Hacker News new | comments | show | ask | jobs | submit login
Google is lying to get your phone number
17 points by Flavius 9 months ago | hide | past | web | favorite | 8 comments
Verify it's you

This device isn't recognized. For your security, Google wants to make sure it's really you.

Enter a phone number to get a text message with a verification code.

At this point whoever got my email and password can just enter a random phone number and get instant access to my email account.

But don't worry, nobody knows my email and password, this is just a dirty tactic employed by Google to get more information about you.

Right now I have to chose between giving them my phone number or being locked out of my email account.

Did you have 2FA on this account already?

If not, they're basically just forcing you into 2FA, and the easiest way to get most people on 2FA is via text message. They're not going to tell everyone to go download Google Authenticator. I don't blame them for wanting everyone on 2FA, especially for an email provider. There are a million ways your password could be stolen, and they'd rather that their system was secure from the start rather than dealing with the fallout of an account takeover. You should be able to go into your account settings and remove the phone number after you enable another 2FA method.

If you are on 2FA already, that is strange.

That's why you should use a virtual number... protect your real phone number and your privacy. Here's a web app I released a few months ago that was made for dealing things like this. https://textmeprivate.com

This seems like damned if they do, damned if they don't.

I'm personally extremely pro-privacy, but on the other hand realise my gmail account secures loads of my other services and so needs a phone number for verification.

It‘a not like 2FA is an absolute must if you use a secure password and a password manager. I think forcing it is just wrong :(

I'm not saying that they shouldn't ask for you phone number in certain scenarios, but this is not one of those scenarios.

It might be one of those scenarios based on a pattern of behavior that Google is in a position to identify and an individual user is not because the patterns include temporal, spatial, network, etc. elements that emerge at the scale of many users and across multiple web properties.

I'd put it this way, if Google wants your phone number it can just Google it...or rather, Google already has your phone number and a whole lot more because its ordinary data and information leaks everywhere across the web. Trivially, all it takes is for anyone who has ever had your phone number to have shared their address book online and odds are Google has your name and number.

I'm not saying this is good (or bad). Just that it is. In the moment by moment, a person can kind of avoid some tracking because the speed, volume, and economics at which advertising is auctioned limits the depth of historical search on a moment by moment basis. But when it comes to a specific ordinary fact, Google has it already.

The fraud detection could in theory be triggered by something as obscure as the angle of your phone and its acceleration parameters being unusual.

I was extremely hesitant to give Google my phone number, then I realized Google has access to everything on my phone. It's just a formality.

Not for everyone. I don't use smartphone, and have no google on my dumbphone.

And this practice of locking you out or give a number is annoying as fuck. Why? Sometimes companies don't accept just any number. I have perfectly regular number from a "virtual operator", with SIM and all that. It gets rejected for being "unsupported."

I will surely not go and buy new SIM I have no need for, just to get access to some stupid service, with uncertain result anyway. What are they thinking?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact