Gmail prompt to provide phone number sounds like a threat

  • “or recovery email”

    You have no idea how many people forget their passwords without a recovery mechanism. They’ll go online and complain that Google’s customer service wouldn’t tell them their passwords and how they’ve lost ten years of family pictures because Google hurt them so bad.

    Google can almost certainly find your phone number in the many emails they’re already receiving on your behalf. You’re not protecting your information by not providing it to them directly.

    If you’re not going to add a recovery phone number, at least provide a recovery email address.

    • The Hobbyist@lemmy.zip
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      You dont even need google to access your emails for that. You dont even need to be a google user at all, unfortunately.

      I think the phone number is easily found by google, by all their users synching their contact list… If you’re google and you have 100 people Synching John B. Smith with number 123 in Region A of the world, you’re pretty confident that that the person and the phone number are linked.

      • And that’s terrifying.

        Imagine you didn’t even heard about google, but some of your colleague/friend use Google contact synching (which is very default these days) And ta da! Google knows your name and number with 99% percent of accuracy.

    • Trainguyrom@reddthat.com
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      I used to work in support for a phone manufacturer. I spent more hours than I’d like to know helping people navigate Google account recovery because their only computing device was their phone which they just got replaced under warranty and they don’t remember their Google password. The lucky ones had set a recovery phone number and/or email, the unlucky ones were simply at the mercy of the ivory tower that is Google

  • anteaters@feddit.de
    link
    fedilink
    arrow-up
    22
    arrow-down
    1
    ·
    1 year ago

    Google can close your email account down at any time for any stupid reason they like and their nonexistant support will leave you standing in the rain without access to years of mails. Switch to a paid mailer with actual support ASAP

    • TCB13@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      I once paid for Lavabit email and it was then raided by the NSA/CIA/FBI (Snowden case) and they shut everything down. I lost access to my account and to a 3rd party account that had a considerable amount of money pending withdrawal. I was never able to get the money. Lesson learnt: paying for your email won’t save you.

      • ram@lemmy.ca
        link
        fedilink
        English
        arrow-up
        11
        ·
        1 year ago

        Ya, never trust US companies. Their government’s crazy to jump in and take anything they want; you may not even know they took it.

        • TCB13@lemmy.world
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          Well… Not sure if other gov won’t act the same way in a similar situation.

    • blkpws@lemmy.ml
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      I rarely use my old Gmail account, now when I try to log in they ask me to get into a logged session of Google to verify it’s me, as I have no session open with my Google account, I can’t do it. It’s been a time I wasn’t able to log in back to Google without an error message “Google can not verify it is me who is trying to log in”… I don’t know how to log in, I have the emails re-directed to my new email provider and I still get emails, one of the emails I got is that if I don’t log in the next 2 years, my account will be deleted, so looks like I lost this account with all the data of when I was younger, it’s sad, but I don’t really need google. This could be an example of “account closed”, as I have no open sessions to verify myself and Google should know it.

  • ono@lemmy.ca
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Can confirm.

    Google locked me out of my account for not giving them my phone number. Even though I used the correct password. Even though I verified myself through the recovery email, which has been the same for ages. Even though I wasn’t using a VPN or connecting from a public network. Even though there was no reason to think my account or credentials were compromised.

    They are, in fact, extorting phone numbers from people.

    Thankfully, I don’t depend on my google account for anything, but I’m still stuck receiving spam forwarded by gmail, because I can’t log in to turn off forwarding. (I’ll probably have to filter it out at some point.) I honestly hope they just delete my account after some months without a phone number.

    • TheProtagonist@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      So Google will not let me log in to my account unless I provide them my phone number? But at the same time they require a regular log in (at least once a year or every two years), so your account doesn’t get deleted?

      I have an old Gmail account, I don’t use anymore, but it’s tied to my name, so I wouldn’t want someone else to use it at some point. I thinks there’s one email client that regularly connects to that account. I hope that will be sufficient to preserve it, but I would not feel comfortable giving them my phone number, when I have no other links to Google services (this may be different, if you use an Android phone anyway).

    • scottywh@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      If you can’t login they will definitely delete the account sooner or later.

      They’ve been sending out notices recently talking about changes to their account inactivity policy saying just that.

    • Phoenixz@lemmy.ca
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      2 years and it’ll be deleted.

      I still have a Gmail account but I’m trying better solutions… Maybe my own hosted system. Whether I pay google or a hosting company with open source software is the same money, the latter means privacy

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Get your own domain and use migadu.com. The starter plan is $20/year.

        For extra privacy get a domain in .de, .be, .fr, or .nl, their registries protect owner data automatically.

        If you’re also looking for a registrar check out INWX.

    • Skull giver@popplesburger.hilciferous.nl
      link
      fedilink
      arrow-up
      0
      arrow-down
      1
      ·
      edit-2
      1 year ago

      Google started requiring phone numbers years ago, it’s an attempt to cut down spam and bot accounts. You can only register so many accounts on a single phone number and getting phone numbers at scale is much more expensive than sending a bot through the signup process.

      This has nothing to do with compromise, they just don’t want to deal with this many bot accounts. I’m pretty sure Microsoft and Apple do the same thing.

      • ono@lemmy.ca
        link
        fedilink
        English
        arrow-up
        0
        arrow-down
        1
        ·
        edit-2
        1 year ago

        This has nothing to do with compromise,

        Clearly.

        they just don’t want to deal with this many bot accounts.

        Whatever excuse they might have doesn’t change the fact that they are extorting phone numbers from people.

  • Blizzard@lemmy.zip
    link
    fedilink
    English
    arrow-up
    9
    ·
    1 year ago

    You could lose access to your X years of Gmail history with 2FA enabled if you lose your phone.

    • blkpws@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      This reminds me Blizzard forces their users to use 2FA with their own app if you want to unlock all the features on World of Warcraft, so you are forced to install the blizzard app on your personal smartphone device…

      • Blizzard@lemmy.zip
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I don’t think that’s true, I don’t have the app and I was able to play SC2 not that long ago. I think you can disable 2FA in account settings.

        • blkpws@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          I said “unlock all the features on World of Warcraft”. If you disable 2FA, you can’t use all the features.

      • EngineerGaming@feddit.nl
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I wonder if it works in an Android VM. The shittier thing they’ve done is requiring a non-prepaid number for Overwatch 2, locking out people who can’t afford anything else… And some regions as well.

  • Fleppensteyn@feddit.nl
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    Creating a new Google account isn’t even possible without a phone number anymore. I had a new account which I didn’t use in a while and it decided I need some old phone number to confirm my log in. There’s no way to log in, recover or delete the account. There’s no way I’m putting my daily account to that risk by giving them whatever phone number I have now

  • maniel@lemmy.ml
    link
    fedilink
    arrow-up
    8
    arrow-down
    3
    ·
    1 year ago

    BuT cOrPoRaTiOnS tRaCk YoUr LoCaTiOn If yOu GiVe ThEm YouR nUmBeR

    Like they’d need your phone number to do that when you probably already have a smartphone with Facebook installed

      • maniel@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        i was pointing at lay-user of smartphones that don’t want to give facebook or google their phone number while they are already spied on by countless companies with Google and Meta among them,

        same people probably have pasted some appropriate clause on their facebook

  • HisNoodlyServant@beehaw.org
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    Didn’t help me when my account got locked. Had 2fa and all the info they wanted and never got the account back. Fuck google.

  • sculd@beehaw.org
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    At this point I would say stay away from all Google services.

    I even moved away from Gmail. It’s very liberating.

    • Enitoni@beehaw.org
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      I’m slowly moving over to Proton and with the integration of SimpleLogin I’m starting to finally feel in control of my inbox.

    • happyhippo@feddit.it
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      For all valid reasons for moving away from Google services, this just ISN’T one, as other comments already pointed out.

      • sculd@beehaw.org
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I agree. But just wanted to say that plenty of email service providers do not require a phone number.

        Using authenticator for 2FA is also better than SMS.

  • Endorkend@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    This isn’t actually about your phone number.

    I got the same message because I do have my phone listed in there, but don’t have a recovery email address listed.

  • Thom Gray@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    With all do respect friend, I’m assuming most of us here that really care about privacy ditched Gmail very early in our privacy journey. I think virtually every policy Google enforces, including phone validation has some element of data collection in mind. We can debate whether providing the phone number is an information grab or a security measure, but I’m fairly certain it’s both to some degree. If one cares enough about privacy to post in this community please start looking for a privacy respecting email provider, then start abandoning Google services like the plague at a pace you can tolerate. Don’t move too fast on your journey, the inconvenience is rough, but liberating your digital life is priceless one step at a time.

    • w2tpmf@kbin.social
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      Your proton account is susceptible to the same problem if your password gets compromised and you don’t have a backup access method registered.

  • DoomBot5@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Dumb take. All it’s warning you is that without those, you won’t have a way to recover your account it you lose your password or if it’s hacked and someone changes it.

    • Matomo@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      Yeah, I’m all for bashing companies regarding privacy and whatnot, but this is just informing/warning you about account security.

    • tim-clark@kbin.social
      link
      fedilink
      arrow-up
      7
      arrow-down
      1
      ·
      1 year ago

      Users are getting dumber by the day!! Half the comments in privacy imply users don’t know what they are talking about and need to see a therapist

      • QuazarOmega@lemy.lol
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 year ago

        You couldn’t glean the sarcasm from my comment?
        I know that 2FA is important for security

      • stratoscaster@lemmy.zip
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        Really though people just don’t understand the point of 2FA. There is 0 other way to verify identity. Just use a burner number if you’re so paranoid sheesh lol