> This is a very shady dark pattern by Alphabet corporation.
Advertising company (Doubleclick [1]) wants phone numbers to better target ads. No surprise there.
[1] The company currently calling itself Google is not the same Google as yesteryear. In 2008 Google purchased Doubleclick, and what happened is that the advertising rot from Doubleclick ate Google from the inside out. What we have now calling itself Google is actually all the evil that was Doubleclick, only calling itself Google. That's why the Google motto no longer includes "Don't be evil".
You are talking about something that happened almost 20 years ago. The "company currently calling itself Google" is the Google of the past two decades, grandpa.
Steam gave me similar problems. In the process of trying to get in for the first time in a while to delete my account, I completed a successful 2FA but still couldn't log in because I had to prove I owned the account by providing extra information.
We've fallen so far from the days when the retailer let you just have the game you bought and then they were out of the picture forever.
put my same phone number on 10+ google accounts, if you're skipping this you look like a bot, how should google be able to tell you apart from all of the bots.
I've often read that 2FA should be through an authenticator app or a physical key, not via texting a code to a phone number. Malicious sim swapping is a thing, so purposely deleting any phone number from an account should be good practice, right?
So will they also delete inactive accounts that have no phone number, but one or more phone-less 2FA methods associated?
Google started using their mobile app for 2FA on my account without me ever opting in. Now I’m afraid if I delete the Gmail app from my phone I’ll lose access to my account.
There's no reason to use Google over ProtonMail or Tuta Mail if you care about user experience. Google's customer support is non-existent, while Proton and Tuta will get you a real human for any problems and are accountable.
Yes, I’ve lost access to two old accounts including my old blogger one. When I try to log in it sends email saying, “someone tried to log in with your password!” :-/
I have user account on my personal Google Workspace domain that is used purely for superuser access (my day-to-day account doesn't have special access).
I recently had to log into it for the first time in a few years to make a config change to the domain, and it wouldn't let me in because the 2FA code wasn't working, and a recovery code wasn't sufficient to enable privileged access. I had to reach out to Google Workspace support to regain admin access to my domain.
Thankfully, they were able to do so (although it took a few days and I had prove ownership of it).
So there's an example of a situation where an account that's not logged into for a long time doesn't mean that it's forgotten or unused.
Don't you think that "security" non-sequitur boogeyman is a bit too forced? You took my example, cherry-picked some words, and turned it into something else entirely. And too bad it doesn't even hold up because surrendering your phone number won't prevent securities fraud, which is what I was specifically referring to in my example.
If you haven't used your $whatever in a year, why do you want to use it now? Replace $whatever with whatever you want and you'll see how absurd this question is.
I would personally not want my account recovery tied to an account I rarely use. That seems full of unnecessary risk. What if you forget that Gmail password? What if it’s compromised and you don’t even notice for almost a year? What if Google decides to change their retention for unused accounts to just 6 months?
> If you haven't used your $whatever in a year, why do you want to use it now? Replace $whatever with whatever you want and you'll see how absurd this question is.
This is a silly statement specifically because the choice of “$whatever” determines whether it’s “absurd”. It’s definitely not absurd to assume that a year old sandwich is trash, while it is absurd to assert that an unaccessed safe deposit box is trash.
But of course you also pay the bank for your safe deposit box. If you stop paying then they absolutely will discard the contents (or send them off to the state, depending on laws). No one stores abandoned junk for free. If you want you pay Google for your account I bet they’ll keep it even if you never log in.
If you leave your ham sandwich in the office fridge for a single week, anyone is justified in throwing it away.
The trouble is you think that you are in possession of a ham sandwich that Google is taking away when in reality you’ve left your ham sandwich in Google’s fridge and they are sick of storing the obviously-abandoned sandwich for you.
> This is a very shady dark pattern by Alphabet corporation.
Advertising company (Doubleclick [1]) wants phone numbers to better target ads. No surprise there.
[1] The company currently calling itself Google is not the same Google as yesteryear. In 2008 Google purchased Doubleclick, and what happened is that the advertising rot from Doubleclick ate Google from the inside out. What we have now calling itself Google is actually all the evil that was Doubleclick, only calling itself Google. That's why the Google motto no longer includes "Don't be evil".
You are talking about something that happened almost 20 years ago. The "company currently calling itself Google" is the Google of the past two decades, grandpa.
Over those two decades they’ve been slowly turning up the heat to boil us like frogs.
This sounds exactly like the way McDonnell Douglas ate Boeing from the inside out.
Steam gave me similar problems. In the process of trying to get in for the first time in a while to delete my account, I completed a successful 2FA but still couldn't log in because I had to prove I owned the account by providing extra information.
We've fallen so far from the days when the retailer let you just have the game you bought and then they were out of the picture forever.
put my same phone number on 10+ google accounts, if you're skipping this you look like a bot, how should google be able to tell you apart from all of the bots.
I've often read that 2FA should be through an authenticator app or a physical key, not via texting a code to a phone number. Malicious sim swapping is a thing, so purposely deleting any phone number from an account should be good practice, right?
So will they also delete inactive accounts that have no phone number, but one or more phone-less 2FA methods associated?
Google started using their mobile app for 2FA on my account without me ever opting in. Now I’m afraid if I delete the Gmail app from my phone I’ll lose access to my account.
They default to authing you via a sms code usually still, even when you have an authenticator paired
There's no reason to use Google over ProtonMail or Tuta Mail if you care about user experience. Google's customer support is non-existent, while Proton and Tuta will get you a real human for any problems and are accountable.
Yes, I’ve lost access to two old accounts including my old blogger one. When I try to log in it sends email saying, “someone tried to log in with your password!” :-/
It's phonishness. Your life isn't real unless you have a smartphone -- at least that's the way "the empire" sees it.
if you haven't cared about using an account for a year, why do you want to use it all of a sudden now?
I have user account on my personal Google Workspace domain that is used purely for superuser access (my day-to-day account doesn't have special access).
I recently had to log into it for the first time in a few years to make a config change to the domain, and it wouldn't let me in because the 2FA code wasn't working, and a recovery code wasn't sufficient to enable privileged access. I had to reach out to Google Workspace support to regain admin access to my domain.
Thankfully, they were able to do so (although it took a few days and I had prove ownership of it).
So there's an example of a situation where an account that's not logged into for a long time doesn't mean that it's forgotten or unused.
The next aspiring trillionaire can take note of that argument when scamming people out of their retirement funds.
Why would one not provide one’s phone number to a financial institution where you hold your retirement or other investment funds?
Don't you think that "security" non-sequitur boogeyman is a bit too forced? You took my example, cherry-picked some words, and turned it into something else entirely. And too bad it doesn't even hold up because surrendering your phone number won't prevent securities fraud, which is what I was specifically referring to in my example.
People in jail/prison, for example, would not have the opportunity to access an account even if they wanted to keep it
If you haven't used your $whatever in a year, why do you want to use it now? Replace $whatever with whatever you want and you'll see how absurd this question is.
I really don’t think it absurd. What’s an example where a Google account is important to you but you haven’t used it in a year?
I barely use my gmail that often. But I still need an email for password recovery.
I would personally not want my account recovery tied to an account I rarely use. That seems full of unnecessary risk. What if you forget that Gmail password? What if it’s compromised and you don’t even notice for almost a year? What if Google decides to change their retention for unused accounts to just 6 months?
“If you haven't used your dirty tissue in a year, why do you want to use it now?”
“If you haven't used your ham sandwich in a year, why do you want to use it now?”
“If you haven't used your receipt in a year, why do you want to use it now?”
Ah, yes. I see what you mean. Truly absurd.
"If you haven't used your emergency go-bag in over a year, why do you want to use it now"?
"If you haven't used your passport in over a year, why do you want to use it now"?
"If you haven't used your grandmother's family photo album in over a year, why do you want to use it now"?
"If you haven't used your safety deposit box in over a year, why do you want to use it now"?
You missed the point.
> If you haven't used your $whatever in a year, why do you want to use it now? Replace $whatever with whatever you want and you'll see how absurd this question is.
This is a silly statement specifically because the choice of “$whatever” determines whether it’s “absurd”. It’s definitely not absurd to assume that a year old sandwich is trash, while it is absurd to assert that an unaccessed safe deposit box is trash.
But of course you also pay the bank for your safe deposit box. If you stop paying then they absolutely will discard the contents (or send them off to the state, depending on laws). No one stores abandoned junk for free. If you want you pay Google for your account I bet they’ll keep it even if you never log in.
Haha, smart. But those quotes still don't justify me taking away your one year old ham sandwich.
If you leave your ham sandwich in the office fridge for a single week, anyone is justified in throwing it away.
The trouble is you think that you are in possession of a ham sandwich that Google is taking away when in reality you’ve left your ham sandwich in Google’s fridge and they are sick of storing the obviously-abandoned sandwich for you.
See also: https://xkcd.com/1150/
Not providing your phone number is a critical step in protecting yourself against sim swap attacks and other vulnerabilities.