Google is fine with everything if it's their service. I've completely blocked *.bc.googleusercontent.com, because it's basically used as a spam farm for years now, but Google couldn't care less as they apparently can't be bothered to even slightly inconvenience their compute engine users.
Spam is getting horrible lately. I get all sorts of new techniques including:
- using legitimate sites to bypass filters, like sending you a bill through a legitimate bill-creation site
- pretending to be a tracking service for something you supposedly ordered, then over the course of days pretending the package got lost on the way and offering a discount code for the 'purchased' amount, expecting you to use it on their phising site.
Gmail not only fails at spam classification, they classify these messages as important and nag you with first priority notifications and summaries.
I can’t prove it, but it feels like the world recently decided that spamming/scamming is acceptable, so the number of spammers/scammers has increased dramatically.
The number of spam calls, texts, emails, iCloud account unlock requests, etc I’ve received in the last year is insane.
I believe that these spammers now concentrate their efforts towards e-mail addresses hosted by major providers, like Gmail.
The reason is that I have an opposite experience, during the last couple of years I have received much less spam messages than before.
I have hosted my own e-mail server for more than 2 decades. Previously, I had to filter large quantities of spam messages, but lately the number of spam messages is much less than 10% of the total number of received messages.
Lack of accountability for the companies that allow their services & platforms to be used for spam/scamming.
Take DocuSign for instance. Still, this many years later, is a major source of phishing emails from their free trials. DocuSign could easily shut this down today by either requiring a CC for the trial, or forcing a call with a sales rep to start a trial. But they don't, they continue to allow their service to be used for wide scale phishing.
Atera, an RMM, is another one that has been a big source of malware delivery, also via the free trials.
Shutting down the trial accounts after the fact does nothing, the emails already went out.
It's AI that's doing a lot of it. For a lot of spam, scammers would want to exclude anyone who may not fall for the scam due to the costs associated with dealing with people who won't pay you. Now that AI decreases the need for a human scammer to scam, expect them to start to widen their scam nets.
Yeah this feels like one of those cases where the term "AI" gets broadened out so far it becomes meaningless.
This stuff is automated. The ability to automate spam calls (using the same form of APIs developers love, like Twilio) make it absurdly easy for one person to set up a spam machine. No AI required.
The lead generation was automated ten years ago ("Hello?"), but the actual scam conversation was not. Until recently, you still had to pay somebody in South Asia better than the prevailing wage of ~$1/hr to have these conversations, as well as set them up in an office with computers and managers, and bribe local police (call it $5/hr of fully burdened work product). If your success rate is ~1% and the average human portion of the scam lasts 12 minutes, you're getting 0.05 successes per hour, and you better be netting an average of $100 per successful scam (accounting for financial clearing issues / reversals!) or you're losing money on every hour worked.
You're correct about the calls, but the ability to talk with the people was the rate limiter. Even if you have many people in Cambodia or India, the scammers still needed to scam more than they paid out. Now you can have AI bots that do the first level of filtering.
Unfortunately scamming is a business and if certain actions become less expensive, I would expect more of them.
I think part of it is AI allowing sophistication at scale, but there's also a generational factor. The techbro + business shark culture, influencers who manipulate people being role models, and so on.
Gmail spam filtering is so bad that I believe it has to be intentional. I think they see email as a long term ad revenue opportunity and want to desensitize people to the spam.
I wonder how come I have such a diametrically different experience. I don't remember the last time any spam email got through the automatic filter into my inbox, and I had a gmail account for 20 years now.
If I put on my tinfoil hat, it seems to be something deliberate, to push us all towards accepting hardware / software attestation and better "online id" stuff - "Don't you want to identify and stop the spammers and phishers?".
Email scanning and file scanning (on our computer) became acceptable when the level of spam and malware became intolerable. But it was at cost of our privacy. Today, Gmail scans all your mails and makes money from it. Both Windows and macOS have built-in anti-virus or malware scanners, and file indexers, and thus know all the applications and files in your system (which provides for more data on your profile with them). Now with both OSes, and even browsers like Chrome and Firefox, including AI, they will now use our own computers to not only collect our personal data, but even process it on our system and use it to build even better profiles to more profitably exploit us.
It doesn't have to be deliberate; it's just the economic incentives at work. AI providers are inclined to sell AI to everyone with a pulse, and it just so happens that a lot of its use will for towards spam generation.
It also just happens that they're the ones best positioned to provide attestation and identity services.
They seem unable to prevent phishers from using their acquisition, AppSheet, to send relatively convincing, targeted (to nobodies like me) emails that make it to primary inbox.
So, pleas ignored, forward these recruitment scam emails to the legal/fraud/phishing teams of the impersonated brands. For a company without the appearance of caring (in my opinion), perhaps law firm letterhead can encourage necessary prioritization.
That doesn't really change the fact that it's hard. Do you know how many full movies are on YouTube that infringe on copyright? How many pirated streams are hosted on S3? How many piracy sites are behind Cloudflare. It's just very hard to police at scale and if something is flying below the radar it will be there for a while. They probably spread out their assets over many accounts, or even use misconfigured buckets with write permissions to drop some files in there.
Google's inability to scale their services should be a regulatory issue.
If their platforms (Gmail, YouTube, DoubleClick) are being used to launch scams, they're failing at scale and governments are failing at legislating / regulating.
The only way to use Google services somewhat safely is with hefty ad (and the rest) blocking.
All this ID and surveillance and privacy invasion and metadata retention and yet all these scams only seen to grow. It never seems to end up protecting anyone deserving of protection.
This argument actually doesn’t work in Google/your-point favor since finding pirated content on Google is now practically impossible.
The reality is, Google is driven strictly by incentives and there are no consequences for letting spam/scams run wild vs. pirated content which gets automatically removed when a DMCA notice is received.
"It's so easy when you don't know how". I'm not sure if this phrase is in common use at all, or if I just misheard it once and attributed it to mean that when the details of a problem aren't obvious, its easy to conclude the solution is simple. "Why don't they just do ___?"
At the companies I've worked at, I refer to this as the "well, can't you just...?"
Yeah, I can "just" after I "just" do A, and B, and C, and D, and E, and F, and G.
Drives me batty on top of being insulting. "Surely you realize I thought about that weeks ago, and if it were that simple, we wouldn't be having this conversation."
Ah! I have no answer for it, but am happy, Virgil-like, to now have a theory why the same stupid, obvious "Costco" spam from an @gmail.com address keeps showing up in my inbox no matter how many I mark as spam.
This is an underrated distinction. Sadly, the line is so much more blurred now than even when I was a kid in the 90s.
There are so many businesses now which exist mainly to cheat you, operating at the very edge of what’s technically legal, and relying on their customers not really understanding the full terms of the deals they’re agreeing to. It’s sickening.
Yeah, but junk mail funds the USPS, without it Republicans would've killed the postal service long ago, See the Pension requirement that they pushed in a vain attempt.
> Supposedly, using the QR code on the smartphone triggers an SMS sent from your phone to Google in order to verify your phone number.
Does anyone have a better source of information than this one forum comment from someone who thinks scanning a QR code is enough to get your phone to send a text message?
EDIT: It’s just an SMS URI. It doesn’t automatically send anything, just opens a text message for you to send.
This is just the old phone number verification with a QR code convenience method.
Exchanging SMS messages with any sort of reliability (like not losing your messages when you go through a tunnel) requires running an SMSC. That costs money.
Furthermore, carriers still charge each other for exchanging SMS traffic, though many of them just charge the difference rather than sending each other bills.
This approach is quite costly if you're out of the country, though. Sending an SMS is hit and miss when roaming in foreign enough networks, and each SMS can cost you a significant amount for exchanging 10 characters. Even receiving SMS messages far away from home can cost you money, which is a pain if you have a relative that could never get used to modern messaging services.
Technically if you can copy paste the qr code into any qr reader website and manually do it, I think it's possible? Assuming it doesn't change the code very rapidly every few seconds.
I think it's probably enough to get your phone to open your texting app with a pre populated number and message body, then all the user needs to do is hit send.
I wish it was. I've looked everywhere for several years for anyone offering this service so I can get into my 2004 Google account that they enabled SMS 2FA on one day, without any notice, but it has the wrong phone number. I have the username, password and the recovery email address is set to another I own too, but without the SMS code I'm hosed.
They used to do just that, though people could pay about $25-30 (in like, 2008 dollars! So that’s closer to $47 today) for ‘unlimited text plans’.
I know you mean charge just these bulk senders, but if they didn’t charge consumers a similar rate too, whoever wants to spam SMS can just set up farms of consumer SIMs and dump them onto the network that way. In fact, they already do this.
I recall reading that twitter was getting "scammed" because there were some phone services that cost money to receive texts (and possibly some of it was being passed on to the customer of said phone service) and they were getting spammed with phone verifications to get the payouts. I guess when twitter extorts your phone number out of you under false security pretenses and then uses it for advertising that's legit but if some one tries to a get a cut for themselves it's a big problem.
It occurs to me this "force you to send the sms" might be a way to avoid exactly this sort of thing.
Recently helped a small business set up a Google Workspace account and we hit a wall during registration.
Told the owners that if Google is already being difficult during signup, imagine being locked out later with client work on the line. Pulled up a few horror stories about Google lockouts to drive the point home. They ended up with another workspace solution.
When trying to upgrade from the Business Standard to Business Plus plan, Google will reduce your workspace storage from 2TB/user to 0 bytes for up to 24 hours while it upgrades you.
These are actual quotes from support:
> Upon checking, I see that the storage is showing as 0 bytes, because of the upgrade that has been done from business standard to business plus. Not to worry as this is very normal.
> I understand your concern and how important it is for the storage to be updated due to the business requirements.
>
> To give you full transparency into what is happening: when a Workspace subscription is upgraded, our backend systems must first detach your previous Business Standard storage allocation before provisioning the new Business Plus limits. During this transition window, the quota temporarily defaults to zero.
> Now please turn ON user storage limit nor shared drive storage limit. Once you turn ON, please wait for 5 minutes and then please turn it OFF.
^ That last attempt to try to force storage quotas to reset faster didn't work, btw. Still took hours.
Google Workspaces are just like Windows 11 on the network, and constantly running Windows update. You never know what changes, installed/uninstalled, or breaks.
I feel like I must be using a different gogole workspace. I've used it every day for the last 10 years and just don't seem to have these issues? Stuff just seems to work for the most part? It's all way more stable and low-admin than any other desktop software I've used at least!
This is why I have I have started planning to transition away from Gmail for all domains I manage. Gmail doesn't actually get any better as a product - just more annoying as they try to upsell me on crap I don't want or need. It gets a bit more shitty every year.
The sheer size of Gmail means I have zero chance for support even though I pay for a service. The risk is too great to be acceptable.
Everyone hates on Microsoft, but their platform is 50x better than Google. Personally nowadays I would be looking at Proton if I was going to setup a workspace for my company.
We are 365 shop… I cannot think of one single time the 365 being down has affected us at all. Maybe you’re right I don’t know. Maybe your region is worse than my region.
Maybe MS actually has support. The UI is so much worse than Google's (which is bad enough for communication compared to Slack) that you just cannot win though.
I have to say, I’m finding the “New Outlook” deeply unsatisfying coming from a GSuite company the past 4 years. MS was better in 2021 than it is now. The new one reeks of Jony Ive style minimalism. I constantly can’t find anything I need, and it takes a lot of fiddling to do simple things.
I generally have rooted for MS over GOOG on this type of thing, so I am not saying this out of fanboyism.
I went through it to register just now. No QR code required. Same flow as it has been for years:
1. Personal/Child/Business
2. First/Last
3. Pick email
4. Date of Birth
5. Backup email / Skip
6. Password
7. Enter phone number
8. Confirm with 2FA code
9. Done.
I just made the email testregistrationflow@gmail.com and have since forgotten the password. So that’s one burned. But feel free to try testregistrationflow1@gmail.com and see if it works without a QR code.
The headline is clearly a misstatement of what is a specific flow for someone to make many Gmail accounts programmatically.
Probably depends on how "trust worthy" you seem to Google for them to trigger this requirement. Things like using Linux, using Firefox, using a VPN, etc.
Not without some kind of delay function and probably filtering/evaluation of which new accounts get this capability...
Everyone here should be familiar with exponential growth of n-ary trees. If you can get one of these accounts and each new invitee gets to invite 2 more, you can already have accounts gone wild.
Not really, even "legit" marketing providers have massive automation rigs to warm email addresses, make them behave naturally and email each other in rings for a bit before using them for cold outreach.
So they'd just do this to farm invites if they needed
Because it is. Total surveillance only works if the people are forced to wear the tracking collar. The next steps are tying it to CBDC, that require a phone number to access your wallet, and tying it to realid/passport to restrict travel.
2FA has become the wedge to break privacy into a million shards.
Reminds me of Telegram that forces you to pay premium to login to a new device depending on the country. Login, not registration. This is all due to the cost of SMSes of course.
You can bypass this if you have a passkey, but phone and password isn't enough. No idea why they opted to do that, it's not like passkeys are indicative of any device binding.
Register your own domain and use that for your email, and you'll no longer be held hostage by Google. Takes almost no effort and will cost you a few dollars a month.
But what do you actually use as the email host? If you just set up your own mail server, you're almost certainly going to have everything you send go straight to spam.
You still need to register with someone like google, or Proton, etc.
Yeah, but you're not beholden to them. There are 100 different hosts you can use if you own your own domain. If a host changes in a way you don't like, just move your domain elsewhere. If you're using Gmail, you're stuck with Google. Being independent of any one host is the important part to me.
Personally I have my own mail server and use smtp2go for sending which handles the deliverability issue. I'm not sure it's worth it going this way but I found it fun and its been 0 maintenance
Democracy is the style of ruling where majority's ignorance dominates over the vulnerable. You will be eventually forced to use internet and forced to use the way your government wants you to use it.
Is this the reCAPTCHA crap I just ran into minutes ago? It’s the Cloudflare “verify your humanity” thing, and the checkbox isn’t good enough, so now there is a “mobile verification, the support page for which (that I briefly skimmed) talks about scanning a QR code.
(EDIT: TFA didn’t clear it up for me, but it sounds similar.)
I can say that this QR code could be requested if IP is suspicious and/or associated with unusual activity. Recently I did register a new google account from my own residential IP and it did not request any additional confirmations, not even SMS verification.
I tried to create a new gmail address recently because my primary gmail address is my name, and it's quite common, so I get more email for other people than I get for me.
My phone number - which I've had for about 15 years and have only ever used for personal purposes (minimal SMS, mainly just an iMessage/Whatsapp ID) - is apparently "not eligible" to create a new gmail account. Which is quite strange.
For something as central as a Google account, it feels pretty unreasonable that a long-held personal number can be silently rejected with no appeal path or explanation
I got this a few weeks ago, it was a URL like "sms?:number" which tries to pre-fill text in app. Didn't work for me (Fossify) so I had to copy the number and verifier text from that URL and send it manually. It's for saving money spent on providers like Twilio.
Gmail has been evil both for client privacy as they use email scanning for marketing purposes, and for 'spam' filters that reject legitimate emails.
The fact that they're introducing QR/SMS/MMS/whatever they want is actually an interesting signal, because it will harm the customer experience, which might result in the growth of responsible paid email services.
It is good to realize that it has never been "Nice Uncle Google" and always an advertisement moloch offering tools to hook their product. All that trust that was bestowed was never warranted.
The only “real” competition for Google Workspace is Microsoft if you need a full collaboration solution beyond just email, and 99.999% of customers of such hosted solutions need that full solution. It’s why Dropbox worked even though hacker news users probably roll their own sync solution.
His point was just that many business users can only purchase Google’s solution or Microsoft’s solution, because they’re the only services that will offer interoperability with many other security and compliance services and advanced functionality like SSO, third party email scanning, compliance journaling etc. The email market is essentially a duopoly as soon as you need any functionality beyond basic email.
The simple fact that you believe this is insane to me. Microsoft?Security and compliance? Ahhh, yes the north star of security!
No, you don't need either of these companies if you need a corporate stack for communication and collaboration. And anyone who believes Microsoft or Google is doing anything out of the ordinary to protect their users or data is out of the loop.
It's not about actual security; it's about the appearance of it. It allows CTOs and such to check a box to say "Why yes, our vendor is secure! Look at all their claims! Look at how many other companies use them!" That's it. Safety in numbers for clueless CTOs.
Last time YouTube wanted to verify my phone number it was easier to find a free service to receive SMS than for Google to deliver it to my actual phone. And Google didn't care I "verified" a number assigned to other side of the world.
Be careful. Google once locked me out of an account that I've owned for over 10 years one day. My username and password were correct, but they randomly flipped 2FA on (without my consent) and sent the recovery code to a phone number that I switched away from years ago. It was completely unrecoverable. There's absolutely no way to get in touch with customer service. Never make an account with them unless you're not willing to lose it randomly to automated bureaucracy.
It's becoming increasingly hard to find a service that lets you see verification messages, and even then google doesn't like a lot of the numbers those services use
In my country there are several telco operators that will send you basically an unlimited number of SIM cards for free (as in free beer) that you can use for getting the verification SMS and then immediately throw the SIM away. The only "cost" is that you have to wait a day or two for the SIMs to get to your physical mailbox.
fwiw I was able to set up a fresh google account without SMS via a used android device (with no SIM installed), 2 days ago. But I suppose on balance, having a second device is more onerous than having a second SIM.
Yes I had the same issue and wrote an hackernews comment[0] and was gonna write a blog post but laziness (but I am glad that privacyguides wrote an article!)
I also want to share a comment that someone (Velocifyer) added on my comment:
"If you make a blog post, make sure to also comment on how the audio reCAPTCHAs are nearly impossible and are blocked on public VPNs. The visual reCAPTCHAS have vauge instructions (they say “Select all squares with busses.” when they mean “Select all squares that have a bus or part of a bus and do not select any other squares.”. For 2 years I could not figure that out so I had to use the audio captchas but then Google blocked them on public VPNs and also made them almost impossible. I could only figure that out when Google Gemini clarified it for me."
Also another fact that I had discovered but to upload youtube vidoes more than 15 minutes you have to do this verification with sms and I found that its system of sending sms was quite finnicky and (too much limits is actually just one try)
Google and other tech giants's recent changes/lobbying are really impacting the open internet and it feels to me like we as people who have knowledge about these topics must do something to reform things as I simply cannot ask people who are technically unaware about these topics to fight for these changes unless we advocate and educate them about it
Most people just have simply way too much of other issues to fight for these things that they have almost taken for granted, but this to me means that the responsibility is on us people who are technically sound to fight against the attacks on open internet if we wish to preserve it.
I think my point is that we all might be waiting for other people to protest against these tech giants but I think that the world is looking at us people for such protests, Let's hope that we are able to educate more people and the open internet is preserved.
Our small steps might mean a lot in the future and so to not be dis-illusioned to make small steps thinking that they might be too small but we have to fight tech giants if we wish to preserve open internet. Every step is meaningful no matter how small
Everything is going to get so much worse and AI really is to blame. So many websites now have these verification pauses and CAPTCHs because of AI agents. Part of it is agents. Part of it is everyone running their own awful versions of Googlebot.
Years ago IIRC there was a "bug" where the Android emulator allowed you to create real Google accounts. This was found and I'm sure millions of these accounts were created. There's a whole black market for Google accounts. Whereas I lost a Google account I'd created for a relative because it hadn't been used in awhile and it was tied to a mobile number I no longer had.
I don't see how this ends without registering for a service like Gmail being tied to your government ID.
More info here: https://news.ycombinator.com/item?id=46665414
- using legitimate sites to bypass filters, like sending you a bill through a legitimate bill-creation site
- pretending to be a tracking service for something you supposedly ordered, then over the course of days pretending the package got lost on the way and offering a discount code for the 'purchased' amount, expecting you to use it on their phising site.
Gmail not only fails at spam classification, they classify these messages as important and nag you with first priority notifications and summaries.
The number of spam calls, texts, emails, iCloud account unlock requests, etc I’ve received in the last year is insane.
The reason is that I have an opposite experience, during the last couple of years I have received much less spam messages than before.
I have hosted my own e-mail server for more than 2 decades. Previously, I had to filter large quantities of spam messages, but lately the number of spam messages is much less than 10% of the total number of received messages.
Take DocuSign for instance. Still, this many years later, is a major source of phishing emails from their free trials. DocuSign could easily shut this down today by either requiring a CC for the trial, or forcing a call with a sales rep to start a trial. But they don't, they continue to allow their service to be used for wide scale phishing.
Atera, an RMM, is another one that has been a big source of malware delivery, also via the free trials.
Shutting down the trial accounts after the fact does nothing, the emails already went out.
It's such a good tactic too to start the voicemail with the conversation already going people are like "what? who?"
The clear, unspoken message in the USA is now: "Enrich yourself in any way you can, as fast as you can. Buyer Beware is the law of the land."
It's been a _lot_ of years that I've hesitated to answer calls from unknown numbers.
This stuff is automated. The ability to automate spam calls (using the same form of APIs developers love, like Twilio) make it absurdly easy for one person to set up a spam machine. No AI required.
Unfortunately scamming is a business and if certain actions become less expensive, I would expect more of them.
Email scanning and file scanning (on our computer) became acceptable when the level of spam and malware became intolerable. But it was at cost of our privacy. Today, Gmail scans all your mails and makes money from it. Both Windows and macOS have built-in anti-virus or malware scanners, and file indexers, and thus know all the applications and files in your system (which provides for more data on your profile with them). Now with both OSes, and even browsers like Chrome and Firefox, including AI, they will now use our own computers to not only collect our personal data, but even process it on our system and use it to build even better profiles to more profitably exploit us.
It also just happens that they're the ones best positioned to provide attestation and identity services.
So, pleas ignored, forward these recruitment scam emails to the legal/fraud/phishing teams of the impersonated brands. For a company without the appearance of caring (in my opinion), perhaps law firm letterhead can encourage necessary prioritization.
If their platforms (Gmail, YouTube, DoubleClick) are being used to launch scams, they're failing at scale and governments are failing at legislating / regulating.
The only way to use Google services somewhat safely is with hefty ad (and the rest) blocking.
All this ID and surveillance and privacy invasion and metadata retention and yet all these scams only seen to grow. It never seems to end up protecting anyone deserving of protection.
I wonder what it's all been in aid of...
The reality is, Google is driven strictly by incentives and there are no consequences for letting spam/scams run wild vs. pirated content which gets automatically removed when a DMCA notice is received.
Yeah, I can "just" after I "just" do A, and B, and C, and D, and E, and F, and G.
Drives me batty on top of being insulting. "Surely you realize I thought about that weeks ago, and if it were that simple, we wouldn't be having this conversation."
But hey, I get paid every 2 weeks.
There are so many businesses now which exist mainly to cheat you, operating at the very edge of what’s technically legal, and relying on their customers not really understanding the full terms of the deals they’re agreeing to. It’s sickening.
Does anyone have a better source of information than this one forum comment from someone who thinks scanning a QR code is enough to get your phone to send a text message?
EDIT: It’s just an SMS URI. It doesn’t automatically send anything, just opens a text message for you to send.
This is just the old phone number verification with a QR code convenience method.
It’s not something specific to a phone. It’s just a convenient method to enter your phone number.
So if there are any costs for sending this SMS it’s on you.
there shouldn’t be any remaining for the consumer today
unless you’re a real unfortunate soul.
Furthermore, carriers still charge each other for exchanging SMS traffic, though many of them just charge the difference rather than sending each other bills.
This approach is quite costly if you're out of the country, though. Sending an SMS is hit and miss when roaming in foreign enough networks, and each SMS can cost you a significant amount for exchanging 10 characters. Even receiving SMS messages far away from home can cost you money, which is a pain if you have a relative that could never get used to modern messaging services.
I know you mean charge just these bulk senders, but if they didn’t charge consumers a similar rate too, whoever wants to spam SMS can just set up farms of consumer SIMs and dump them onto the network that way. In fact, they already do this.
It occurs to me this "force you to send the sms" might be a way to avoid exactly this sort of thing.
Told the owners that if Google is already being difficult during signup, imagine being locked out later with client work on the line. Pulled up a few horror stories about Google lockouts to drive the point home. They ended up with another workspace solution.
These are actual quotes from support:
> Upon checking, I see that the storage is showing as 0 bytes, because of the upgrade that has been done from business standard to business plus. Not to worry as this is very normal.
> I understand your concern and how important it is for the storage to be updated due to the business requirements. > > To give you full transparency into what is happening: when a Workspace subscription is upgraded, our backend systems must first detach your previous Business Standard storage allocation before provisioning the new Business Plus limits. During this transition window, the quota temporarily defaults to zero.
> Now please turn ON user storage limit nor shared drive storage limit. Once you turn ON, please wait for 5 minutes and then please turn it OFF.
^ That last attempt to try to force storage quotas to reset faster didn't work, btw. Still took hours.
The sheer size of Gmail means I have zero chance for support even though I pay for a service. The risk is too great to be acceptable.
What does this mean? The scanning a QR code and sending a text message from this article, or something else?
I generally have rooted for MS over GOOG on this type of thing, so I am not saying this out of fanboyism.
1. Personal/Child/Business
2. First/Last
3. Pick email
4. Date of Birth
5. Backup email / Skip
6. Password
7. Enter phone number
8. Confirm with 2FA code
9. Done.
I just made the email testregistrationflow@gmail.com and have since forgotten the password. So that’s one burned. But feel free to try testregistrationflow1@gmail.com and see if it works without a QR code.
The headline is clearly a misstatement of what is a specific flow for someone to make many Gmail accounts programmatically.
Every account having the ability to invite an only small finite number of new accounts is one way to thwart scammers.
Everyone here should be familiar with exponential growth of n-ary trees. If you can get one of these accounts and each new invitee gets to invite 2 more, you can already have accounts gone wild.
So they'd just do this to farm invites if they needed
Google is probably doing A/B testing or they are using some sort of ML algorithm....
2FA has become the wedge to break privacy into a million shards.
You can bypass this if you have a passkey, but phone and password isn't enough. No idea why they opted to do that, it's not like passkeys are indicative of any device binding.
You still need to register with someone like google, or Proton, etc.
Personally I have my own mail server and use smtp2go for sending which handles the deliverability issue. I'm not sure it's worth it going this way but I found it fun and its been 0 maintenance
Dead on arrival.
(EDIT: TFA didn’t clear it up for me, but it sounds similar.)
My phone number - which I've had for about 15 years and have only ever used for personal purposes (minimal SMS, mainly just an iMessage/Whatsapp ID) - is apparently "not eligible" to create a new gmail account. Which is quite strange.
The fact that they're introducing QR/SMS/MMS/whatever they want is actually an interesting signal, because it will harm the customer experience, which might result in the growth of responsible paid email services.
It is good to realize that it has never been "Nice Uncle Google" and always an advertisement moloch offering tools to hook their product. All that trust that was bestowed was never warranted.
My comment, as per subject, is about Gmail.
No, you don't need either of these companies if you need a corporate stack for communication and collaboration. And anyone who believes Microsoft or Google is doing anything out of the ordinary to protect their users or data is out of the loop.
A lot of corporate (customer) email sevices drop email from everybody except a very short whitelist.
I also want to share a comment that someone (Velocifyer) added on my comment:
"If you make a blog post, make sure to also comment on how the audio reCAPTCHAs are nearly impossible and are blocked on public VPNs. The visual reCAPTCHAS have vauge instructions (they say “Select all squares with busses.” when they mean “Select all squares that have a bus or part of a bus and do not select any other squares.”. For 2 years I could not figure that out so I had to use the audio captchas but then Google blocked them on public VPNs and also made them almost impossible. I could only figure that out when Google Gemini clarified it for me."
Also another fact that I had discovered but to upload youtube vidoes more than 15 minutes you have to do this verification with sms and I found that its system of sending sms was quite finnicky and (too much limits is actually just one try)
Google and other tech giants's recent changes/lobbying are really impacting the open internet and it feels to me like we as people who have knowledge about these topics must do something to reform things as I simply cannot ask people who are technically unaware about these topics to fight for these changes unless we advocate and educate them about it
Most people just have simply way too much of other issues to fight for these things that they have almost taken for granted, but this to me means that the responsibility is on us people who are technically sound to fight against the attacks on open internet if we wish to preserve it.
I think my point is that we all might be waiting for other people to protest against these tech giants but I think that the world is looking at us people for such protests, Let's hope that we are able to educate more people and the open internet is preserved.
Our small steps might mean a lot in the future and so to not be dis-illusioned to make small steps thinking that they might be too small but we have to fight tech giants if we wish to preserve open internet. Every step is meaningful no matter how small
[0]: https://news.ycombinator.com/item?id=48042596
Years ago IIRC there was a "bug" where the Android emulator allowed you to create real Google accounts. This was found and I'm sure millions of these accounts were created. There's a whole black market for Google accounts. Whereas I lost a Google account I'd created for a relative because it hadn't been used in awhile and it was tied to a mobile number I no longer had.
I don't see how this ends without registering for a service like Gmail being tied to your government ID.
And of course their database is leaked in real time.
It's like saying that the government has outsourced burger making to McDonalds.