.

      • By lucianbr 2026-02-236:232 reply

        That's how AI is supposed to be used, no? That's what the providers advertise - it increases development speed, a lot, it replaces devs and so on.

        But I guess it's only ok when you work on regular joe facing projects, where the consequences of bugs are on powerless users. If the consequences are on Google, well, that's not acceptable now is it?

        • By ddalex 2026-02-237:162 reply

          The consequences for Google are that the people are misusing the keys and the Google is fixing that. They're not banning anybody using proper API keys

          • By otabdeveloper4 2026-02-238:01

            > using AI for vibes is a fast track to bugs and security incidents

            Yes, that's what he said.

          • By ForHackernews 2026-02-2313:442 reply

            [flagged]

            • By ddalex 2026-02-2314:421 reply

              A human is not punished, the access of the robot to the API is restricted. The human has not suffered any damage.

              • By ForHackernews 2026-02-2316:491 reply

                The human paid money for access that has now been revoked.

                • By ddalex 2026-02-2410:17

                  The human also started the bot.

            • By pja 2026-02-2315:302 reply

              You’re responsible for the things your AI agent does.

              • By ForHackernews 2026-02-2316:49

                I'll be very surprised if our corporate masters allow that to be true, legally https://incidentdatabase.ai/cite/622/

              • By lucianbr 2026-02-2315:48

                If Google and OpenAI and the rest would say this as loud as they praise their models, I would never write comments like that. But this is the fine print, buried somewhere. And so we need to bring it up, because, lo and behold, it matters.

        • By Aurornis 2026-02-2314:481 reply

          > That's how AI is supposed to be used, no? That's what the providers advertise - it increases development speed, a lot, it replaces devs and so on.

          Not really. There’s a difference between accelerating development in the hands of an experienced developer versus having somebody just slop code by hoping for the best.

          Adopting AI doesn’t equal removing code review. These were two separate choices combined.

          • By lucianbr 2026-02-2315:41

            > https://blog.samaltman.com/the-gentle-singularity

            Search for "review": 0 matches.

            Of course the fine print says to review, just like the ultimate control of the "full self driving" rests with the human driver. But why is the fine print fine, and not large as the large print? Maybe because you're not supposed to pay attention to it? Could this be?

    • By shevy-java 2026-02-236:452 reply

      > Also, getting banned without warning is rough as well.

      Agreed. The lesson is: do not become dependent on Google. Ever.

      (Unfortunately I still use youtube and a chromium-based browser. Long-term I hope to find alternatives to both problems. Google search I no longer need because Google already ruined it a few years ago; the quality now is just horrible. I can not find anything useful with it anymore.)

      • By Chaosvex 2026-02-239:572 reply

        Literally just use Firefox.

        • By rvnx 2026-02-2310:502 reply

          Firefox is financed by Google and makes them survive (but yes, clearly the only realistic alternative that is not Chromium-based)

          • By inigyou 2026-02-2311:08

            Use Librewolf.

            Firefox would be able to survive without Google, even though it currently chooses not to. Mozilla is not Firefox any more than Linux Foundation is Linux.

          • By Chaosvex 2026-02-2314:572 reply

            They pay to be made the default search engine, true. I'm not aware of there being anything beyond that

            • By sillyfluke 2026-02-2315:55

              The claim that is often repeated in discussions is that Firefox is completely dependent on that money and can't survive without it.

        • By twohaibei 2026-02-256:57

          Zen browser. Or floorp.

      • By vincston 2026-02-237:029 reply

        What google search alternative have you found? Im trying out ecosia, duckduckgo and brave search, but i find their search results even worse, so in the second query i tend to bang to google..

        • By bobmcnamara 2026-02-239:49

          Google Search is over. There may not be a free alternative, it they've lost the arms war between phone number incrementing ad pages, AI spew, and rank hackers.

        • By distances 2026-02-237:081 reply

          Have you tried Kagi yet? It's pretty popular among HN folks, and I find it easily worth the price.

          • By bilekas 2026-02-238:264 reply

            Kagi indirectly funds the Kremlin's regime, just to know where your money goes if we're talking about not supporting google.

            • By BlobberSnobber 2026-02-238:45

              Even worse: it funds the White House’s regime more, by a large margin

            • By master-lincoln 2026-02-2311:191 reply

              You make it sound like a significant amount is going to Kreml but I assume the API cost for using Yandex from Kagi is neglectable and only a fraction of that goes to the Russian government. Isn't this more of a symbolic thing to request not cooperating with Russian companies?

              • By bilekas 2026-02-2311:451 reply

                For some people it doesn’t matter how negligible. And it’s better to know and make up their own mind.

                • By mrWiz 2026-02-2315:57

                  I think that "it's better to know" only really holds up if the scope / context is also included. To put it in concrete terms, I'd amend your statement like this:

                  Kagi indirectly funds the Kremlin's regime by paying for Yandex API access.

            • By simonklitj 2026-02-238:351 reply

              Damn, how so?

            • By sapphicsnail 2026-02-238:34

              How so?

        • By coryrc 2026-02-238:28

          I use ddg and haven't found better results from searching with google in a long time, but that might just be the kind of things I search for.

        • By beAbU 2026-02-239:061 reply

          I've been using ddg for years now, and it's heen probably 2 years since I needed to use the "!g" escape hatch.

          Very very happy with it.

          • By andrew_lettuce 2026-02-2311:00

            Agree. Historically you would just not get any good results for a search and try Google, but these days it's more likely there just aren't any good results for your search period, regardless of engine. Funny enough that's when I've had better results asking chatgpt or similar because I'm typically after some sort of consensus or summary in those situations.

        • By Yizahi 2026-02-2314:261 reply

          DDG is good enough that I've switched many year ago and never went back. Any time I use Google (!g) to repeat query (recently it's maybe a few times per year) it fails to show anything useful too, so I don't see any benefit to even check it lately.

          • By rurp 2026-02-2315:50

            Similar experience for me. I've been using DDG for years and while the quality has gone downhill somewhat I still rarely use !g because Google almost never has a useful result either if DDG strikes out.

        • By mark_l_watson 2026-02-2312:07

          Maybe have to pay for search? I am experimenting with paying Proton another $10/month for a paid lumo+ account. lumo+ is a private chat like ChatGPT that uses a strong Mistral model and also privacy-preserving web_search LLM tooling under the hood. For about a month I just use lumo+ with the web_search tool enabled. I may not do this forever, but for now I like just having one tool to use. Note: I still use gemini for technical work, but lumo+ for day to day chat and web search.

          In the past I just use DuckDuckGo for most search, occasionally Google. That also worked well for me.

        • By MrDresden 2026-02-237:07

          Kagi

        • By cess11 2026-02-2312:06

          Might want to try https://www.mojeek.com/ .

        • By fancy_pantser 2026-02-237:05

          have you tried Kagi?

    • By axus 2026-02-234:12

      It doesn't seem fair at all; though I'm glad to see it's not as bad as I feared (yet?).

      > Hoping for some transparency, I left a single, polite comment asking for clarification on why the update was removed. Surprisingly, my forum account was banned shortly after posting that question.

    • By bootsmann 2026-02-238:13

      Have you seen the code of OpenClaw? It would not surprise me if there is a mistake in there somewhere that causes the bot to hammer google auth for the refresh token in a very identifiable manner because noone in that repo is bothering to look at the code before merging. Moved fast, broke things.

    • By anon84873628 2026-02-234:071 reply

      I don't understand step 1. OAuth client applications have to be registered in GCP, right? They have to request specific scopes for specific APIs, and there is a review process before they can be used by the public. Did none of that happen for the Open Claw client? How is it the users' fault for clicking a "Sign in with Google" button? And if there was a mistake, why not ban the whole client?

      I could see a problem with logging into Antigravity then exfiltrating the tokens to use somewhere else... But that doesn't sound like what happened. (And then how would they know?)

      I haven't used Open Claw, so what else am missing to make this make sense?

      • By integralpilot 2026-02-234:213 reply

        To my understanding, OpenClaw pretends to be Antigravity by using the Antigravity OAuth client ID (and doesn't have its own), and then the takes the token Google returns to instead use with OpenClaw.

        When I first tried OpenClaw and chose Google Sign-In, I noticed the window appeared saying "Sign into Google Antigravity" with a Google official mark, and a warning it shouldn't be used to sign into anything besides official Google apps. I closed it immediately and uninstalled OpenClaw as this was suspicious to me, and it was a relatively new project then.

        It amazes me that the maintainer(s) allowed something like this...

        • By anon84873628 2026-02-234:442 reply

          Ah, ok. I guess there is no way for Google to prevent this since desktop apps are public clients that use PKCE.

          I imagine Open Claw must also have registered the Antigravity custom URL scheme in order to receive the redirect.

          Remaining question is how Google determines that traffic is not actually coming from Antigravity.

          • By overfeed 2026-02-235:23

            > Remaining question is how Google determines that traffic is not actually coming from Antigravity.

            Spiralling here: high volumes, and tool calls that are not typical for an agentic IDE.

          • By nfg 2026-02-237:47

            If this is like the flow it uses for a codex / ChatGPT subscription it doesn’t even register a handler - the redirect opens as a 404 in your browser and there are instructions in copying the token from the query string!

        • By coffe2mug 2026-02-236:051 reply

          > OAuth client ID (and doesn't have its own), and then the takes the token Google returns to instead use with OpenClaw.

          Still surprised.

          Client ID ok.

          But openclaw needs the secret also?

          Does it also mean Antigravity did not restrict to specific applications?

          • By danpalmer 2026-02-236:12

            Antigravity runs on your machine, the secret is there for the taking.

            This is true of all OAuth client logins in this way, it's why the secret doesn't mean the same thing as it does with server to server login, you can never fully trust the client.

            OAuth impersonation is nothing new, it's a well known attack vector that can't really be worked around (without changing the UX), the solution is instead terms of service, policies, and enforcement.

        • By andrew_lettuce 2026-02-2311:05

          >>it amazes me that the maintainer(s) allowed something like this...

          Really? In today's landscape this is the part that surprises you? I'm seeing these types of decisions repeatedly and typically my only question is do they not know any better, or intentionally not care?

    • By fmbb 2026-02-236:571 reply

      1. Did a human really knowingly decide to allow that?

      2. Did a human create the plugin?

      3. Are the maintainers human?

      By human I mean an animal that is intelligent enough to understand the agreements and what code they are writing.

      • By animuchan 2026-02-237:301 reply

        Most people aren't human then, sad.

        • By saalweachter 2026-02-2312:38

          I think Dune is easily a top ten franchise among computer people, so that sort of thing is nothing new.

    • By renegat0x0 2026-02-237:42

      I think as a society we miss some kind of 'laws', or 'rules' around accounts and banning.

      I feel that sometimes corporations have all 3 montesquieu powers. Google can define eulas, decide if you should be punished, and apply a ban.

      Can a shop decide who to serve? I may be wrong, but big tech should not be able to 'just close' accounts, or demonetize accounts on their whim.

    • By RobotToaster 2026-02-2316:04

      > Why did openclaw allow Google anti gravity logins?

      There's a good chance the plugin was written by gemini, why did it allow that?

    • By inigyou 2026-02-2311:07

      [dead]

  • By xnx 2026-02-238:177 reply

    Additional information from Google employee https://x.com/_mohansolo/status/2025766889205739899 :

    "We’ve been seeing a massive increase in malicious usage of the Anitgravity backend that has tremendously degraded the quality of service for our users. We needed to find a path to quickly shut off access to these users that are not using the product as intended. We understand that a subset of these users were not aware that this was against our ToS and will get a path for them to come back on but we have limited capacity and want to be fair to our actual users."

    • By KronisLV 2026-02-239:254 reply

      > We understand that a subset of these users were not aware that this was against our ToS and will get a path for them to come back on but we have limited capacity and want to be fair to our actual users.

      It feels like a good default for this would be something similar to video game bans: where you get a "vacation" from the service with a clear reason for why that is, but can return to using it later. Given how much people depend on cloud services, permanent bans for what could be honest mistakes or not knowing stuff would be insane.

      • By ljm 2026-02-2310:404 reply

        Getting your Google Workspace account nuked because an employee hooked their company Gemini account to OpenClaw would certainly be a novel business risk.

        • By StopDisinfo910 2026-02-2314:10

          Google services are banned at the very large company I work at and that's not because they are technically poor.

          It's just that the last time we had to deal with their customer support, they were so bad someone at the exec level said they were banned from now on. It's to the point we have to explicitely schedule high level meetings and carve out exceptions when they happen to buy products we use.

          We work with nearly everyone in the cloud space except Google. That should tell you everything you need to know.

        • By AnthonyMouse 2026-02-2315:212 reply

          Isn't that pretty much par for the course for these megacorps? Account gets banned as a disproportionate response to something minor, or in many cases for no explicable reason at all, and anyone without enough of a platform to do "bad PR escalation" via social media or traditional media gets to learn the hard way that their "customer service" is just a brick wall that can't or won't do anything about it.

          Adopting a massive dependency on a single company is generally a mistake.

          • By ljm 2026-02-2317:57

            You're not wrong but Google in particular paved the way for not doing support, or doing as little support as possible, and oftentimes things only get actioned if you generate enough clout on social media to attract a Google engineer's attention.

            It's hard to avoid the massive dependencies, especially if you're starting small and moving fast, because something like Google Workspace or MS 360 or Slack is cost-competitive compared to spinning up your own internal stack of tooling. At least until it isn't, but hopefully your startup has grown enough by then that it can afford to address these concerns.

          • By pixl97 2026-02-2315:37

            Heh, how long before the few remaining companies left share their ban lists like casinos and you pretty much get blacklisted from the internet

        • By ValentineC 2026-02-2314:07

          As far as I can tell, most of the offenders just had their access to Antigravity and Gemini CLI suspended, not the rest of the Google ecosystem.

          There are probably some boundaries set by Google's legal team, especially for Workspace.

        • By owebmaster 2026-02-2311:571 reply

          what you described is that using google is a novel business risk

          • By WiSaGaN 2026-02-2312:411 reply

            Google has gigantic power over its users. Consider that for some reason, Google banned your gmail account, which you are using for large number of logins for different essential services.

            • By reactordev 2026-02-2313:11

              All it takes is Google to ban you from one service and you’re locked out of things like, oh I don’t know, GCP…

      • By qingcharles 2026-02-2318:38

        I wish all the social media services would implement some sort of "vacation" bans instead of outright perma-banning you, when more oft-than-not the ban is a mistake caused by AI. I'd be less mad about some arbitrary nonsense ban if it was only a week.

      • By DaedalusII 2026-02-2310:26

        yes. i am not using google ai services because i am afraid i might accidentally get permanently banned

      • By leetrout 2026-02-239:541 reply

        I posted an "Ask HN" around this a while back. I think we will see a lot more of it and we will be hurting legitimate users. I like your temp ban idea but I doubt they would give reasons why.

        https://news.ycombinator.com/item?id=40784126

        • By michaelcampbell 2026-02-2312:39

          > give reasons why

          Because it'll be an LLM guided bot handing out bans, so no one will actually KNOW why.

    • By oger 2026-02-239:055 reply

      While I see the point of limited capacity, it also shows that Google did not plan for rate limiting / throttling of high usage customers. This is ALWAYS the problem with flatrate pricing models. 2% of your customers burn 80+% of your capacity. Did see that in former times with DSL, not too long ago with mobile and now with AI subscriptions. If you want to provide a "good" service for all customers better implement (and not only write in your T&Cs) a fair usage model which (fairly) penalises heavy users.

      Good on them that they want to provide a way to bring back customers on board that were burned / surprised by their move.

      BUT: The industry is missing a significant long term revenue opportunity here. There obviously is latent demand and Claws have a great product market fit. Why on earth would you deactivate customers that show high usage? Inform them that you have another product (API keys) for them and maybe threaten with throttling. But don't throw them overboard! Find a solution that makes commercial sense for both sides (security from API bill shock for the customer / predictable token usage for the provider).

      What we're seeing right now is the complete opposite. Ban customers that might even rely on their account. Feels like the accountants have won this round - but did not expect the PR backlash and possible Streisand effect...

      • By zarzavat 2026-02-2311:491 reply

        Yeah this is a massive fuckup on Google's part and they are taking it out on their customers as per usual.

        It's not hard to define a quota system and enforce it. If the quota is too high then reduce the quota. If people are abusing the quota with automated requests then detect that and rate limit those users.

        If I'm paying $200+ a month I should be able to saturate Google with requests. It's up to Google to enforce their policies via backpressure so that they don't get overloaded.

        Then again this is the same company that suspended people's gmail because they sent too many emotes in YouTube chat. Sadge.

        • By cheonn638 2026-02-2314:301 reply

          > If I'm paying $200+ a month I should be able to saturate Google with requests

          Says who? You?

          The customer? Who always wants a lower price?

          • By zarzavat 2026-02-2320:29

            I specifically said that they don't have to fulfil the requests, just that they should be able to accept the requests. Throttling and rate limiting are valid ways to respond to having too many requests. Banning your paying customers' accounts because they sent too many requests is an insane way to deal with having too many requests.

            Most companies want to make money. They would use this opportunity to upsell these high value customers to a more expensive plan with higher limits.

            Google, which has some kind of dutch disease from making too much easy money from advertising, sees people trying to give them large amounts of money and thinks "How dare they attempt to buy our services? They're getting banned!"

      • By lm28469 2026-02-239:211 reply

        > Google did not plan for rate limiting / throttling of high usage customers

        Antigravity has very low daily and weekly quotas unless you pay for their most expensive plan, so it means these people drop $200+ a month to run these bots, insanity

        • By embedding-shape 2026-02-239:24

          > so it means these people drop $200+ a month to run these bots

          It doesn't mean that it's the only thing they're doing, could be they have the plan for other purposes, and also use it for that.

      • By embedding-shape 2026-02-239:23

        > Good on them that they want to provide a way to bring back customers on board that were burned / surprised by their move.

        Are they though? Another comment (https://news.ycombinator.com/item?id=47116205) seems to indicate these people are all indefinitely suspended with no path to unsuspend them:

        > [...] I must be transparent and inform you that, in accordance with Google’s policy, this situation falls under a zero tolerance policy, and we are unable to reverse the suspension. [...]

      • By sva_ 2026-02-239:571 reply

        > it also shows that Google did not plan for rate limiting / throttling of high usage customers.

        There is a (pretty generous and imo reasonable) request quota that reset every 24h

        • By hn_throw2025 2026-02-2310:171 reply

          There is consensus on r/gemini that the window is a matter of hours now, not 24h.

          I subscribe to the AI Pro plan. I knew of a published limit of 100 Pro prompts per day, but before this month it seemed they were relaxed about it. I have now started to be rate limited on Pro when nowhere near that quota, due to too many prompts within a short time window (probably due to short prompts and not aggregating my questions). So now I use the Thinking (basically Flash) model and bump up to Pro for certain queries only.

          There will always be a minority who spoil it for the majority.

          • By sva_ 2026-02-2311:431 reply

            I don't know why you rely on some Reddit consensus when you can just open Gemini CLI and enter /stats to get the confirmation that you get 200 Pro requests per 24h, and the counter starts when you do your first request.

            Unless there is something I'm missing

            • By hn_throw2025 2026-02-2316:131 reply

              If it was a daily quota issue, I would have been notified and unable to use more Pro requests until the 24hr period had reset.

              This was a temporary rate limit and it told me to try again at a specified time which wasn’t far away. That’s different.

              However, it could have been because of a temporary capacity issue. I hope so.

              • By 8note 2026-02-2320:32

                i stopped using gemini altogether for a bit because it was continuously getting capacity issues every evening.

      • By olyjohn 2026-02-2317:51

        A fair usage model isn't some handwavey bullshit throttled quota buried in the ToS and marketed as "Unlimited." Its applying a realistic usage quota equally to everybody in the same payment tier that is spelled out right up front so that people know exactly what to expect.

        The whole concept of service "abusers" is made up bullshit by companies that over promise, over sell and under deliver.

    • By JKCalhoun 2026-02-2315:16

      My fascination with local LLMs has waxed and waned over the past year or so. And then something like this comes along and it waxes again mightily. ;-)

    • By FloorEgg 2026-03-0217:00

      I wonder if this was causing the increase in the number of 429 errors I've been getting from Gemini on vertex.

    • By cube00 2026-02-2310:111 reply

      > will get a path for them to come back on

      That's not what support has been telling their $250 a month customers.

      we are unable to reverse the suspension [1]

      I get the need to move fast to stabilise the service but similar to an outage it doesn't take much to put a banner on the support page to let customers know bans are temporary until they can come up with a better way of educating customers. Further more it doesn't much to instruct ban appeal teams to tell customers all bans are under review no matter what the reason is to buy them time to separate Claw bans from legitimate abuse bans that need to be upheld.

      The fact that users are paying $250 for a service they can't use for at least the last 11 days kills any sympathy I had that Google needed "quickly shut off access", it's like they just sat on their hands until the social media storm hit flash-point.

      After 11 days there still isn't even an official statement, just a panicked tweet from a dev likely also getting hammered on socials, goodness knows how long before accounts are restored and credits issued.

      Even the original Google employee in the forum thread just ghosted everyone there after the initial "we're looking into it".

      [1]: https://news.ycombinator.com/item?id=47116205

      • By PunchTornado 2026-02-2313:401 reply

        come on, using a monthly paid subscription to obtain auth tokens to use claws bots is quite obviously agains T&C. you need to pay api prices for that. I am sure 100% of those knew they were doing something wrong but proceeded anyway.

        • By infecto 2026-02-2314:111 reply

          Sometimes I wonder where I am when people are so shocked. I genuinely don’t understand who would think this is allowable? Is this simply a younger generation and I am old now? API keys vs the auth tokens smells the same as public vs private APIs, don’t be surprised you get shut off if you are using a private API.

          • By ndriscoll 2026-02-2315:321 reply

            To the extent that that's true, it would be in the opposite direction? Auth tokens are meant to be used by the User Agent to effect the wishes of user, often encode permissions the user has, and are used with public APIs like those intended for web browsers. API keys are usually for private communication like server to server.

            The usual expectation is you don't care what agent the user is running. You just care about what they're doing with it (permissions, rate limits, etc.).

            • By infecto 2026-02-2315:401 reply

              Honestly that’s a detail far removed from the discussion. Folks are surprised they cannot use something that would obviously be against the T&Cs.

              • By ndriscoll 2026-02-2315:451 reply

                Everyone knows no one reads terms and that it isn't feasible for a normal person to do so, so I don't know why it would "obviously" be against them to anyone. If you're paying for a subscription with known limits, you'd expect you can use up to those limits. It's no more obvious to me than if you used the API token and got banned for using another client, or if a website decided to ban Firefox users.

                • By infecto 2026-02-2316:371 reply

                  I just fail to see your argument. You are paying for Claude code or Antigravity. Not for the raw underlying compute. It’s not about reading T&Cs but the expectation is just because you are paying for a service does not give you the right to freely use the API however you want. Hence why I said it really reminds me of a private vs public API. Don’t be surprised if you get shutout of the private API. All subscriptions are bound by acceptable use.

                  Maybe I am out of touch but I struggle why folks are surprised by this. I would argue that banning accounts is probably too harsh but we will see if that is a short term remedy.

                  There is a reason that in general the cost of a token via API is more expensive than when using the consumer tool.

                  • By ndriscoll 2026-02-2317:351 reply

                    I wouldn't expect consumers to even be aware that API keys exist, much less know the pricing differences. When I go to the Google One plans page, it just says I get all these AI things with higher limits. Then there's some tools that can use my account to do cool stuff. I wouldn't expect that a program that's logging into an AI service that I pay for as me to do AI things is it all untoward? No more than running a bot that just did high level control and delegated to their specific program (which is what all of this AI stuff and really software in general is about: automating whatever you're doing). Or when I give codex an auth token to use Jira or Gitlab. I expect that's the intended purpose of the auth token: let me perform whatever actions I need to do that I'm authorized to do within whatever limits the service sets.

                    Literally the entire buzz around all this AI stuff is that it lets you automate stuff and do more things faster. Why would you not expect people to automate their interactions with the AI service itself? AI automating its own interactions with itself is what all the AI companies are pushing as the immediate future and paradigm shift for everyone to hop onto.

                    • By infecto 2026-02-2416:07

                      That’s a fair point if you are just shooting from the hip then I can see it happening and being shocked. Still surprising to see the shock here on HN I would expect most to understand why it would not be a viable path.

    • By Havoc 2026-02-2320:09

      It's a bit leftfield for sure, but "malicious"?

    • By opsmeter 2026-03-0213:25

      [dead]

HackerNews

About