People complain a lot about Gmail, but honestly I kind of understand Google's plight here.
They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free. If they ever shut it down the whole world would end up rioting because it's so widely used.
But it's expensive, complicated and time-consuming to maintain - and both a source of and recipient of endless waves of spam and scams. It's an endless pile of data to hold onto, FOREVER, as well.
I enjoy hating on Google when appropriate. But when it comes to Gmail, I understand what they're dealing with.
It's honestly why I believe the idea of free e-mail is just bad, fundamentally. You can't expect a free e-mail service to be good or have any kind of support. The fact that it still exists is more out of shear fear of the repercussions than any good will on the owner's part.
Just get a paid e-mail service. They're better, and offer a lot more peace of mind.
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free.
I’ll stop you here. Google offered it for free and, at the time, offered such an high amount of mail storage for free it sounded insane. At the time, my ISP gave me a 25MB or 50MB inbox and that was considered pretty decent, when Google was trying to get people in with 1-2GB.
They absolutely have a right to take ant steps they deem necessary to prevent malicious use of their product, and certainly aren’t obligated to provide it for free, but Google wasn’t forced to provide a free email service, much less one that went so far above and beyond their competition.
> and certainly aren’t obligated to provide it for free
And I'll stop you here. It's less than obvious that there's no obligation. If you provide a critical service that folks rely on at a price less than your cost, you drive out competition, and it's a critical part of your own business model, dropping the service without warning is IMO on the border of what Google should be allowed to do.
There were plenty of free email services before gmail. Google isn't at fault here because they provided a better experience.
There are plenty of free email services _after_ Gmail too. If Google want to destroy their product, have at it.
Yeah! I can't believe people know basics about cartels, trusts and dumping.
It does feel like a lot of very intelligent people here basically start at a first principles belief in property rights, and discover or dispute all of the rights and protections put in place over centuries to patch up the issues that occur when that philosophy meets reality. It reflects poorly on our education systems that these apparently weren't covered or were unconvincing when presented. Or maybe it's just a reflection of the era? In practice organizations seem to be repealing these protections through limited interpretations or loopholes, so maybe that skews people's expectations?
There is a lot of information, in various forms, on the internet that are specifically designed to misinform those who hadn’t taken a course on that particular topic, but leaves the reader feeling they learnt something. Right now LLM’s are good at picking those apart for the reader if they decide to dig deeper, however, I fear this era might not last.
> LLM’s are good at picking those apart for the reader if they decide to dig deeper. I fear this era might not last.
Yeah, I'm not sure that pinning one's hopes for a better-educated populace on LLMs is going to pan out well. Education requires trust and active defense against malign actors.
> it reflects poorly on our education systems
It's fascinating that you choose to blame either the education system specifically, or "the era", while ignoring the existence of an immense right-wing propaganda machine and simple human greed.
That our education system wasn't resilient to that well-funded propaganda machine is what reflects poorly on it. That such a machine is allowed to exist reflects poorly on our institutions more broadly. I'll never blame human greed. Systems are designed for humans, if they fail to account for human nature then they're bad systems. I'm not really interested in litigating whether humans as a species are bad.
> education system wasn't resilient
Fun little exercice: How is education funded (not just school, the rest as well) ? What does the salary scale look like ? Would you jump into that boat if had the qualifications ? (and probably: why haven't you jumped into it until now ?)
Once you've got through all of that, how resilient do you expect the system to be ?
>Systems are designed for humans, if they fail to account for human nature then they're bad systems.
Systems will always be bad. It's why corporations will always be bad. The complexities are too much for humans. You will never account for all variables. Account for one, with that you are exposed to another. This becomes clear to me when you look at government and the systems it tries to use, since forever. Climate change is another great example. Requires coordinated change across the globe. Many many many factors why that will never change. Change in the system of that size is too hard. So is it the system that is bad, or maybe it's just a reflection of limitations within us as a species, today?
A terribly defeatist attitude. The same could be said about, say, death during childbirth. For hundreds of thousands of years people tried methods of midwifery to ease that process and reduce deaths to little effect. People considered that to be women's lot, an immutable fact of human nature. Then we figured out how to reduce deaths during childbirth to a relatively tiny fraction of all-cause mortality, and that level of care became standard, at least in parts of the world. Why would you be so convinced that systems of organization are unsolvable? Where is your hacker's spirit?
We have a system for improving organizations. Competition.
The actual problem is that our system for preserving competition is insufficiently effective.
[deleted]
Human systems have a critical bottleneck, it's run by humans. That doesn't mean it's necessarily a flaw, but it means all systems are corruptible if it's run by corrupted humans.
And I mean this for any sort of system from corporate, nonprofits, dictatorships, oligarchs, and democracy. Democracy is still a human-run system and that people seem to think democracy is somehow this bastion of freedom is a delusion.
If we want better systems we need better people running them, but that's a conversation that's emerging so we'll see how it goes.
>Systems are designed for humans
They also happen to be designed by humans, and if you're just begging to have the system fix people's beliefs about corporate greed for you but don't think people themselves are at fault I have no idea why you'd think the systems would be fixed.
Always these complains about corporations or systems or institutions, the responsible person is never "I". If you're unwilling to take responsibility for your institutions why do you think they'd fix your problems? The beauty is people always get the institutions and rulers they deserve, it's not some mysterious system that allows these things to happen, it's you and I.
This doesn't sound like a meaningful critique. You're basically arguing for a culture-first approach to a systemic problem, but insisting that that culture should be one of individual responsibility. I contend that it's exactly that culture that divides the oppressed and justifies exploitation. You've decided a priori that people get what they deserve. I see injustice and try to spread understanding of how our systems create that injustice in hopes that people will change these systems to rectify them.
I'm not at all opposed to the concept of personal responsibility and accountability. In one's personal life it's important to be responsible for yourself. It's also important to understand the context you exist in, and how your actions affect others. It's bad to, say, litter on the streets, and I'll reprimand someone interpersonally for doing so. But if you live in a world where a company comes by and dumps truckloads of trash into your park every week and your government lets them, no amount of personally refraining from littering or scolding your neighbors will get you a clean community. In this case those who need to be held accountable are whoever decided on the dump-trash-in-the-park policy and whoever was supposed to stop them and didn't, and the only solution is a change of policy and creation of accountable enforcement mechanisms.
I'm not just talking about individual responsibility, but collective responsibility emerges from individual responsibility. You start with yourself, then your family, then your community, then your state, then your country, bottom up.
When the company dumps garbage in the town you don't blame the company, you and your neighbors go and put a stop to it. If you're both individually and collectively indifferent then you indeed get what you deserve. That' not an a priori assumption, that's a logical fact. You either take control and self-govern or you're governed. This idea that education or social life works like McDonald's where you yell for the manager if something broken is pathetic.
Vague complaints about 'the system' or crying for some hero CEO, strongman president or influencer or activist of the week to save us poor souls isn't how a free people act. These are problems that can be solved locally from the ground up. You don't need to wait for 'policies' to change, you and your neighbors drag whoever is responsible for that out, or even organize the garbage disposal yourself if need be.
[dead]
>immense right-wing propaganda machine..
I see that the left-wing (what ever that means) does not have access to this machine, for some reason...
> the existence of an immense right-wing propaganda machine
The biggest trick corporate oligarchs have managed to pull off is convincing people that consolidated markets are "right-wing". Adam Smith is in the public domain, you can read it for free:
A core premise of the book is basically that competitive free markets are good, antitrust is important and government regulations have a tendency to favor cronies and impair competition.
The cronies, of course, don't actually like competitive free markets, so they pervert this as "government regulations including antitrust are always bad" whenever someone wants to do some trust busting. Which in turn sets up their own misconstruction as the straw man to knock down whenever they want to demonize competitive free markets in order to sustain or create regulations propping up their monopolies.
America's right-wing has never wanted competitive free markets, and has never been represented by Adam Smith, the man who said:
"the disposition to admire, and almost to worship, the rich and the powerful, and to despise, or, at least, to neglect persons of poor and mean condition is the great and most universal cause of the corruption of our moral sentiments."
America's right-wing has always been about enriching the connected and the already powerful. Nothing more.
[deleted]
How can we end up blaming the right wing when the propaganda machine is bigger on the other side and even bigger on the government side It's always someone else
I think the idiocy required to agree with the some of ideas of the "american left" vastly exceeds what is required for a complete lack of self reflection.
So I am not really surprised.
It's not a poor reflection of our education system, it's all just motivated reasoning. Smart people will move heaven and Earth to argue themselves into a belief that their self-serving position is actually borne of some global altruism.
[deleted]
Except gmail is hardly a cartel, etc. I've never had a gmail account.
I'd assume that you also never tried running your own email server and have the email actually delivered to a gmail address, then.
That did work for decades up until recently. It took me a bit to realize that google email recipients had stopped receiving my emails.
I self-host an email server and can definitely send email to Gmail addresses.
I've self-hosted email systems for businesses for nearly 20 years. I've actually had far easier times delivering to Gmail/Workspace clients than Outlook. Outlook constantly breaks strict DKIM with some of their protection scanning nonsense for emails that seem to get good deliverability almost everywhere else.
Exactly. Outlook is the main source of deliverability headaches.
Been doing it for over 20 years without issue, for myself and many other customers.
I should have been more clear that I feel bad for the users.
I don’t have much empathy for Google.
I think people have forgotten the various historic monopolies and abuse they've perpetuated just because the new ones do it digitally.
I’d say that if Google suddenly stopped providing Gmail for free, destroying the primary means of communication for billions of people, governments would be justified in immediately nationalizing Google with no compensation.
Corporations aren’t magical entities that somehow exist outside of social obligations and can do whatever they want as long as their own terms of service permit it.
Maybe they could announce a pricing increase for a somewhat distant future date.
Maybe $1/month starting in 2 years, then increasing to $2/month for the next year, $3/month for the next, on until they feel they're covering costs.
That way it gives people time to look for alternative free providers, or time to get used to the idea of paying for email.
> Corporations aren’t magical entities that somehow exist outside of social obligations and can do whatever they want as long as their own terms of service permit it.
Where's your support for this statement in the law?
The existence of law itself is the only necessary support... Law is merely encoded social obligations that the government will enforce. That a single law constrains corporations in any way (and that is clearly the case) proves the statement.
In the broader context GP is clearly advocating for what the law should be, or should be changed to should certain events come to pass. Demanding support in existing law for a proposed change in law is nonsense if that's what you meant to do instead of narrowly discussing the nearly vaccuously true quote you pulled out.
People can actually make new laws. Happens all the time.
When push comes to shove, the law stops mattering, every time. That’s true for individual rights and it’s true for corporate entities too. The era where things like that don’t happen is a very small slice of human history that is currently coming to an end in real time all around the world. Not long ago, a government simply taking over a company was something that occurred quite regularly.
I remember in the early days you could watch your storage quota go up in real time.
Back when Google was still fun and innovating. Enshittification consumes all.
also, people changed. Seems like nobody wants to see cute fun stuff anymore. I bet they'd get lawsuits of people claiming false advertising since the numbers aren't strictly true.
"when Google was trying to get people in with 1-2GB."
The G in Gmail was for a gigabyte and that was what I got in the noughties for "free", when as you say my ISP offered something like 5MB on the end of a POP connection.
To be fair you can cram a lot of ASCII into 5MB. However you can email piccies to a mailbox with a 1GB limit if your modem doesn't melt first.
Obviously, this was during the "don't be evil" days.
Even then the reason they were giving people so much storage space was because they wanted people to get in the habit of keeping their private data on Google's servers so that Google could mine it whenever they felt like it. Giving users effectively unlimited space was a selfish move on Google's part, not a gift.
Try signing up for a Google Gemini Paid account with a third party email...
Better still, try signing up for a Gemini Paid account with a registered android phone that isn't triangulated to a desktop.
If they can't own you, they don't want you at all.
Google's annual revenue is $350 billion. I can't believe someone would feel bad for such a company, because as you pointed out, this entire Gmail thing is part of the reason they have that revenue.
Google has done nothing but be a wolf in sheep's clothing. I'm not going to shed a tear because they have to maintain an email service.
Also they make it really difficult to mass delete stuff. I'm basically stuck paying for their storage because I don't really have the skills to self host (but I'm working on it!)
They make it impossible to delete stuff if you stop paying!
I was on Google Workspace for about 10 years. I moved off their service because the mandatory Gemini price hikes meant that it no longer represented value for money.
I get excessive storage utilisation warnings for some shared drives I used to have but because I no longer have a paid up license, I can’t manage shared drives anymore. So I can’t delete them.
Google’s “support” team in India told me all sorts of lies about how to resolve the issue, but they’ve finally settled on a position that I would need to reinstate my Workspace account, at my own expense in order to delete the data to stop the emails and save Google money.
They refuse to acknowledge the patent absurdity of this situation and escalate it to someone who can actually fix it.
Google has support?? How did you find it, and what other services besides gmail does it cover?
Note they said "workspace". This has some level of support baked in, as this is the paid enterprise product.
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free.
This argument would have flown 30 years ago with Yahoo.
Since then we had Uber pumping so much money into a losing business until it drew the competition bankrupt.
And now we have AI pumping so much money into a losing business until they hopefully replicate Uber, only won't work and signs are all over the wall that they just burned a trillion dollars.
Which opens great prospectives for incumbents WHO LEARN FROM THE MISTAKES of the powers be at the time.
About time to start a "Don't be evil. FOR REAL." This time.
If in 30 years it's necessary to start "Don't be evil. REALLY, REALLY, REALLY this time" then so be it.
I'm starting the 2.0 version. Fuck AI. Fuck incumbents. Long live long life and freedom of choice!
I find your views interesting and wish to subscribe to your newsletter.
No really - got more ideas about "Don't be evil. FOR REAL"?
(Please understand I'm being sarcastic. You should interpret this post as a joke)
Hi. I'm a VC bigwig and I'm very interested in purchasing your company. I, too, believe in Not Being Evil
Not only that. I was probably not even a teenager or barely a teenager when registering a gmail was not as simple as clicking "sign up". You needed someone to refer you and upon registration you got 25 referrals in return. Needless to say, entirely ditched gmail forever ago and use it as a spam mail. They can have all the fun they want training slop on that.
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free
What you mean for free?
First, they have all the data they get from you. They now track you even when you are not using your phone. They can/could know if you are doing your number 2 regularly or not only.
They control how the internet moves. Https? Sure can enforce. Trackers, etags ? Why not.
They sell every single bit of information on you for a good price. And now they are even more friends with a very good orange buyer. They have a TOS on you that they can chop and sell you whenever they want and you can't complain.
What you mean for free? Maybe for you it seems free, but people are paying them premium for lots of stuff.
Google used to be admired by the innovation and good ideas that shaped the world to a better world.
Now they are still shaping the world, but not for everyone
You're correct that it absolutely isn't free but the gall of Google to, once they have all the data, to turn around and demand additional payment for continuing to store all the data they sought out and that they've resold many times over - it's shameless greed at this point.
And it's isn't even like they're struggling with profitability, either. It'll be hilarious if this forces common folks to switch back to IMAP since once a user has been burned into spending the trivial cost to set up a local mailbox sync they're unlikely to go back into Google's arms (especially given how cheap (in money and time) disk space and cloud backups are these days).
Google just sent me an email saying my google account was deleted due to lack of use for 2 years.
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free. If they ever shut it down the whole world would end up rioting because it's so widely used.
Not even remotely true. They regularly shut down products and services with impunity. If Gmail cost more than the data they directly or indirectly mine and sell from their users, Gmail wouldn't exist either.
The stuff they've shut down has been nowhere near as important as Gmail.
Shutting down GMail would practically amount to shutting down email. It's by far the largest email provider in the US (and probably in the world but I don't have that data). There's no other provider who could take up the slack; if it were to abruptly shut down, a lot of users would simply lose access to email altogether.
They'd generate a huge amount of ill will by shutting it down, and that in turn would likely lead to a nontrivial share of people moving away from Google core products (like search) out of pure spite.
Wait, Google does search these days?
To what? Google Search sucks thanks to the idiot who ran Yahoo into the ground, but everyone else sucks more. Every time I try to use non-google search the results are virtually useless.
Google has firmly been in the "we're so big we can suck at everything, but you'll still use our stuff because you have no other choice" phase that Microsoft was (is?) in.
They've dominated email so much that their spam filter makes it a very risky proposition to run your own domain; chances are very good it'll just start dropping your messages. Even if chances aren't great, can you take the risk of an important email getting zapped?
To this day I still routinely have to fish out my gmail spam folder dozens of emails from various open source mailing lists that have been around for a decade or two, some hosted on kernel.org, because the spam filter is convinced they're spam. Google is too fucking stupid or lazy to whitelist sites like kernel.org.
FFS even google groups I'm in that are technical get obviously-not-spam messages tagged as spam!
At one point AOL was the largest ISP and email provider on Earth too. If gmail died off people would just move to something else. It'd be annoying, but it wouldn't be the end of email
Google could actually do everyone a solid by killing gmail. They have enough influence in the industry that they could create a standard for email address portability, and then slowly force everybody to move off. By the end, one of the biggest problems with email would be solved and people would be able to switch email providers like how we can switch phone providers without needing to change our phone numbers. And Google would get to save a lot of money by no longer needing to provide everyone's emails
oh no. what a shame that would be.
No, that wouldn't happen. Lots of people don't have email through Google, for one. Those people will still use email just fine. Moreover, the people who do use Gmail will simply sign up with another provider. It won't be a big deal.
> No, that wouldn't happen. Lots of people don't have email through Google, for one.
Based on some data I collected around five years ago, roughly 80% of US customers used GMail for personal email. It was overwhelmingly the most common choice. I suspect that number has only drifted upwards since.
(What about the rest? 15% were using Yahoo; the rest were spread thinly across AOL, Microsoft, ISPs, and colleges.)
I’d honestly expect to see regulatory intervention if they tried this.
In a better time I would expect the government to step in a acquire this fundamental service and fund it with tax money. Right now? The only intervention I would expect is a massive subsidy to pay Google to keep providing it, while also letting them continue to spy on everyone's mail (which is a crime, but not if the mail is on a computer, I guess).
Government-operated Gmail would become such a massive cesspool of spam and hijacked accounts. It'd be spectacular.
Do you believe that if the government provided email, that the government wouldn't keep track of everything you did on it?
Depends on the health of our institutions. In the US at least they're legally obligated not to by the highest law in the land. It gets ignored now, but it's a more promising path to privacy-preserving digital infrastructure than letting the private market handle it.
Oh, I think it's been ignored for a long time. Remember Snowden?
> but it's a more promising path to privacy-preserving digital infrastructure than letting the private market handle it.
The history of governments suggests otherwise.
Unfortunately, the Constitution has been flagrantly ignored by the federal government for close to 100 years now, if not longer. Everything that FDR did was blatantly unconstitutional, but nobody stopped him, nor did they roll it back when he was gone. The Constitution has no real practical power to restrain the government if the people don't exercise their rights as voters to hold it accountable, and it is abundantly clear that the unconstitutional stuff the government gets up to is (largely) actually pretty popular.
Do you believe the government doesn't keep track of your email, just because it's hosted on googles servers?
I used a private mail server for years, and the government didn't keep track of it. Of course, what happened at the email's destination, who knows?
[deleted]
Yeah, but they still don't run a charity. They sell ads and information - and gmail provides them with lots of valuable information.
If that ceases to be true, goodbye (free) gmail.
Shutting down GReader ruined my life.
[deleted]
Has nobody made a better RSS reader since then? Or is the issue that GReader was so popular that shutting it down made everyone stop using RSS?
it's insane to frame anything a company like Google does as some kind of goodwill. rather than an amoral profit optimization. contrary to OP, what people often overlook about GMail is not their "plight". but the powerful brand awareness it creates
Yes it is remotely true. Name one thing they have shut off that a large number of people actually used and it was important. We all joke about Google dropping things and yes they have, but saying they can just drop Gmail is.. well, insane.
they essentially shut down the old (useful) google search when they prioritized ad-heavy websites in the ranking
This fixation on "importance" is laughable. It is "insane" to drop Gmail because it makes them a shitload of money. That is how corporations work.
The reason people mention importance is because corps like Google don't just care about per-product profitability, they assess how one product affects the rest of their business.
Gmail is not now nor has it ever been free. Everyone pays for it. To your point many people use it and for businesses to contact their customers they have to pay into whitelists for high volume delivery. The costs are passed onto the customers, including those that have never used Gmail. Companies that do not pay into such lists and that have many customers using gmail have to set up careful rate limits which means the emails will not be delivered the same day.
Email marketing and campaign companies pay into these lists and they pass that cost onto their customers as well.
There has never been a email provider that accepts mass email delivery to millions of recipients for free.
Is this really true? Where are these lists? I’ve never heard of this so I’m quite intrigued.
It's an accusation that has been going around for a while, but I've never seen it substantiated.
It's a negotiated price signed under NDA, is why most people have not seen details. If you are friends with your CFO and you email millions of gmail users directly likely because you are B2B ask them for the line item. If using a email campaign provider they will not disclose how much they negotiated to pay. Most B2B companies end up going with email marketing and campaign providers as it is far more cost effective than doing it in house even if you have highly experience email postmasters which my team had it just was not our core business model and I could not justify the FTE's.
As just one example, sending high volume emails from Amazon requires using Amazon SES [1]. Some people here are familiar with sending from SES vs. trying to send high volumes directly from EC2 instances.
Their ecosystem netted them over $130 billion profit last year, I don't feel sorry for them at all...
right, that comment reads as if they're victims for intentionally putting themselves in the position of holding and reading the maximum amount of information about everyone they can. bizarre
There’s also no indication Google wants to wind down Gmail. This change just looks like an aggressive method to stop bots and spammers.
Do you have any idea of how much they can datamine from an email service? Just making a special parser for amazon emails can give google a realtime insight on the ecommerce space.
For a while Amazon stopped giving detail about the purchased items in their emails, to prevent Google from doing exactly that.
A year or two ago they returned to full detail. I've always wondered if it was customer pressure or a backroom deal with Amazon was reached.
I kind of doubt that Google would cave to the former, right?
i wonder how AMZN hasn't started its own mail yet.
With the (future) shutdown of WorkMail, AWS almost did the full circle.
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free.
No way they are doing it for free.
Basically they tied Gmail 1:1 to Android accounts. I have a Gmail mailbox for a few reasons: 1) self-squatting my usual handle, because they are a large email provider 2) it's my Android account and it's where I get documents shared on Drive 3) maybe it's the way I login to Google cloud but I don't remember. I used to have a customer with servers in there but it's long gone.
Anyway, gmail is their way to manage a part of the Android infrastructure and it seems they like running Android.
>Basically they tied Gmail 1:1 to Android accounts.
>Anyway, gmail is their way to manage a part of the Android infrastructure and it seems they like running Android.
I've deleted my Gmail mailbox and Android works fine, any document share notifications go to the email address on the Google account.
If anything it's better without a Gmail mailbox because those notifications used to only go to my Gmail no matter what alternative email addresses I set, now they all go to my actual email address.
Only problem is I can never reopen the mailbox because the "Add Gmail to your Google account" screen has decided I've already used my mobile number before.
They charge for google workspace and many companies use workspace and expand on the services they use provided by workspace. The trojon was gmail and gmail interface / app on android and iphone.
This is their entire MO though; they offer a free product to build a customer base then they figure out how to get to know them biblically in an attempt to extract a profit and it doesn't matter how underhanded or unsavory it is.
Maybe at some point in the mists of time, someone just wanted to offer people a good email service but at this point it's a pattern of behavior across every Google consumer product so I can't give them the benefit of the doubt.
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free. If they ever shut it down the whole world would end up rioting because it's so widely used.
You have a point, but if you've ever seen how a gmail account behaves for the ordinary person once it reaches 80-90% storage capacity used (15GB free, some cumulative total of all emails and google drive content, google photos content), all of these free services exist to sell a perpetual monthly recurring subscription to users. And many people do pay. The default gmail web interface starts to have a big banner across the top warning about storage reaching maximum capacity with a link to the payment page.
Look at the workflow for a standard out of box android phone now that defaults to backing up all your photos to 'the cloud', which will almost immediately fill the 15GB free. Once your 15GB is full, then you're run through the payment/checkout workflow to enter your card and set up monthly recurring billing for some premium google service.
In general having a gmail account is the initial stage in the pipeline of getting someone to be a monthly-paid google customer for life. Whether it's just for more storage to hold all their google drive and photo content, or google workspace individual, etc.
Additionally, tying a gmail account to the primary-user android on-device account on any android 4.x+ device means revenue from google play store paid app sales. And then all those 'free' apps that the user installs where the app developer has implemented embedded small ad banners for google's ad network? More venue.
I don’t think it’s for free. There are ads in (free) Gmail, they harvest your data, and then the paid accounts are, well, paid.
This comment somohow makes it look like google is a non-profit charity organisation.
Isn't it the corporation which makes super-profits and gmail is just part of the equation?
I highly doubt that anyone would ever riot over loss of access to email, nor that it's some critical piece of infrastructure, there are dozens of other communication methods online today.
I get the difficulty of fighting spam, just wanted to say that Gmail is probably making them money too. It's still free to make an account, which means they have to be careful who they give it to.
> But it's expensive, complicated and time-consuming to maintain - and both a source of and recipient of endless waves of spam and scams. It's an endless pile of data to hold onto, FOREVER, as well.
They should let others do email. The more email service providers we have the better it is for everyone
No one is stopping anyone offering an email service, surely every IS does that?
The pain in the ass around deliverability to gmail is the reason I don't run my own anymore.
I haven't had any significant issues, but I think it depends on the luck the draw of your IP address.
Free? They serve ads on their clients. The best solution that solved this terrible issue was Inbox, which they purchased and then destroyed. Google also makes monthly cloud storage fees for anyone who has large files or photos. Also, it keeps people in Googles ecosystem. It’s a beneficial monopoly for Google.
Google syphons all your email data and uses it for their very profitable ad targeting business. The cost of providing email service is miniscule, especially nowadays. Ad profits are at record highs. They've done their math for sure. Saying that they somehow got roped into subsidizing a public service is not even close to reality.
I use proton, but it is not better than gmail. The user interface is explicitly inferior, and that is the main thing I care about.
Google isn't doing this out of kindness. Sure charging for mail would give some bad press but Google can handle it in many different ways and they have in the past. They provide the service because it's valuable to the business. They know that the void will be filled by another service. And that's bad for Google.
While I get your point, I can't think of a free email service that wouldn't also be a gate to other products. Whether it's Gmail, Hotmail, Yahoo mail etc. you always get an "account" as well, something that connects other services from the provider in an easily accessible place where the user actually gets monetized. The email is there just to make sure the user comes back.
You can't legitimately believe Google is a charity and maintains 'huge chunks of the internet' with nothing to show for it. Is it for free if they get non-monetary benefits? Like, my employer doesn't give me "free" money either; they get something out of the arrangement
the googles of the world are real-life analogs of lovecraftian gods, spending sympathy or defense on them is a category error. they do not know about you nor care about you, and would be just as happy dissolving you in their path as not.
Gmail makes 10s of billions annually based on best estimates
They aren’t doing this for free
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free.
yeah ok, google maps is free, youtube also...
And you know why? Because every single one of their product is either a data harvesting tool or an ad delivery mechanism, sometimes both. Let's not pretend they do it for free, it's their entire business model lmao
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free.
In exchange, Google gets to surveil half of the world's population, extract personal information from their email, and resell that information to governments and ad companies.
They could always just pause all new registrations for non-paying users. They set themselves up for this failure by merging YouTube into everything gmail and Google.
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free.
And now they have a treasure trove of AI training data, for free.
>They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free
Just because they don't charge you directly, doesn’t matter it's not profitable for them.
The highest comment in the thread is somebody defending Google, a trillion dollar company that profits hundreds of billions of dollars per year, with a wide-ranging monopoly on tech services, as being a victim providing a free service for the public good. While stating that holding onto data is a liability. As though the data was not the point. As though the data was not the payment.
I need to get off of this fucking website.
I hate Google when they pull anti-consumer crap. I believe they're too big, too unaccountable, and something needs to be done about them. Their power rivals that of a country and that shouldn't be considered acceptable.
But man, I would hate to be the one dealing with Gmail. It's a nightmare for the reasons I listed above.
Someone can in fact hold both of those opinions.
I was also actively telling people to de-Google and go elsewhere for a mail service.
Does everything need to be black and white?
Gmail is a nightmare for everyone else to deal with. Gmail is anti-consumer crap, through and through. A big part of why everyone uses Gmail is because using Gmail is the way you get your e-mails delivered to people who use Gmail. Google arbitrarily blocks e-mails from people using other domains, so together with Microsoft they've created a monopoly on e-mail that forces people into using big tech e-mail domains if they don't want their e-mails to get eaten. And the reason they do this is even more anti-consumer -- because they are farming a massive trove of data from your e-mails.
It's bizarre how you make up a sob story about how Gmail is just so hard for Google to deal with. They aren't maintaining it for charity. I'm sure, if I had no ethics, I could manage the burden of dealing with a software system that harvests the data of >1 billion people as part of my corporation's business plan that nets hundreds of billions of dollars a year. The reasons you listed for why it would suck to be Google -- it's "free" for users, expensive for Google, and oh god, you have to hold on to the data... are not reasons at all, because Google profits from it and Google wants the data. The data is the point. You belabour how Google has the burden of controlling a huge chunk of the internet's infrastructure, as if gaining control of a huge chunk of the internet's infrastructure is not literally their anti-consumer goal.
[deleted]
Google Ad's revenue per user is ~$50/year
>They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free. If they ever shut it down the whole world would end up rioting because it's so widely used.
Google used to literally have a counter inside Gmail showing how your account had a super huge and always increasing amount of storage. The courted their current market position. This isnt "Oh how did we get here with our big bleeding hearts" its just enshittification.
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free.
Don't bullshit to us here, please.
Google scan billions people's emails (including very sensitive ones like medical record letters) to then show relevant ads AND sell the data to some partners (hundreds of them).
It's not called "public infra for free". It's the serious for-profit business. The surveillance capitalism on the march.
>They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free.
Not for free. Being monopoly is a huge reward. It isn't possible today to have a small email provider. While probably not having that intention from the start, Gmail played a huge role here as its existence allowed everybody to just ignore/block small providers.
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free.
Lol, what? One of the biggest company on Earth is being pictured as a victim for creating services that siphon data out of half the planet's people? Don't take it personally but I can't fathom how you think this is FREE. It's literally the most lucrative business there is and it's only going to get worse—and not for them.
Why do people keep saying google is free ?
People pay for it dearly with their data for advertisement.
In fact, even when you _do_ pay, you still get ads!
Just watch when they squeezed everything out of the users they are going to slap a fee on them and tell them to fuck off otherwise. It's the same pattern repeated over and over with big tech.
[deleted]
> huge chunk of internet infrastructure, for free
for free? I guess tracking you to death and shoving ads down your throat does not count as monetizing anymore then?
You assume there will be no takers to replace Gmail, whereas there probably will be hundreds waiting to do it.
There are plenty of e-mail providers out there. None of them have even come close to toppling gmail. Gmail is free and good enough for most people. Gmail is to e-mail what kleenex is to tissue. It's almost synonymous.
I am not sure the backslash would be big if Gmail said that a year from now you would have to pay $9.99 per month to use your Gmail ($12.99 ad-free). I mean people would complain, but would that actually give a backslash? Especially if they made it easy for people to move their account elsewhere? People are used to paying a lot more for things outside of tech.
I suspect what is really holding them back is the loss of data, and the loss of the assumption that ~everyone has a Google account that they are logged into, which means they can be traced around the web. Google also benefits from this, since its anti-bot tool will be more accurate and less fustrating to users.
> I am not sure the backslash would be big if Gmail said that a year from now you would have to pay $9.99 per month
I think approximately 95% of all Gmail users would leave. Regular people are accustomed to paying nothing for things like email. And if I have to pay for email, I am not paying Google for it, especially not twice the cost of Fastmail.
[dead]
Their existing premium plans start at $17 per year. Even pushing people to that level would be a serious upset. $10-13 per month would make everyone hate them.
> Especially if they made it easy for people to move their account elsewhere?
Sounds mostly impossible.
> People are used to paying a lot more for things outside of tech.
They're not used to paying for an email account.
[dead]
I have no issue with firms making money, and I am sympathetic to the people who work on these problems.
Not for one second, am I sympathetic to the firm, because it is simply a business acting on its incentives to minimize costs and maximize profits.
Google keeps it running because they make money off of it. Tech firms have profit margins unlike any prior industry; maybe feudal kings come close.
They make money off of it because they (like all tech) avoid investing in human heavy services like customer support / trust and safety. I have had google safety members vent about how they can’t get engineer attention. That when they do get it, engineers don’t want to help the moderators or the moderation software. Their incentives drive them to find a way to obviate the moderation process entirely.
People working to fix things and make it better for users are great. The firm? Heck no.
>> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free
They CHOSE to offer it for free so they could monopolise the market. They got roped into absolutely nothing.
What a lame first comment. They're making tons of money. Sounds hard. Let's give up all our freedom.
A lot of people here work for Google. Tough to understand something when your salary depends on it.
Source:
They have gotten ROPED INTO? seriously?
The company that wilfully monopolised email somehow got involuntarily roped into running said email?
Do people love revising history like this?
[deleted]
You think goole is the victim here? Poor google, owning gmail.
You know, if it's such a bad deal they can stop owning it any time they want. They already lied about it - I was told I would never have to delete email, and turns out I had to.
I don't care either way, I moved to tuta last year.
Spam is getting horrible lately. I get all sorts of new techniques including:
- using legitimate sites to bypass filters, like sending you a bill through a legitimate bill-creation site
- pretending to be a tracking service for something you supposedly ordered, then over the course of days pretending the package got lost on the way and offering a discount code for the 'purchased' amount, expecting you to use it on their phising site.
Gmail not only fails at spam classification, they classify these messages as important and nag you with first priority notifications and summaries.
I can’t prove it, but it feels like the world recently decided that spamming/scamming is acceptable, so the number of spammers/scammers has increased dramatically.
The number of spam calls, texts, emails, iCloud account unlock requests, etc I’ve received in the last year is insane.
I believe that these spammers now concentrate their efforts towards e-mail addresses hosted by major providers, like Gmail.
The reason is that I have an opposite experience, during the last couple of years I have received much less spam messages than before.
I have hosted my own e-mail server for more than 2 decades. Previously, I had to filter large quantities of spam messages, but lately the number of spam messages is much less than 10% of the total number of received messages.
I’m considering self hosted. I’m so tired of the major providers not even trying. And I have no serious control over blocklists.
My personal domain has the MX records pointing at Gmail. It gets far less spam than my Gmail address does.
What about fastmail.com or hey.com or proton.me? I have heard good things about all of them.
I use fastmail, I love it. I have a catchall and thus can use a different address per service. Leads to sometimes awkward conversations as to why the email address contains the company name in it, but can also be a life saver. For instance, free recently got hacked and all their email db was online. I can just block this email address and not receive the spam.
Fastmail itself is reliable and fast on the web, but I only use it through IMAP anyways. It works perfectly.
[dead]
Lack of accountability for the companies that allow their services & platforms to be used for spam/scamming.
Take DocuSign for instance. Still, this many years later, is a major source of phishing emails from their free trials. DocuSign could easily shut this down today by either requiring a CC for the trial, or forcing a call with a sales rep to start a trial. But they don't, they continue to allow their service to be used for wide scale phishing.
Atera, an RMM, is another one that has been a big source of malware delivery, also via the free trials.
Shutting down the trial accounts after the fact does nothing, the emails already went out.
I feel like there's no way for them to win, though. The kind of accountability you're talking about what require them to do essentially tons of KYC/AML vetting, and HN would be equally outraged about that.
It's a little hard to get outraged about that hypothetical, given that legitimate usage of DocuSign typically involves sending them documents containing all sorts of sensitive information.
Every single day since around the start of the year I get at least 1 text with the content of roughly: "FROM TRUMP: You could be the next winner of this PRIZE/MONEY!", "Click here to receive your $10,000 tariff refund!", "DEMOCRATS are trying to DESTROY EVERYTHING!". Plus I get almost daily calls that immediately hang up, and leave a 30 second voicemail with no audio.
I've always had some level of political spam, usually only close to voting months, but this year has been the worst for me.
> I can’t prove it, but it feels like the world recently decided that spamming/scamming is acceptable
In the US, we elected a well-known scammer ... twice!
In addition, it feels like the past 5 years have brought on more marketing spam. I've been slowly reappearing onto marketing lists that I either never signed up for or unsubscribed from. They're coming from legitimate companies that I've done business with.
It's AI that's doing a lot of it. For a lot of spam, scammers would want to exclude anyone who may not fall for the scam due to the costs associated with dealing with people who won't pay you. Now that AI decreases the need for a human scammer to scam, expect them to start to widen their scam nets.
The decline had been happening long before AI hit mainstream.
It's been a _lot_ of years that I've hesitated to answer calls from unknown numbers.
Yeah this feels like one of those cases where the term "AI" gets broadened out so far it becomes meaningless.
This stuff is automated. The ability to automate spam calls (using the same form of APIs developers love, like Twilio) make it absurdly easy for one person to set up a spam machine. No AI required.
The lead generation was automated ten years ago ("Hello?"), but the actual scam conversation was not. Until recently, you still had to pay somebody in South Asia better than the prevailing wage of ~$1/hr to have these conversations, as well as set them up in an office with computers and managers, and bribe local police (call it $5/hr of fully burdened work product). If your success rate is ~1% and the average human portion of the scam lasts 12 minutes, you're getting 0.05 successes per hour, and you better be netting an average of $100 per successful scam (accounting for financial clearing issues / reversals!) or you're losing money on every hour worked.
You're correct about the calls, but the ability to talk with the people was the rate limiter. Even if you have many people in Cambodia or India, the scammers still needed to scam more than they paid out. Now you can have AI bots that do the first level of filtering.
Unfortunately scamming is a business and if certain actions become less expensive, I would expect more of them.
I get these voicemails almost daily it's a cutoff message talking about "a loan just came across my desk"
It's such a good tactic too to start the voicemail with the conversation already going people are like "what? who?"
AI + FCC weakening
Not just the FCC but the entire regulatory apparatus is completely non-functional when it comes to regulating commerce.
The clear, unspoken message in the USA is now: "Enrich yourself in any way you can, as fast as you can. Buyer Beware is the law of the land."
New tools like LLMs probably make previously unscalable techniques scalable.
I think part of it is AI allowing sophistication at scale, but there's also a generational factor. The techbro + business shark culture, influencers who manipulate people being role models, and so on.
[dead]
Oh no - you can definitely 100% prove it, this is the direct consequence, the exact intended consequences, of Trump gutting consumer protections - across the board, not only online but with food and laws about not dumping chemicals in rivers.
The man is the absolute worse person - unless your a rich guy, who wants to make more money by screwing over people who mostly don't even know it.
Anyone who reads this, I dare you to find out why that thing in your life you hate so much, sucks so bad - nothing is ever by accident or unintentional.
The United States, and its People, will be discovering/realizing different ways we have been absolutely f-d by that grifter for likely the rest of my millenial life, thankfully (silver lining!!) US life expectancy has dropped substantially for the 150 million Americans in the bottom 50% of income - rich people in America have to deal with this bs for almost 8 more years than we do
Oh yeah, if you want a faster out even yet - just make 30k or less per year, your life caps at 71 then.
I joke but I hate so much that people will read this and then promptly go back to sustaining this system at their job.
We work our lives away so the rich dont have to and they get to live 14 more years on average than poor people.
If I put on my tinfoil hat, it seems to be something deliberate, to push us all towards accepting hardware / software attestation and better "online id" stuff - "Don't you want to identify and stop the spammers and phishers?".
Email scanning and file scanning (on our computer) became acceptable when the level of spam and malware became intolerable. But it was at cost of our privacy. Today, Gmail scans all your mails and makes money from it. Both Windows and macOS have built-in anti-virus or malware scanners, and file indexers, and thus know all the applications and files in your system (which provides for more data on your profile with them). Now with both OSes, and even browsers like Chrome and Firefox, including AI, they will now use our own computers to not only collect our personal data, but even process it on our system and use it to build even better profiles to more profitably exploit us.
It doesn't have to be deliberate; it's just the economic incentives at work. AI providers are inclined to sell AI to everyone with a pulse, and it just so happens that a lot of its use will for towards spam generation.
It also just happens that they're the ones best positioned to provide attestation and identity services.
Eh - conspiracy territory. There’s been a massive evolution in phishing and spams with LLMs.
> Evaluating Large Language Models' Capability to Launch Fully Automated Spear Phishing Campaigns: Validated on Human Subjects
LLMs make phishing absurdly profitable, and can now make profits from targets who were previously economically unviable to target.
Gmail spam filtering is so bad that I believe it has to be intentional. I think they see email as a long term ad revenue opportunity and want to desensitize people to the spam.
I wonder how come I have such a diametrically different experience. I don't remember the last time any spam email got through the automatic filter into my inbox, and I had a gmail account for 20 years now.
Could be an A/B test. I’ve had mine for 17 years, it only became an issue 5 years ago.
I'm not seeing any of this, and I've have been using the same email address that forwards to gmail for decades at this point, and it's in every major email data breach.
I get, maybe, one actual spam email per year through gmail's spam filters.
I get more actual spam at my work email, which is not hosted by gmail, even though the email volume of emails sent from outside of my employer's network is orders of magnitude smaller than my personal email volume.
> pretending to be a tracking service for something you supposedly ordered
There’s a leak or someone is selling the data in a lot of the delivery companies in my country. I order something then without fail the fake text message pretending to be the delivery service. Only thing they screw up is claiming it’s failed to deliver too soon and the weird urls.
Messed up these companies are either selling it or being irresponsible with data.
Seems to be involved with government services too. I signed up for a welfare program that had me input all my data before denying me the service a few months ago, and the next day I started receiving spam calls and texts using some unique pieces of information that I had submitted in that form.
Called my state senators to complain about it and ask for assistance. Enjoyed the complete lack of follow through.
Spam is now AI powered. Let that sink in for a bit.
> like sending you a bill through a legitimate bill-creation site
Why aren't these things opt-in? Ditto for every other thing that sends you email. I reflexively mark anything I didn't sign up for as spam on principle.
Google is fine with everything if it's their service. I've completely blocked *.bc.googleusercontent.com, because it's basically used as a spam farm for years now, but Google couldn't care less as they apparently can't be bothered to even slightly inconvenience their compute engine users.
The same reason spam filtering is hard. It's not possible to catch every misuse of the service without too many false positives.
The same 5 urls has been used for 3 months
That doesn't really change the fact that it's hard. Do you know how many full movies are on YouTube that infringe on copyright? How many pirated streams are hosted on S3? How many piracy sites are behind Cloudflare. It's just very hard to police at scale and if something is flying below the radar it will be there for a while. They probably spread out their assets over many accounts, or even use misconfigured buckets with write permissions to drop some files in there.
Google's inability to scale their services should be a regulatory issue.
If their platforms (Gmail, YouTube, DoubleClick) are being used to launch scams, they're failing at scale and governments are failing at legislating / regulating.
The only way to use Google services somewhat safely is with hefty ad (and the rest) blocking.
All this ID and surveillance and privacy invasion and metadata retention and yet all these scams only seen to grow. It never seems to end up protecting anyone deserving of protection.
I wonder what it's all been in aid of...
Trust and safety doesn’t have the same maturity as cyber security. Things like trend and signal sharing between tech firms doesn’t exist, except through informal slack channels and WhatsApp groups.
The first major safety conferences for trust and safety came together only in 2023.
I kinda lost the plot here - what does piracy have to do with spam and phishing?
both deal with distinguishing legitimate vs illegitimate content.
Attempted platform moderation and abuse-enforcement.
This argument actually doesn’t work in Google/your-point favor since finding pirated content on Google is now practically impossible.
The reality is, Google is driven strictly by incentives and there are no consequences for letting spam/scams run wild vs. pirated content which gets automatically removed when a DMCA notice is received.
There is 100% pirated content on Youtube - not too much from Hollywood and you won't find anime on it - but if you watch foreign language media, there is very often the Official account and then like 4-5 others just blatantly providing the identical content, which is promoted alongside the legitmate content, so its fairly easy to start watching legit stream and find yourself not watching legitimatly a few episodes later, playlists are huge to prevent that.
The problem with this is the piecemeal enforcement all but proves they only care about stuff they get a cut of and that fact became more clear to me recently when I was watching a random drama made in Asia that I wont name due it being one of the best historical and educational shows I've ever watched - but there was a scene (this was made in the 90s btw) that was entirely innocent, not sexualized - it was done humorously, but I'm not a pdf file either so - anyways, there were fully naked children, with absolutely no censorship, on Youtube - 100% long enough to be noticed by their trackers - they obviously just are not reviewing certain content, at all.
I don't care about piracy at all - I'd still use Youtube if it was the primary source for pirated content, the idea that there may be some obscure content, that seems totally fine, in a language nobody really uses - except for Epstein types, if ever that was discovered - that Youtube had become a haven for pdf files bc of lax application of standards - I would want Youtube split away from Alphabet and force sold on the cheap to a more responsible owner (like Tiktok minus the responsible owner part) - plus an enormous fine.
I didn't believe that such content could exist at all on the platform - until I literally saw with my eyes that it obviously can.
"It's so easy when you don't know how". I'm not sure if this phrase is in common use at all, or if I just misheard it once and attributed it to mean that when the details of a problem aren't obvious, its easy to conclude the solution is simple. "Why don't they just do ___?"
At the companies I've worked at, I refer to this as the "well, can't you just...?"
Yeah, I can "just" after I "just" do A, and B, and C, and D, and E, and F, and G.
Drives me batty on top of being insulting. "Surely you realize I thought about that weeks ago, and if it were that simple, we wouldn't be having this conversation."
But hey, I get paid every 2 weeks.
It's probably possible to catch a lot more of them, but why look too hard when you can hide behind section 230 immunity and pocket ginormous profits instead of spending on this lol...
Ok, it's even harder when you do not care because they people are either freeloaders or locked into your solution because it's a customized mess.
[dead]
Ah! I have no answer for it, but am happy, Virgil-like, to now have a theory why the same stupid, obvious "Costco" spam from an @gmail.com address keeps showing up in my inbox no matter how many I mark as spam.
They seem unable to prevent phishers from using their acquisition, AppSheet, to send relatively convincing, targeted (to nobodies like me) emails that make it to primary inbox.
So, pleas ignored, forward these recruitment scam emails to the legal/fraud/phishing teams of the impersonated brands. For a company without the appearance of caring (in my opinion), perhaps law firm letterhead can encourage necessary prioritization.
It follows the same logic as physical junk mail. We accept the fact that we will receive junk mailers in our physical mailbox and just toss them out.
There is a big difference between advertising your services and trying to literally steal people's money.
This is an underrated distinction. Sadly, the line is so much more blurred now than even when I was a kid in the 90s.
There are so many businesses now which exist mainly to cheat you, operating at the very edge of what’s technically legal, and relying on their customers not really understanding the full terms of the deals they’re agreeing to. It’s sickening.
Can you post an example? Thank you.
Every payday loan company, the "we buy houses for cash" companies, rent-to-own companies, title loan companies, the entire buy-now-pay-later ecosystem, the timeshare industry.
Seriously dotancohen, get your people under control.
Not when half those "advertised services" are in fact scams.
We shouldn't accept that either. The USPS could stop accepting junk mail, if it were funded properly and didn't have to rely on junk mail for revenue.
Yeah, but junk mail funds the USPS, without it Republicans would've killed the postal service long ago, See the Pension requirement that they pushed in a vain attempt.
In the Netherlands you put a sticker on your mail box with either of these:
- NO ads, NO magazines/papers
- NO ads, YES magazines/papers
Some municipalities even make it opt-in so you'd need YES/YES to get mail without a name and address on it. (ie. not direct mail)
There are also laws to enable opting out of direct mail (with name and address).
In effect, junk mail is just gone once you slap a sticker on your mailbox. This is not an unsolvable problem if you just regulate things.
What jurisdiction is responsible for regulating my, Israeli, email "sticker compliance" when using Gmail, American, and the sender is in Romania?
the analogy breaks at "...to get mail without a name and address on it".
spam emails always have RCPT TO.
No idea, I didn't say anything about email.
That page looks phishing-related but doesn't appear to directly serving abusive content?
I am guessing that service returns the XML file as a directory listing; the file called winbridge.html does exist in that directory (and contains a JavaScript code to redirect to a different URL). (Another comment said they shortened the URL to remove PII (which I am guessing was in the fragment part of the original URL; the JavaScript code makes a new URL from randomly selecting a domain name (even though the list has only one) and appending the fragment part as the path), so I suppose the file name was removed and then this directory listing is the result.)
I shortened url to remove PII. Full url causes few redirects before landing on scam site.
[dead]
> Supposedly, using the QR code on the smartphone triggers an SMS sent from your phone to Google in order to verify your phone number.
Does anyone have a better source of information than this one forum comment from someone who thinks scanning a QR code is enough to get your phone to send a text message?
EDIT: It’s just an SMS URI. It doesn’t automatically send anything, just opens a text message for you to send.
This is just the old phone number verification with a QR code convenience method.
What happens when your phone can't do that? I use a flip phone. It can't scan QR codes despite having a camera
Apparently it’s just an SMS URI.
It’s not something specific to a phone. It’s just a convenient method to enter your phone number.
To enter their phone number because you sent an SMS to them.
So if there are any costs for sending this SMS it’s on you.
> So if there are any costs for sending this SMS it’s on you.
It's a $0/month e-mail service.
If the price of entry is a single text message, I think that's fair.
There weren’t any infrastructure costs to sending the first SMS ever,
there shouldn’t be any remaining for the consumer today
unless you’re a real unfortunate soul.
Exchanging SMS messages with any sort of reliability (like not losing your messages when you go through a tunnel) requires running an SMSC. That costs money.
Furthermore, carriers still charge each other for exchanging SMS traffic, though many of them just charge the difference rather than sending each other bills.
This approach is quite costly if you're out of the country, though. Sending an SMS is hit and miss when roaming in foreign enough networks, and each SMS can cost you a significant amount for exchanging 10 characters. Even receiving SMS messages far away from home can cost you money, which is a pain if you have a relative that could never get used to modern messaging services.
Are you one of the unfortunate souls I mentioned?!
PS Has the bio trap snared any robots yet?!
There weren’t any infrastructure costs to sending the first SMS ever,
Hah. Someone wasn't alive for the 90s.
Someone didn’t read all of the words ^_^
Infrastructure costs were marginal, near 0,
because SMS was just 140 bytes of text stuffed into already-occurring network traffic
between phone<->telco.
I did some work with Verizon and an IoT customer was asking about SMS pricing and the VZ guys laughed and said it cost less than a penny for every 1M SMS.
the VZ guys laughed and said it cost less than a penny for every 1M SMS.
Didn't stop them from charging $0.10 per text message in the 2000s and earning a fortune.
Yep, bastards!
and that’s only because an accountant demanded a cost of goods sold!
Continuing that behavior until everybody’s grandma had iMessage, is a large portion of why I don’t trust a telco!
(Not building out the full range of rural etc network they promised to, while cashing all of the government subsidies, struck me wrong as well.)
[dead]
Technically if you can copy paste the qr code into any qr reader website and manually do it, I think it's possible? Assuming it doesn't change the code very rapidly every few seconds.
Would be a bit silly for it to rapidly change given that manual action must be taken after scanning even on well supported devices.
My S24 Ultra no longer has rear cameras, they no longer work after the phone fell from a table. I can not scan QR codes either.
So many companies - such as electric car charging stations - require this without considering failure modes and alternative workflows.
The elder gods have declared that you have been unpersoned... until you buy a new phone.
Also try squeezing the phone at various points to see if it pops the internal connector back in. You can find a repair video to see where the connector is.
They properly do, but then conclude that it would be more costly to implement and create those workarounds than not getting the extra 0.01% of users.
then google has decided that you no longer should be able to use GMail (for now) and the internet (in the future)
eh, they gave up on trying to control usenet and haven't touched gopher so I'll just go there
The old method was for you to receive an SMS. Because it's easy to pay a phone farm 30 cents to receive an SMS now, they're changing it to sending. Phone farms will also adapt.
I think it's probably enough to get your phone to open your texting app with a pre populated number and message body, then all the user needs to do is hit send.
But isn't phone number verification usually works like... Google sends you a SMS, not the other way around?
you see, in that case google has to pay, but flipping it like this makes the customers.. oh wait the product pay.
It probably opens a prefilled text message and the user still has to hit send. That's the only API I know on iOS anyway.
Can confirm this is what scanning the QR code does. I just went through this to get my Google dev account verified.
Regarding how easy simswap is in 2026, it's dangerously stupid from Google to rely on SMS
I wish it was. I've looked everywhere for several years for anyone offering this service so I can get into my 2004 Google account that they enabled SMS 2FA on one day, without any notice, but it has the wrong phone number. I have the username, password and the recovery email address is set to another I own too, but without the SMS code I'm hosed.
You should just determine which carrier hosts the phone number and then go get a job there as a customer service agent or store employee. You'll get full permissions to change accounts, so you'll be able to make the change, fix your gmail, then change it back.
You probably risk some legal fallout though, so be cautious.
This reminds me of the women who sleep with Meta employees to get their accounts unlocked. It's 2026, we gotta do what we gotta do to get our digital lives back.
I don't know why verizon etc.. don't charge like $0.25 cents per sms. Then these provider would stop sending too many sms.
I recall reading that twitter was getting "scammed" because there were some phone services that cost money to receive texts (and possibly some of it was being passed on to the customer of said phone service) and they were getting spammed with phone verifications to get the payouts. I guess when twitter extorts your phone number out of you under false security pretenses and then uses it for advertising that's legit but if some one tries to a get a cut for themselves it's a big problem.
It occurs to me this "force you to send the sms" might be a way to avoid exactly this sort of thing.
They used to do just that, though people could pay about $25-30 (in like, 2008 dollars! So that’s closer to $47 today) for ‘unlimited text plans’.
I know you mean charge just these bulk senders, but if they didn’t charge consumers a similar rate too, whoever wants to spam SMS can just set up farms of consumer SIMs and dump them onto the network that way. In fact, they already do this.
That clarification matters, but I don't think it makes the privacy concern disappear
Recently helped a small business set up a Google Workspace account and we hit a wall during registration.
Told the owners that if Google is already being difficult during signup, imagine being locked out later with client work on the line. Pulled up a few horror stories about Google lockouts to drive the point home. They ended up with another workspace solution.
When trying to upgrade from the Business Standard to Business Plus plan, Google will reduce your workspace storage from 2TB/user to 0 bytes for up to 24 hours while it upgrades you.
These are actual quotes from support:
> Upon checking, I see that the storage is showing as 0 bytes, because of the upgrade that has been done from business standard to business plus. Not to worry as this is very normal.
> I understand your concern and how important it is for the storage to be updated due to the business requirements.
>
> To give you full transparency into what is happening: when a Workspace subscription is upgraded, our backend systems must first detach your previous Business Standard storage allocation before provisioning the new Business Plus limits. During this transition window, the quota temporarily defaults to zero.
> Now please turn ON user storage limit nor shared drive storage limit. Once you turn ON, please wait for 5 minutes and then please turn it OFF.
^ That last attempt to try to force storage quotas to reset faster didn't work, btw. Still took hours.
Google Workspaces are just like Windows 11 on the network, and constantly running Windows update. You never know what changes, installed/uninstalled, or breaks.
I feel like I must be using a different gogole workspace. I've used it every day for the last 10 years and just don't seem to have these issues? Stuff just seems to work for the most part? It's all way more stable and low-admin than any other desktop software I've used at least!
Are you a home user or corporate? Do you maintain a deployment for multiple users?
This is why I have I have started planning to transition away from Gmail for all domains I manage. Gmail doesn't actually get any better as a product - just more annoying as they try to upsell me on crap I don't want or need. It gets a bit more shitty every year.
The sheer size of Gmail means I have zero chance for support even though I pay for a service. The risk is too great to be acceptable.
> and we hit a wall during registration.
What does this mean? The scanning a QR code and sending a text message from this article, or something else?
I've been reasonably happy with it since 2013 now.
This last year however, I've started to hear complaints from staff of annoying popups about AI stuff people don't want to use
What do they use instead? Grass tends to be greener on the other side. Though it wouldn't surprise me if Microsoft offered better support despite having a worse product.
With which workspace solution did they end up with?
I assume "next leading brand" ;P
Hopefully that means Nextcloud ;)
No idea, but there's Zoho.com ...
Cloudflare for email people, its the best and free
Can you clarify this statement please?
I'm confused too. Cloudflare is a DNS, anti-ddos, CDN, and light cloud
This is not really an 'email service' the average person can be expected to use..
Then don't use it ¯\_(ツ)_/¯
This is useful. What were the horror stories?
Which workspace solution did the client settle on?
Yeah, I can't even register a new Gmail/workspace account at this point. "This phone number has been used too many times."
Everyone hates on Microsoft, but their platform is 50x better than Google. Personally nowadays I would be looking at Proton if I was going to setup a workspace for my company.
This is hilarious. Microsoft has had many issues and outages with M365 in the last few years. I mean, I guess if you don't rely on mail, then sure.
If one takes the comment to mean, 50x better for support, I can believe that. After all, 50x almost nothing can be achieved fairly easily.
Maybe MS actually has support. The UI is so much worse than Google's (which is bad enough for communication compared to Slack) that you just cannot win though.
[deleted]
We are 365 shop… I cannot think of one single time the 365 being down has affected us at all. Maybe you’re right I don’t know. Maybe your region is worse than my region.
Nobody cares about very temporary outages, they care about support
I have to say, I’m finding the “New Outlook” deeply unsatisfying coming from a GSuite company the past 4 years. MS was better in 2021 than it is now. The new one reeks of Jony Ive style minimalism. I constantly can’t find anything I need, and it takes a lot of fiddling to do simple things.
I generally have rooted for MS over GOOG on this type of thing, so I am not saying this out of fanboyism.
Outlook is better than Gmail? This is a hotter-than-the-Sun take.
Have you actually tried both?
Used them both for years.
Outlook eats Gmail for breakfast.
The way shared accounts, lists, and work assignments are done in Outlook require their backend (share point inheritance), and google drive is pretty good even for some small files, but when all is considered O365 wins.
Then if you are in Europe, you should not use any of those and other very good solutions are currently growing super fast.
The latest moves from google are the damning smoking gun evidence that anti monopoly court ever needs. "Do this or else". Recaptcha, gmail, google suite, android, chrome, colab and even google play must be viable businesses on their own, separate from google ads machine. Gmail must start competing for users with other email providers. And, yes, recaptcha must pay its infrastructure cost in full only from recaptcha revenue. This is the good way to level playing field, silence all the critics and let air into the room.
I like how they argued AI was a massive threat to their search empire and subsequently advertising empire ... and then a few weeks after the judge issued their astonishingly light measures to address Google's monopoly abuse, they partnered with Apple and achieved ~100% of default AI agents on smartphones being powered by Google!
Google is a such a monopoly in email you can just go online a get any other free or paid email service.
I went through it to register just now. No QR code required. Same flow as it has been for years:
1. Personal/Child/Business
2. First/Last
3. Pick email
4. Date of Birth
5. Backup email / Skip
6. Password
7. Enter phone number
8. Confirm with 2FA code
9. Done.
I just made the email testregistrationflow@gmail.com and have since forgotten the password. So that’s one burned. But feel free to try testregistrationflow1@gmail.com and see if it works without a QR code.
The headline is clearly a misstatement of what is a specific flow for someone to make many Gmail accounts programmatically.
You can reach a point where the phone number you used for 2FA has been "used too many times" and then you're stuck in the middle of registration. There doesn't seem to be any documented limit anywhere and the only solution people have been able to use is find someone else to help you verify with their phone number. What makes this more difficult is when you get logged out of one of your accounts, they ask for a phone number for 2FA to login, you provide the same phone number you used originally (even though it is not officially associated with your account, just to verify registration), but that fails because your number has apparently been used too often. So now you can't even log in to your valid account that already exists. Sure, should have added some other form of 2FA or a passkey to the account, but why can't I verify with the same number I used originally? And just to top things off, you can't use your Google Voice number for 2FA account verification when signing up for another Google service.
>find someone else to help you verify with their phone number
Very risky, either of you gets banned (it's a risk given now ban happy Google are) you'll both lose your accounts.
The number is not associated with your account, it is just used to verify legit account creations. Retroactively nuking an account due to using a "banned" phone for account creation verification would be wild and not in Google's best interests.
You can totally get a random "we've detected a suspicious activity, please verify the phone number you've used during registration" form during login.
IIRC the limit is 4 accounts and it's documented somewhere.
I'm constantly spinning up new accounts for clients and I've used my number on way more than 4 accounts, so maybe it is on a rolling basis over some time period?
Probably depends on how "trust worthy" you seem to Google for them to trigger this requirement. Things like using Linux, using Firefox, using a VPN, etc.
Or it's just being A/B tested right now.
The irony is that no real scammer would use this setup because they know it would stand out.
Denying scammers the ability to use VPNs and virtual phone farms without standing out does make their job harder
They should probably go back to the original invite only flow they used when Gmail launched.
Every account having the ability to invite an only small finite number of new accounts is one way to thwart scammers.
Not without some kind of delay function and probably filtering/evaluation of which new accounts get this capability...
Everyone here should be familiar with exponential growth of n-ary trees. If you can get one of these accounts and each new invitee gets to invite 2 more, you can already have accounts gone wild.
If it's a tree, it's easier to prune an entire branch that's gone bad.
So, the scammer should send an invite to a real person from one percent of the accounts in the tree, wait a few months, then flip the evil bit on 90-95% of the accounts they registered. If the whole tree is cut off the reputational damage is really high (10,000 valid users nuked because of actions other accounts took...)
Yep, it's a never-ending escalation.
It was not finite, or uniform. I refilled the invites every week or so based on user behavior.
Not really, even "legit" marketing providers have massive automation rigs to warm email addresses, make them behave naturally and email each other in rings for a bit before using them for cold outreach.
So they'd just do this to farm invites if they needed
That's certainly an interesting idea - mostly everybody should know someone who has a gmail account, so if you get a couple invites a month, that should be plenty and the setup would
Well I was about to say destroy scammers, but I just realized that they would send out spam to places where you could gamble your invites for Real Cash(TM) or just straight up buy them.
This would lower the creation of accounts, but then they would be rarer and worth more to spammers, since a spamming gmail would be rare.
And we would hear sob stories of people getting their accounts closed for inviting spammers.
When you create an account through google services on a phone, you don't even need a phone number.
I hit both a google QR captcha and traditional captcha today. They're phasing it in.
"A tester in A/B testing situation swears that B tester is not telling the truth"
It certainly disproves a headline saying “Gmail now requires scanning a QR code”.
This is why I always ignore these headlines until I see the change firsthand. In this case it wasn't even an article, only a brief forum comment, for a topic as complex as spam protection. Might not be an A/B test, could just be someone with a low-trust profile (eg Arch Linux ipv6 in Singapore with multiple Gmails).
Well, a headline that states that “Gmail now requires scanning a QR code for some people some of the time” is not too exciting.
Yeah I set one up a few weeks ago for testing, same process.
I just checked and it asked me to scan QR code and after opening QR code it will attempt to send some random token..
Google is probably doing A/B testing or they are using some sort of ML algorithm....
Maybe it depends on the country?
This feels like one of those "security" changes that also happens to conveniently eliminate a lot of privacy-preserving workflows
Because it is. Total surveillance only works if the people are forced to wear the tracking collar. The next steps are tying it to CBDC, that require a phone number to access your wallet, and tying it to realid/passport to restrict travel.
2FA has become the wedge to break privacy into a million shards.
Total surveillance only works if the people are forced to wear the tracking collar
Better to call it a noose. Because you can also be entirely "unpersoned" online if you don't comply.
I prefer TOTP, but service providers seem to prefer their own apps or sms.
Phone numbers have become the unique identifier used to build profiles of people and the providers can still claim “security” when they change it to pursue that revenue stream.
There are services online dedicated to temporary account activation phone numbers to bypass Google's requirements, but most of them can only receive messages. Requiring the user to send an SMS seems like an excellent method to get rid of those services so that bots can no longer use them.
I don't really see the point of a privacy-preserving workflow when it comes to a Google account. It's not like they need to know your phone number to track you.
They might adapt and support sending sms (hopefully) in addition to receiving them.
I guess all other services which send sms verification code will switch to ask the user to send the sms, like google.
>>don't really see the point of a privacy-preserving workflow when it comes to a Google account. It's not like they need to know your phone number to track you.
More information is always better.
Also, if you can get a Google account, it's like a magic ticket to use services that want to violate your privacy. So, if you can get an anonymous gmail account, then you can use it for all the enshittified sites, and reserve your actual email for sending and receiving messages to humans.
Is this the reCAPTCHA crap I just ran into minutes ago? It’s the Cloudflare “verify your humanity” thing, and the checkbox isn’t good enough, so now there is a “mobile verification, the support page for which (that I briefly skimmed) talks about scanning a QR code.
(EDIT: TFA didn’t clear it up for me, but it sounds similar.)
Wechat (Weixin; 微信) from Tencent has been doing this for years. Now Google is becoming the new Tencent and the US is becoming the new China
Do we get cheap EVs and high-speed rail now?
Tech first north korea
Nope you get Marvel Avengers :)
I got this a few weeks ago, it was a URL like "sms?:number" which tries to pre-fill text in app. Didn't work for me (Fossify) so I had to copy the number and verifier text from that URL and send it manually. It's for saving money spent on providers like Twilio.
I tried to create a new gmail address recently because my primary gmail address is my name, and it's quite common, so I get more email for other people than I get for me.
My phone number - which I've had for about 15 years and have only ever used for personal purposes (minimal SMS, mainly just an iMessage/Whatsapp ID) - is apparently "not eligible" to create a new gmail account. Which is quite strange.
For something as central as a Google account, it feels pretty unreasonable that a long-held personal number can be silently rejected with no appeal path or explanation
If this is with a new android phone, return it and let the manufacturer know why you couldn't use the phone.
If he had this phone for 15 years, I bet it's not bound to a phone, it's bound to a sim card.
Phone number, it’s not tied to any piece of HW because is portable. I’ve had the same phone number equally as long, but I’ve transferred it to multiple devices over the years.
> requires scanning a QR code
That's like saying you need to "scan a QR code" to open a train door, not mentioning that the real requirement is linking your phone to your payment data so they can bill you. It's not the ability to turn a data matrix into bytes that Google is verifying here...
Register your own domain and use that for your email, and you'll no longer be held hostage by Google. Takes almost no effort and will cost you a few dollars a month.
But what do you actually use as the email host? If you just set up your own mail server, you're almost certainly going to have everything you send go straight to spam.
You still need to register with someone like google, or Proton, etc.
Believe it or not, email service providers actually exist.
Rollernet.us is a good one. They have excellent deliverability, reasonable prices, and everything you could want related to email.
They have a few minor other services, like DNS management, but they are not a cloud compute provider.
Another option is to use a cloud compute provider like AWS. You don't need to run the VM yourself to use SES for email messages. The hard part is the webmail access: you have to choose between a poor interface (an S3 bucket) or running a managed VM to host something like Roundcube.
Yeah, but you're not beholden to them. There are 100 different hosts you can use if you own your own domain. If a host changes in a way you don't like, just move your domain elsewhere. If you're using Gmail, you're stuck with Google. Being independent of any one host is the important part to me.
Personally I have my own mail server and use smtp2go for sending which handles the deliverability issue. I'm not sure it's worth it going this way but I found it fun and its been 0 maintenance
There are tons of hosts! Personally, I love Fastmail.
> you're almost certainly going to have everything you send go straight to spam.
I run my own email server on DO, nothing I send goes to spam. (I normally follow up on nearly all emails in case you're assuming some flavors of sample bias.)
Runbox is great, and not that expensive.
So? Your email won't be held hostage.
I have done as OP suggested and the main benefit is that I can move my email elsewhere.
For now my email is with Apple, since they offers email hosting as part of the icloud+ (or whatever its called). If they decide to die/enshittify, then I can move to another host without having to change any contacts.
One the other hand, since I did use my bare gmail for some years, I am still stuck with it, in case I have some service that depends on it.
I switched from self-hosting to Apple’s servers a year or so ago and it’s been splendid. No issues sending to other servers, decent spam filtering, and no nickel-and-dining for having more than one domain, or more than one user, or adding email aliases. If you’re already paying for iCloud+, there’s no extra charge for it.
I don’t wanna sound like a salesman. It’s just that it’s been a surprising good experience for my family, especially for the price tag of $0. And if it ever does start to suck, I can point our domains at a different server.
> and will cost you a few dollars a month
Dead on arrival.
If you don't feel that's worth it you can use Gmail, yeah.
It's not just me; most people won't. That's the issue.
Even if your time is worth $0, you're paying far more than a few dollars a month to have a google account. Price discrimination from third party vendors is probably running you 5-10% of your credit card bill every month.
That's opaque to most users.
If it weren't, then Google's business model would not be viable.
Why is it an issue? I don't care what other people do with their email.
Democracy is the style of ruling where majority's ignorance dominates over the vulnerable. You will be eventually forced to use internet and forced to use the way your government wants you to use it.
Yeah, fair point. They're certainly trying to push it in that direction but so far there are still alternatives. I've seen age verification get a hell of a lot of pushback so that's encouraging.
I can set up all of the personal services I want. The average person does not want to do that. They do not have the skills, and it does not add value for them to do so 99.999999% of the time.
The tools and offerings we're given are built to fulfill the needs of the greatest number of people. For better or worse, those people are not people who want to mess with the infrastructure around their email.
Because when most people use the one email host, they neglect all other users. Even my yahoo email is regarded as second grade citizen now. A hospital straight told me they refuse all yahoo addresses.
I mean, that's certainly retarded, but most businesses aren't that stupid in how they choose to run things. I've never, not even once, run into a business who cares what your email is. They will use any address you want, whether you have a known provider, or self host.
I know this ^ seems unreasonable, but I know you’re right.
Mostly because of conditioning: it’s been 25 years now that free webmail is the way Gen-X, Y, Z, and future generations do email. Boomers and the older Gen-Xers may still be hanging onto an ISP address, if they haven’t moved too much since the 1990s.
After all that, plus with their email addresses being the opposite of portable, there is no limit to how much crap people will take, when the alternative is learning a little bit about domain registration and DNS, and paying $60 a year for Fastmail or whatever. Email, they believe, is supposed to be free as in beer.
Sad but true. Also, confession: I used to use first name @ full name . com and got tired of the confused looks and typos when I had to give it out, so now I use a six-character Gmail with numbers so that it’s just like people expect.
It seems we're at a bit of a crossroads. It seems like the world both needs:
- Permissionless email (i.e. for agents, empowered users who can program now)
- Pervasive email allow listing
Wonder if these can both exist at the same time, i.e. having a "public" email that is read first by AI (let's imagine we're in a world where prompt injections weren't so possible) and heavily filtered, along with one that is private and allow-list gated (via some easier-than-gpg-to-use identity marker).
Oh, excellent! Having been on the end of someone flooding a service with tens of thousands of autogenerated Gmail accounts.
And if you don’t want to share your phone number with Google, which I totally respect, there are a zillion other email providers. Contrary to popular perception, Gmail != email.
most major platforms reject email addresses that are not from major providers. for example creating a deepseek account asks to use a "global provider" and gives GMail as an example. github recently rejected @proton.me. discord does this as well etc
I’ve never, ever, not once, been blocked from registering because I was using a self-hosted domain. I’ve seen plenty of services that block anonymizers, typically with the explanation that they were getting too much spam from there.
Won't be registering any new gmail accounts in the future and will gladly dump the ones I have if Google tries to force obtaining my phone no.
Google is trying to retain the value of their userbase, because many third party services use Gmail auth as a signal for low fraud risk.
Yep. In general I'm glad I have so many random accounts now that everyone is getting more protective, it's like a credit score.
I recently had to do google takeout on an old google apps account. The account didn't have 2 factor auth and while enabling it I got stuck in a loop scanning the QR and getting a code via text message. I can't remember how I eventually broke out of the loop?
I wonder if there is a single engineer at Google who actually understands the whole registration/verification flow and all the edge cases?
Last time YouTube wanted to verify my phone number it was easier to find a free service to receive SMS than for Google to deliver it to my actual phone. And Google didn't care I "verified" a number assigned to other side of the world.
Be careful. Google once locked me out of an account that I've owned for over 10 years one day. My username and password were correct, but they randomly flipped 2FA on (without my consent) and sent the recovery code to a phone number that I switched away from years ago. It was completely unrecoverable. There's absolutely no way to get in touch with customer service. Never make an account with them unless you're not willing to lose it randomly to automated bureaucracy.
It's becoming increasingly hard to find a service that lets you see verification messages, and even then google doesn't like a lot of the numbers those services use
In my country there are several telco operators that will send you basically an unlimited number of SIM cards for free (as in free beer) that you can use for getting the verification SMS and then immediately throw the SIM away. The only "cost" is that you have to wait a day or two for the SIMs to get to your physical mailbox.
What happens when they ask for you to get another code to that same number, though? Can you access that number again?
Can you delete the phone number after verification + switch to TOPT (with the private key written down next to your password, probably in a password manager) for 2FA?
I think that's considered "more secure" in most account security flowcharts.
Yeah I try to switch everything to TOTP these days, try to remove the SMS option on whatever I can. Google offers about a dozen ways to verify your account now.
If you create an account from another country, since you can only send the sms verification from that country, locks your account to that country for at least one year. I created a US account years ago and it still is US. I don't even spoof my location.
Gmail turned me off way back when it became obvious that they scanned your email to present relevant advertising.
I've paid for email nearly forever (Earthlink, not the most high tech provider but good enough) and get nearly zero spam. Their price went up again recently, but apparently if you mention Fastmail they'll match the cost.
I was listening to the local TV news a few weeks ago and the reporter talked about an SMS scam insisting that you owe unpaid turnpike charges. He said "most of us have seen them". I'm thinking, I've never received anything like that!" and then realized it could be because I don't give out my phone number to just anybody who asks. And tend to push back when they do.
I use GMail and Hotmail/Outlook but via Thunderbird or the Android app, I almost never use the Webmail interface.
What happens if Google pulls the plug on your account and you have no offline archive?
Most people don’t understand how QR code works. So right now it may just send a SMS or prepare for it. But some day, it will do the remote attestation under the hood and the end user does not see the difference. I would bet a lot for this preparation.
The days of my old google account that predates real identity policies are numbered...
People already assume that your "google name" is your official name, so much so that I had to patiently explain a delivery man once that the funny nickname he had for some reason in the delivery notice did not match my ID because that was an old google account from a time when it was usual to use any funny handle for your account.
Is this for GMail only or just Google accounts? A while ago I was able to signup for a Google account with an iCloud relay email, and it _seemed_ like I had to give my phone number or use Google Authenticator… but I worked around it by using Chrome Devtools to create a virtual WebAuthN device, after which I was able to scan a QR code for 2FA with 1Password.
I get like 33 and a half million spam messages per day to my Shopify store, all bots using Gmail addresses.
Google really need to get it together. Their sender reputation bypasses all the normal spam filters, but if it was up to me…
Thanks for the update. I've been meaning to fully move away from gmail. It's clear that now is the time.
Gmail has been evil both for client privacy as they use email scanning for marketing purposes, and for 'spam' filters that reject legitimate emails.
The fact that they're introducing QR/SMS/MMS/whatever they want is actually an interesting signal, because it will harm the customer experience, which might result in the growth of responsible paid email services.
> Gmail has been evil
It is good to realize that it has never been "Nice Uncle Google" and always an advertisement moloch offering tools to hook their product. All that trust that was bestowed was never warranted.
This seems pretty optimistic. If you ask 30 random people on the street if they’d rather give Google their phone number and jump through whatever dumb SMS hoops, or switch to a new email address and pay a few bucks a month for it for the rest of their lives, I’m thinking Google is getting all 30 phone numbers. Sadly.
The only “real” competition for Google Workspace is Microsoft if you need a full collaboration solution beyond just email, and 99.999% of customers of such hosted solutions need that full solution. It’s why Dropbox worked even though hacker news users probably roll their own sync solution.
Tuta, Fastmail, and Posteo are all much better alternatives to Gmail in terms of privacy.
My comment, as per subject, is about Gmail.
His point was just that many business users can only purchase Google’s solution or Microsoft’s solution, because they’re the only services that will offer interoperability with many other security and compliance services and advanced functionality like SSO, third party email scanning, compliance journaling etc. The email market is essentially a duopoly as soon as you need any functionality beyond basic email.
The simple fact that you believe this is insane to me. Microsoft?Security and compliance? Ahhh, yes the north star of security!
No, you don't need either of these companies if you need a corporate stack for communication and collaboration. And anyone who believes Microsoft or Google is doing anything out of the ordinary to protect their users or data is out of the loop.
>No, you don't need either of these companies if you need a corporate stack for communication and collaboration
A lot of corporate (customer) email sevices drop email from everybody except a very short whitelist.
It's not about actual security; it's about the appearance of it. It allows CTOs and such to check a box to say "Why yes, our vendor is secure! Look at all their claims! Look at how many other companies use them!" That's it. Safety in numbers for clueless CTOs.
This is just the new "no one gets fired for using IBM".
We need actual liability laws for compute services at this point, and they should pass through every entity between the bits on disk and the end user.
Google disappears someone's realtor's corporate email, and it cost the agent a $100K real estate commission? Google and the employer get to pay $50K, plus damages to the customer.
Or whatever. The point is not that they'd be paying lots of these fines. The point is the cost of non-compliance and insecure setups is 1000x the cost of just doing their jobs. At that point, the bean counters would allocate another 10% to engineering, and all the easily-solved problems would disappear.
Proton has calendars, drive and meet.
And is not a US business, which is an important selling point to several companies and public institutions here in Europe.
I agree with the broader point, but I'm not sure the migration to paid email is automatic
It was easy to see coming, and it’ll spread further and to more services. In fact, recently they even forced old accounts to log in or they would delete them.
It’ll happen with social media accounts and other things too. The account creation date is going to become an even bigger heuristic in their spam models.
Obviously this is bad in general, but what's the threat profile here? Google already has the content of your emails and I guarantee they have pinned down your fingerprint unless you're using Snowden-level counter-int.
Protest this by using a paid email provider. My $60 yearly payment just went through today, is that honestly too much for the typical person around here?
Reminds me of Telegram that forces you to pay premium to login to a new device depending on the country. Login, not registration. This is all due to the cost of SMSes of course.
You can bypass this if you have a passkey, but phone and password isn't enough. No idea why they opted to do that, it's not like passkeys are indicative of any device binding.
sms are free, at least rcs
RCS is not SMS. RCS does have a fallback to SMS in some rare inter-carrier cases, but it won't fall back if you're stuck on 2G or anything.
SMS also isn't free. Many contracts contain "free" texting, but that's just SMS being packaged into the subscription price.
Carriers charge each other for (excess) SMS exchanges, so SMS simply cannot be entirely free.
How do you scan QR codes on the device that is showing the QR code?
Didn't come up in testing. What sort of user wouldn't have a google-issued corporate laptop and phone?
I can say that this QR code could be requested if IP is suspicious and/or associated with unusual activity. Recently I did register a new google account from my own residential IP and it did not request any additional confirmations, not even SMS verification.
This could well be to help prevent sms pumping — where someone makes money by receiving smss to a particular set of numbers. Requiring the user to first send an sms breaks the economics that type of fraud.
I wonder how long it will be until those without smartphones will be completely forced out of the mainstream internet.
Time to leave the sinking ship.
Try Tuta, or Proton, or Fastmail, or Zoho.
I recommend people switch to Tuta mail - the most privacy focused, email service. Read about it.
If you haven't created a Gmail or an Instagram account in a while you might be surprised how aggressive it is. For instance, try doing this without verifying your phone.
Both can ban you right away because they had to ramp up their anti-spam protections. Pretty much everyone already have an account, so most people creating new ones are just that, spammers.
Or they are kids / young people, who didn't need email before, and now need it for school / college.
Yes but they're almost surely in the minority by now.
Soundcloud now needs a login for you to do anything. Instagram is not showing even previews anymore, the web's velvet glove is tightening.
the most nefarious thing about Gmail/Google Accounts is how it's not only the default SSO option, but for many AI services, notably even Chinese-owned ones like Deepseek and Kimi, it's often one of the only ones (the other being Apple ID).
[deleted]
fwiw I was able to set up a fresh google account without SMS via a used android device (with no SIM installed), 2 days ago. But I suppose on balance, having a second device is more onerous than having a second SIM.
Yes I had the same issue and wrote an hackernews comment[0] and was gonna write a blog post but laziness (but I am glad that privacyguides wrote an article!)
I also want to share a comment that someone (Velocifyer) added on my comment:
"If you make a blog post, make sure to also comment on how the audio reCAPTCHAs are nearly impossible and are blocked on public VPNs. The visual reCAPTCHAS have vauge instructions (they say “Select all squares with busses.” when they mean “Select all squares that have a bus or part of a bus and do not select any other squares.”. For 2 years I could not figure that out so I had to use the audio captchas but then Google blocked them on public VPNs and also made them almost impossible. I could only figure that out when Google Gemini clarified it for me."
Also another fact that I had discovered but to upload youtube vidoes more than 15 minutes you have to do this verification with sms and I found that its system of sending sms was quite finnicky and (too much limits is actually just one try)
Google and other tech giants's recent changes/lobbying are really impacting the open internet and it feels to me like we as people who have knowledge about these topics must do something to reform things as I simply cannot ask people who are technically unaware about these topics to fight for these changes unless we advocate and educate them about it
Most people just have simply way too much of other issues to fight for these things that they have almost taken for granted, but this to me means that the responsibility is on us people who are technically sound to fight against the attacks on open internet if we wish to preserve it.
I think my point is that we all might be waiting for other people to protest against these tech giants but I think that the world is looking at us people for such protests, Let's hope that we are able to educate more people and the open internet is preserved.
Our small steps might mean a lot in the future and so to not be dis-illusioned to make small steps thinking that they might be too small but we have to fight tech giants if we wish to preserve open internet. Every step is meaningful no matter how small
... and gives me a message on my primary phone: "This number has been used too many times."
[deleted]
Everything is going to get so much worse and AI really is to blame. So many websites now have these verification pauses and CAPTCHs because of AI agents. Part of it is agents. Part of it is everyone running their own awful versions of Googlebot.
Years ago IIRC there was a "bug" where the Android emulator allowed you to create real Google accounts. This was found and I'm sure millions of these accounts were created. There's a whole black market for Google accounts. Whereas I lost a Google account I'd created for a relative because it hadn't been used in awhile and it was tied to a mobile number I no longer had.
I don't see how this ends without registering for a service like Gmail being tied to your government ID.
I don't understand the anti-agent blocks. What exactly is the problem if an AI agent reads your website and summarizes it for me? If it is bandwidth, why not spend the effort making a screen-reader friendly version of the site, and somehow shunt agents to that (saving 99% of the cost of serving the page)?
(I run an ad blocker, so the ads will not be displayed either way, but I see more agent blockers on ad free sites than ad supported ones anyway.)
How could they.
There is one way to sign up for a gmail account that does not require this: get an old chromebook out of the trash or for $20, then go through the account setup process on ChromeOS. It will create a google/gmail account that does not require use of a smartphone.
Google has requried a phone number for registration for a long while now, and blocks many types of phone numbers, including almost all easily-created ones, making creating new Gmail accounts rather difficult without a trip to the store to buy a prepaid SIM.
(In many countries, including soon the USA[1], you can't get a phone number+sim without showing ID, also.)
It's important to note that even if you have to provide ID to get a SIM, Google still doesn't see your ID (yet).
When did it start?
Wow! My 93 year old mom will not be able to use Gmail.
There are defo still some workarounds to make new google / gmail accounts without giving a phone number or any info.
Now people only need to connect this to age sniffing and the global corporate-driven movement to destroy and abolish VPNs. Politicians are no longer working for the people but their own money - aka by definition these are lobbyists.
Note that "scanning a QR code and sending a text message" means, for the most part, a smartphone. One could do so via a tablet too, I suppose, but most who register will do so via their smartphone device. For some reason accessing the www is increasingly tied to "identify now!". This is a huge contrast to the freedom of the 1990s. I don't think we should accept that.
Have you got something to hide ?
They do all this and meanwhile, in between startups and a few personal accounts, when I try to register a new Gmail account and do the text message verification (the old/current TOTP style) I get "This phone number has been used too many times."
Meanwhile the amount of spam from Gmail I'm getting goes up and up and up.
A couple years after a hurricane left me without power for a week two, I fired up a generator, configured my phone as an AP, and went to do some important things in my Gmail account.
We need to prove it's really you, they posited. Simple enough I thought. I'll just use the same password I've used since 2001.
Oh, I must authenticate with a text, you say? Certainly not a configuration I've made myself, but they're holding the cards on this one, so be it.
I enter the confirmation code.
We still need to prove it's really you, again.
Shucks. I try again. And again. And again.
Sorry, but you'll now have to fuck off. Why? Because we've locked your account for complying with our security theater.
Fuck. I'm in a disaster zone. I need to get things done!
Google cares.
But thankfully, so did the FCC, which I registered a complaint with, arguing from the perspective of interference with emergency communications.
The FCC actually sent the rascals a letter. The leviathan complied and unlocked my account, and suddenly my password was secure again.
Thank you FCC. Although I doubt I'd get the same results with current adm...
This is not new, back I think in Feb when I registered a new one, it did ask to send an SMS instead
I also receive too much spam, I'll believe in their AI whenever they are able to fix spam.
spammers also use AI
The real problem for privacy is that governments are increasingly outsourcing the verification of identity and bot protection to private companies.
And what do you expect instead? To get a Russian gosuslugi ID, you also need to bind your phone and ID number.
And of course their database is leaked in real time.
Outsourcing? Governments have never been involved in bot protection or online identity verification for anything else than their own websites.
It's like saying that the government has outsourced burger making to McDonalds.
Estonia is the exception here, not sure about the other Baltics. Switzerland is trying. The UK is trying to try.
LiveJournal allows verification with Russian State ID "gosuslugi".
I do mean for their own websites.
Thanks, now I understand your comment.
This is a hard no for me. Google is out of control.
People complain a lot about Gmail, but honestly I kind of understand Google's plight here.
They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free. If they ever shut it down the whole world would end up rioting because it's so widely used.
But it's expensive, complicated and time-consuming to maintain - and both a source of and recipient of endless waves of spam and scams. It's an endless pile of data to hold onto, FOREVER, as well.
I enjoy hating on Google when appropriate. But when it comes to Gmail, I understand what they're dealing with.
It's honestly why I believe the idea of free e-mail is just bad, fundamentally. You can't expect a free e-mail service to be good or have any kind of support. The fact that it still exists is more out of shear fear of the repercussions than any good will on the owner's part.
Just get a paid e-mail service. They're better, and offer a lot more peace of mind.
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free.
I’ll stop you here. Google offered it for free and, at the time, offered such an high amount of mail storage for free it sounded insane. At the time, my ISP gave me a 25MB or 50MB inbox and that was considered pretty decent, when Google was trying to get people in with 1-2GB.
They absolutely have a right to take ant steps they deem necessary to prevent malicious use of their product, and certainly aren’t obligated to provide it for free, but Google wasn’t forced to provide a free email service, much less one that went so far above and beyond their competition.
> and certainly aren’t obligated to provide it for free
And I'll stop you here. It's less than obvious that there's no obligation. If you provide a critical service that folks rely on at a price less than your cost, you drive out competition, and it's a critical part of your own business model, dropping the service without warning is IMO on the border of what Google should be allowed to do.
There were plenty of free email services before gmail. Google isn't at fault here because they provided a better experience.
There are plenty of free email services _after_ Gmail too. If Google want to destroy their product, have at it.
Yeah! I can't believe people know basics about cartels, trusts and dumping.
It does feel like a lot of very intelligent people here basically start at a first principles belief in property rights, and discover or dispute all of the rights and protections put in place over centuries to patch up the issues that occur when that philosophy meets reality. It reflects poorly on our education systems that these apparently weren't covered or were unconvincing when presented. Or maybe it's just a reflection of the era? In practice organizations seem to be repealing these protections through limited interpretations or loopholes, so maybe that skews people's expectations?
There is a lot of information, in various forms, on the internet that are specifically designed to misinform those who hadn’t taken a course on that particular topic, but leaves the reader feeling they learnt something. Right now LLM’s are good at picking those apart for the reader if they decide to dig deeper, however, I fear this era might not last.
> LLM’s are good at picking those apart for the reader if they decide to dig deeper. I fear this era might not last.
Yeah, I'm not sure that pinning one's hopes for a better-educated populace on LLMs is going to pan out well. Education requires trust and active defense against malign actors.
> it reflects poorly on our education systems
It's fascinating that you choose to blame either the education system specifically, or "the era", while ignoring the existence of an immense right-wing propaganda machine and simple human greed.
That our education system wasn't resilient to that well-funded propaganda machine is what reflects poorly on it. That such a machine is allowed to exist reflects poorly on our institutions more broadly. I'll never blame human greed. Systems are designed for humans, if they fail to account for human nature then they're bad systems. I'm not really interested in litigating whether humans as a species are bad.
> education system wasn't resilient
Fun little exercice: How is education funded (not just school, the rest as well) ? What does the salary scale look like ? Would you jump into that boat if had the qualifications ? (and probably: why haven't you jumped into it until now ?)
Once you've got through all of that, how resilient do you expect the system to be ?
>Systems are designed for humans, if they fail to account for human nature then they're bad systems.
Systems will always be bad. It's why corporations will always be bad. The complexities are too much for humans. You will never account for all variables. Account for one, with that you are exposed to another. This becomes clear to me when you look at government and the systems it tries to use, since forever. Climate change is another great example. Requires coordinated change across the globe. Many many many factors why that will never change. Change in the system of that size is too hard. So is it the system that is bad, or maybe it's just a reflection of limitations within us as a species, today?
A terribly defeatist attitude. The same could be said about, say, death during childbirth. For hundreds of thousands of years people tried methods of midwifery to ease that process and reduce deaths to little effect. People considered that to be women's lot, an immutable fact of human nature. Then we figured out how to reduce deaths during childbirth to a relatively tiny fraction of all-cause mortality, and that level of care became standard, at least in parts of the world. Why would you be so convinced that systems of organization are unsolvable? Where is your hacker's spirit?
We have a system for improving organizations. Competition.
The actual problem is that our system for preserving competition is insufficiently effective.
Human systems have a critical bottleneck, it's run by humans. That doesn't mean it's necessarily a flaw, but it means all systems are corruptible if it's run by corrupted humans.
And I mean this for any sort of system from corporate, nonprofits, dictatorships, oligarchs, and democracy. Democracy is still a human-run system and that people seem to think democracy is somehow this bastion of freedom is a delusion.
If we want better systems we need better people running them, but that's a conversation that's emerging so we'll see how it goes.
>Systems are designed for humans
They also happen to be designed by humans, and if you're just begging to have the system fix people's beliefs about corporate greed for you but don't think people themselves are at fault I have no idea why you'd think the systems would be fixed.
Always these complains about corporations or systems or institutions, the responsible person is never "I". If you're unwilling to take responsibility for your institutions why do you think they'd fix your problems? The beauty is people always get the institutions and rulers they deserve, it's not some mysterious system that allows these things to happen, it's you and I.
This doesn't sound like a meaningful critique. You're basically arguing for a culture-first approach to a systemic problem, but insisting that that culture should be one of individual responsibility. I contend that it's exactly that culture that divides the oppressed and justifies exploitation. You've decided a priori that people get what they deserve. I see injustice and try to spread understanding of how our systems create that injustice in hopes that people will change these systems to rectify them.
I'm not at all opposed to the concept of personal responsibility and accountability. In one's personal life it's important to be responsible for yourself. It's also important to understand the context you exist in, and how your actions affect others. It's bad to, say, litter on the streets, and I'll reprimand someone interpersonally for doing so. But if you live in a world where a company comes by and dumps truckloads of trash into your park every week and your government lets them, no amount of personally refraining from littering or scolding your neighbors will get you a clean community. In this case those who need to be held accountable are whoever decided on the dump-trash-in-the-park policy and whoever was supposed to stop them and didn't, and the only solution is a change of policy and creation of accountable enforcement mechanisms.
I'm not just talking about individual responsibility, but collective responsibility emerges from individual responsibility. You start with yourself, then your family, then your community, then your state, then your country, bottom up.
When the company dumps garbage in the town you don't blame the company, you and your neighbors go and put a stop to it. If you're both individually and collectively indifferent then you indeed get what you deserve. That' not an a priori assumption, that's a logical fact. You either take control and self-govern or you're governed. This idea that education or social life works like McDonald's where you yell for the manager if something broken is pathetic.
Vague complaints about 'the system' or crying for some hero CEO, strongman president or influencer or activist of the week to save us poor souls isn't how a free people act. These are problems that can be solved locally from the ground up. You don't need to wait for 'policies' to change, you and your neighbors drag whoever is responsible for that out, or even organize the garbage disposal yourself if need be.
[dead]
>immense right-wing propaganda machine..
I see that the left-wing (what ever that means) does not have access to this machine, for some reason...
> the existence of an immense right-wing propaganda machine
The biggest trick corporate oligarchs have managed to pull off is convincing people that consolidated markets are "right-wing". Adam Smith is in the public domain, you can read it for free:
https://www.gutenberg.org/ebooks/3300
A core premise of the book is basically that competitive free markets are good, antitrust is important and government regulations have a tendency to favor cronies and impair competition.
The cronies, of course, don't actually like competitive free markets, so they pervert this as "government regulations including antitrust are always bad" whenever someone wants to do some trust busting. Which in turn sets up their own misconstruction as the straw man to knock down whenever they want to demonize competitive free markets in order to sustain or create regulations propping up their monopolies.
America's right-wing has never wanted competitive free markets, and has never been represented by Adam Smith, the man who said:
"the disposition to admire, and almost to worship, the rich and the powerful, and to despise, or, at least, to neglect persons of poor and mean condition is the great and most universal cause of the corruption of our moral sentiments."
America's right-wing has always been about enriching the connected and the already powerful. Nothing more.
How can we end up blaming the right wing when the propaganda machine is bigger on the other side and even bigger on the government side It's always someone else
I think the idiocy required to agree with the some of ideas of the "american left" vastly exceeds what is required for a complete lack of self reflection.
So I am not really surprised.
It's not a poor reflection of our education system, it's all just motivated reasoning. Smart people will move heaven and Earth to argue themselves into a belief that their self-serving position is actually borne of some global altruism.
Except gmail is hardly a cartel, etc. I've never had a gmail account.
I'd assume that you also never tried running your own email server and have the email actually delivered to a gmail address, then.
That did work for decades up until recently. It took me a bit to realize that google email recipients had stopped receiving my emails.
I self-host an email server and can definitely send email to Gmail addresses.
I've self-hosted email systems for businesses for nearly 20 years. I've actually had far easier times delivering to Gmail/Workspace clients than Outlook. Outlook constantly breaks strict DKIM with some of their protection scanning nonsense for emails that seem to get good deliverability almost everywhere else.
Exactly. Outlook is the main source of deliverability headaches.
Been doing it for over 20 years without issue, for myself and many other customers.
I should have been more clear that I feel bad for the users.
I don’t have much empathy for Google.
I think people have forgotten the various historic monopolies and abuse they've perpetuated just because the new ones do it digitally.
I’d say that if Google suddenly stopped providing Gmail for free, destroying the primary means of communication for billions of people, governments would be justified in immediately nationalizing Google with no compensation.
Corporations aren’t magical entities that somehow exist outside of social obligations and can do whatever they want as long as their own terms of service permit it.
Maybe they could announce a pricing increase for a somewhat distant future date.
Maybe $1/month starting in 2 years, then increasing to $2/month for the next year, $3/month for the next, on until they feel they're covering costs.
That way it gives people time to look for alternative free providers, or time to get used to the idea of paying for email.
> Corporations aren’t magical entities that somehow exist outside of social obligations and can do whatever they want as long as their own terms of service permit it.
Where's your support for this statement in the law?
The existence of law itself is the only necessary support... Law is merely encoded social obligations that the government will enforce. That a single law constrains corporations in any way (and that is clearly the case) proves the statement.
In the broader context GP is clearly advocating for what the law should be, or should be changed to should certain events come to pass. Demanding support in existing law for a proposed change in law is nonsense if that's what you meant to do instead of narrowly discussing the nearly vaccuously true quote you pulled out.
People can actually make new laws. Happens all the time.
When push comes to shove, the law stops mattering, every time. That’s true for individual rights and it’s true for corporate entities too. The era where things like that don’t happen is a very small slice of human history that is currently coming to an end in real time all around the world. Not long ago, a government simply taking over a company was something that occurred quite regularly.
I remember in the early days you could watch your storage quota go up in real time.
Back when Google was still fun and innovating. Enshittification consumes all.
also, people changed. Seems like nobody wants to see cute fun stuff anymore. I bet they'd get lawsuits of people claiming false advertising since the numbers aren't strictly true.
"when Google was trying to get people in with 1-2GB."
The G in Gmail was for a gigabyte and that was what I got in the noughties for "free", when as you say my ISP offered something like 5MB on the end of a POP connection.
To be fair you can cram a lot of ASCII into 5MB. However you can email piccies to a mailbox with a 1GB limit if your modem doesn't melt first.
Obviously, this was during the "don't be evil" days.
Even then the reason they were giving people so much storage space was because they wanted people to get in the habit of keeping their private data on Google's servers so that Google could mine it whenever they felt like it. Giving users effectively unlimited space was a selfish move on Google's part, not a gift.
Try signing up for a Google Gemini Paid account with a third party email... Better still, try signing up for a Gemini Paid account with a registered android phone that isn't triangulated to a desktop. If they can't own you, they don't want you at all.
Google's annual revenue is $350 billion. I can't believe someone would feel bad for such a company, because as you pointed out, this entire Gmail thing is part of the reason they have that revenue.
Google has done nothing but be a wolf in sheep's clothing. I'm not going to shed a tear because they have to maintain an email service.
Also they make it really difficult to mass delete stuff. I'm basically stuck paying for their storage because I don't really have the skills to self host (but I'm working on it!)
They make it impossible to delete stuff if you stop paying!
I was on Google Workspace for about 10 years. I moved off their service because the mandatory Gemini price hikes meant that it no longer represented value for money.
I get excessive storage utilisation warnings for some shared drives I used to have but because I no longer have a paid up license, I can’t manage shared drives anymore. So I can’t delete them.
Google’s “support” team in India told me all sorts of lies about how to resolve the issue, but they’ve finally settled on a position that I would need to reinstate my Workspace account, at my own expense in order to delete the data to stop the emails and save Google money.
They refuse to acknowledge the patent absurdity of this situation and escalate it to someone who can actually fix it.
Google has support?? How did you find it, and what other services besides gmail does it cover?
Note they said "workspace". This has some level of support baked in, as this is the paid enterprise product.
https://knowledge.workspace.google.com/admin/support/contact...
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free.
This argument would have flown 30 years ago with Yahoo.
Since then we had Uber pumping so much money into a losing business until it drew the competition bankrupt.
And now we have AI pumping so much money into a losing business until they hopefully replicate Uber, only won't work and signs are all over the wall that they just burned a trillion dollars.
Which opens great prospectives for incumbents WHO LEARN FROM THE MISTAKES of the powers be at the time.
About time to start a "Don't be evil. FOR REAL." This time.
If in 30 years it's necessary to start "Don't be evil. REALLY, REALLY, REALLY this time" then so be it.
I'm starting the 2.0 version. Fuck AI. Fuck incumbents. Long live long life and freedom of choice!
I find your views interesting and wish to subscribe to your newsletter.
No really - got more ideas about "Don't be evil. FOR REAL"?
(Please understand I'm being sarcastic. You should interpret this post as a joke)
Hi. I'm a VC bigwig and I'm very interested in purchasing your company. I, too, believe in Not Being Evil
Not only that. I was probably not even a teenager or barely a teenager when registering a gmail was not as simple as clicking "sign up". You needed someone to refer you and upon registration you got 25 referrals in return. Needless to say, entirely ditched gmail forever ago and use it as a spam mail. They can have all the fun they want training slop on that.
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free
What you mean for free? First, they have all the data they get from you. They now track you even when you are not using your phone. They can/could know if you are doing your number 2 regularly or not only.
They control how the internet moves. Https? Sure can enforce. Trackers, etags ? Why not.
They sell every single bit of information on you for a good price. And now they are even more friends with a very good orange buyer. They have a TOS on you that they can chop and sell you whenever they want and you can't complain.
What you mean for free? Maybe for you it seems free, but people are paying them premium for lots of stuff.
Google used to be admired by the innovation and good ideas that shaped the world to a better world. Now they are still shaping the world, but not for everyone
You're correct that it absolutely isn't free but the gall of Google to, once they have all the data, to turn around and demand additional payment for continuing to store all the data they sought out and that they've resold many times over - it's shameless greed at this point.
And it's isn't even like they're struggling with profitability, either. It'll be hilarious if this forces common folks to switch back to IMAP since once a user has been burned into spending the trivial cost to set up a local mailbox sync they're unlikely to go back into Google's arms (especially given how cheap (in money and time) disk space and cloud backups are these days).
Google just sent me an email saying my google account was deleted due to lack of use for 2 years.
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free. If they ever shut it down the whole world would end up rioting because it's so widely used.
Not even remotely true. They regularly shut down products and services with impunity. If Gmail cost more than the data they directly or indirectly mine and sell from their users, Gmail wouldn't exist either.
The stuff they've shut down has been nowhere near as important as Gmail.
Shutting down GMail would practically amount to shutting down email. It's by far the largest email provider in the US (and probably in the world but I don't have that data). There's no other provider who could take up the slack; if it were to abruptly shut down, a lot of users would simply lose access to email altogether.
They'd generate a huge amount of ill will by shutting it down, and that in turn would likely lead to a nontrivial share of people moving away from Google core products (like search) out of pure spite.
Wait, Google does search these days?
To what? Google Search sucks thanks to the idiot who ran Yahoo into the ground, but everyone else sucks more. Every time I try to use non-google search the results are virtually useless.
Google has firmly been in the "we're so big we can suck at everything, but you'll still use our stuff because you have no other choice" phase that Microsoft was (is?) in.
They've dominated email so much that their spam filter makes it a very risky proposition to run your own domain; chances are very good it'll just start dropping your messages. Even if chances aren't great, can you take the risk of an important email getting zapped?
To this day I still routinely have to fish out my gmail spam folder dozens of emails from various open source mailing lists that have been around for a decade or two, some hosted on kernel.org, because the spam filter is convinced they're spam. Google is too fucking stupid or lazy to whitelist sites like kernel.org.
FFS even google groups I'm in that are technical get obviously-not-spam messages tagged as spam!
At one point AOL was the largest ISP and email provider on Earth too. If gmail died off people would just move to something else. It'd be annoying, but it wouldn't be the end of email
Google could actually do everyone a solid by killing gmail. They have enough influence in the industry that they could create a standard for email address portability, and then slowly force everybody to move off. By the end, one of the biggest problems with email would be solved and people would be able to switch email providers like how we can switch phone providers without needing to change our phone numbers. And Google would get to save a lot of money by no longer needing to provide everyone's emails
oh no. what a shame that would be.
No, that wouldn't happen. Lots of people don't have email through Google, for one. Those people will still use email just fine. Moreover, the people who do use Gmail will simply sign up with another provider. It won't be a big deal.
> No, that wouldn't happen. Lots of people don't have email through Google, for one.
Based on some data I collected around five years ago, roughly 80% of US customers used GMail for personal email. It was overwhelmingly the most common choice. I suspect that number has only drifted upwards since.
(What about the rest? 15% were using Yahoo; the rest were spread thinly across AOL, Microsoft, ISPs, and colleges.)
I’d honestly expect to see regulatory intervention if they tried this.
In a better time I would expect the government to step in a acquire this fundamental service and fund it with tax money. Right now? The only intervention I would expect is a massive subsidy to pay Google to keep providing it, while also letting them continue to spy on everyone's mail (which is a crime, but not if the mail is on a computer, I guess).
Government-operated Gmail would become such a massive cesspool of spam and hijacked accounts. It'd be spectacular.
Do you believe that if the government provided email, that the government wouldn't keep track of everything you did on it?
Depends on the health of our institutions. In the US at least they're legally obligated not to by the highest law in the land. It gets ignored now, but it's a more promising path to privacy-preserving digital infrastructure than letting the private market handle it.
Oh, I think it's been ignored for a long time. Remember Snowden?
> but it's a more promising path to privacy-preserving digital infrastructure than letting the private market handle it.
The history of governments suggests otherwise.
Unfortunately, the Constitution has been flagrantly ignored by the federal government for close to 100 years now, if not longer. Everything that FDR did was blatantly unconstitutional, but nobody stopped him, nor did they roll it back when he was gone. The Constitution has no real practical power to restrain the government if the people don't exercise their rights as voters to hold it accountable, and it is abundantly clear that the unconstitutional stuff the government gets up to is (largely) actually pretty popular.
Do you believe the government doesn't keep track of your email, just because it's hosted on googles servers?
I used a private mail server for years, and the government didn't keep track of it. Of course, what happened at the email's destination, who knows?
Yeah, but they still don't run a charity. They sell ads and information - and gmail provides them with lots of valuable information.
If that ceases to be true, goodbye (free) gmail.
Shutting down GReader ruined my life.
Has nobody made a better RSS reader since then? Or is the issue that GReader was so popular that shutting it down made everyone stop using RSS?
it's insane to frame anything a company like Google does as some kind of goodwill. rather than an amoral profit optimization. contrary to OP, what people often overlook about GMail is not their "plight". but the powerful brand awareness it creates
Yes it is remotely true. Name one thing they have shut off that a large number of people actually used and it was important. We all joke about Google dropping things and yes they have, but saying they can just drop Gmail is.. well, insane.
they essentially shut down the old (useful) google search when they prioritized ad-heavy websites in the ranking
This fixation on "importance" is laughable. It is "insane" to drop Gmail because it makes them a shitload of money. That is how corporations work.
The reason people mention importance is because corps like Google don't just care about per-product profitability, they assess how one product affects the rest of their business.
Gmail is not now nor has it ever been free. Everyone pays for it. To your point many people use it and for businesses to contact their customers they have to pay into whitelists for high volume delivery. The costs are passed onto the customers, including those that have never used Gmail. Companies that do not pay into such lists and that have many customers using gmail have to set up careful rate limits which means the emails will not be delivered the same day.
Email marketing and campaign companies pay into these lists and they pass that cost onto their customers as well.
There has never been a email provider that accepts mass email delivery to millions of recipients for free.
Is this really true? Where are these lists? I’ve never heard of this so I’m quite intrigued.
It's an accusation that has been going around for a while, but I've never seen it substantiated.
It's a negotiated price signed under NDA, is why most people have not seen details. If you are friends with your CFO and you email millions of gmail users directly likely because you are B2B ask them for the line item. If using a email campaign provider they will not disclose how much they negotiated to pay. Most B2B companies end up going with email marketing and campaign providers as it is far more cost effective than doing it in house even if you have highly experience email postmasters which my team had it just was not our core business model and I could not justify the FTE's.
As just one example, sending high volume emails from Amazon requires using Amazon SES [1]. Some people here are familiar with sending from SES vs. trying to send high volumes directly from EC2 instances.
[1] - https://aws.amazon.com/ses/pricing/
Their ecosystem netted them over $130 billion profit last year, I don't feel sorry for them at all...
right, that comment reads as if they're victims for intentionally putting themselves in the position of holding and reading the maximum amount of information about everyone they can. bizarre
There’s also no indication Google wants to wind down Gmail. This change just looks like an aggressive method to stop bots and spammers.
Do you have any idea of how much they can datamine from an email service? Just making a special parser for amazon emails can give google a realtime insight on the ecommerce space.
For a while Amazon stopped giving detail about the purchased items in their emails, to prevent Google from doing exactly that.
A year or two ago they returned to full detail. I've always wondered if it was customer pressure or a backroom deal with Amazon was reached.
I kind of doubt that Google would cave to the former, right?
i wonder how AMZN hasn't started its own mail yet.
With the (future) shutdown of WorkMail, AWS almost did the full circle.
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free.
No way they are doing it for free.
Basically they tied Gmail 1:1 to Android accounts. I have a Gmail mailbox for a few reasons: 1) self-squatting my usual handle, because they are a large email provider 2) it's my Android account and it's where I get documents shared on Drive 3) maybe it's the way I login to Google cloud but I don't remember. I used to have a customer with servers in there but it's long gone.
Anyway, gmail is their way to manage a part of the Android infrastructure and it seems they like running Android.
>Basically they tied Gmail 1:1 to Android accounts.
>Anyway, gmail is their way to manage a part of the Android infrastructure and it seems they like running Android.
I've deleted my Gmail mailbox and Android works fine, any document share notifications go to the email address on the Google account.
If anything it's better without a Gmail mailbox because those notifications used to only go to my Gmail no matter what alternative email addresses I set, now they all go to my actual email address.
Only problem is I can never reopen the mailbox because the "Add Gmail to your Google account" screen has decided I've already used my mobile number before.
They charge for google workspace and many companies use workspace and expand on the services they use provided by workspace. The trojon was gmail and gmail interface / app on android and iphone.
This is their entire MO though; they offer a free product to build a customer base then they figure out how to get to know them biblically in an attempt to extract a profit and it doesn't matter how underhanded or unsavory it is.
Maybe at some point in the mists of time, someone just wanted to offer people a good email service but at this point it's a pattern of behavior across every Google consumer product so I can't give them the benefit of the doubt.
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free. If they ever shut it down the whole world would end up rioting because it's so widely used.
You have a point, but if you've ever seen how a gmail account behaves for the ordinary person once it reaches 80-90% storage capacity used (15GB free, some cumulative total of all emails and google drive content, google photos content), all of these free services exist to sell a perpetual monthly recurring subscription to users. And many people do pay. The default gmail web interface starts to have a big banner across the top warning about storage reaching maximum capacity with a link to the payment page.
Look at the workflow for a standard out of box android phone now that defaults to backing up all your photos to 'the cloud', which will almost immediately fill the 15GB free. Once your 15GB is full, then you're run through the payment/checkout workflow to enter your card and set up monthly recurring billing for some premium google service.
In general having a gmail account is the initial stage in the pipeline of getting someone to be a monthly-paid google customer for life. Whether it's just for more storage to hold all their google drive and photo content, or google workspace individual, etc.
Additionally, tying a gmail account to the primary-user android on-device account on any android 4.x+ device means revenue from google play store paid app sales. And then all those 'free' apps that the user installs where the app developer has implemented embedded small ad banners for google's ad network? More venue.
I don’t think it’s for free. There are ads in (free) Gmail, they harvest your data, and then the paid accounts are, well, paid.
This comment somohow makes it look like google is a non-profit charity organisation.
Isn't it the corporation which makes super-profits and gmail is just part of the equation?
I highly doubt that anyone would ever riot over loss of access to email, nor that it's some critical piece of infrastructure, there are dozens of other communication methods online today.
I get the difficulty of fighting spam, just wanted to say that Gmail is probably making them money too. It's still free to make an account, which means they have to be careful who they give it to.
> But it's expensive, complicated and time-consuming to maintain - and both a source of and recipient of endless waves of spam and scams. It's an endless pile of data to hold onto, FOREVER, as well.
They should let others do email. The more email service providers we have the better it is for everyone
No one is stopping anyone offering an email service, surely every IS does that?
The pain in the ass around deliverability to gmail is the reason I don't run my own anymore.
I haven't had any significant issues, but I think it depends on the luck the draw of your IP address.
Free? They serve ads on their clients. The best solution that solved this terrible issue was Inbox, which they purchased and then destroyed. Google also makes monthly cloud storage fees for anyone who has large files or photos. Also, it keeps people in Googles ecosystem. It’s a beneficial monopoly for Google.
Google syphons all your email data and uses it for their very profitable ad targeting business. The cost of providing email service is miniscule, especially nowadays. Ad profits are at record highs. They've done their math for sure. Saying that they somehow got roped into subsidizing a public service is not even close to reality.
I use proton, but it is not better than gmail. The user interface is explicitly inferior, and that is the main thing I care about.
Google isn't doing this out of kindness. Sure charging for mail would give some bad press but Google can handle it in many different ways and they have in the past. They provide the service because it's valuable to the business. They know that the void will be filled by another service. And that's bad for Google.
While I get your point, I can't think of a free email service that wouldn't also be a gate to other products. Whether it's Gmail, Hotmail, Yahoo mail etc. you always get an "account" as well, something that connects other services from the provider in an easily accessible place where the user actually gets monetized. The email is there just to make sure the user comes back.
You can't legitimately believe Google is a charity and maintains 'huge chunks of the internet' with nothing to show for it. Is it for free if they get non-monetary benefits? Like, my employer doesn't give me "free" money either; they get something out of the arrangement
the googles of the world are real-life analogs of lovecraftian gods, spending sympathy or defense on them is a category error. they do not know about you nor care about you, and would be just as happy dissolving you in their path as not.
Gmail makes 10s of billions annually based on best estimates
They aren’t doing this for free
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free.
yeah ok, google maps is free, youtube also...
And you know why? Because every single one of their product is either a data harvesting tool or an ad delivery mechanism, sometimes both. Let's not pretend they do it for free, it's their entire business model lmao
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free.
In exchange, Google gets to surveil half of the world's population, extract personal information from their email, and resell that information to governments and ad companies.
They could always just pause all new registrations for non-paying users. They set themselves up for this failure by merging YouTube into everything gmail and Google.
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free.
And now they have a treasure trove of AI training data, for free.
>They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free
Just because they don't charge you directly, doesn’t matter it's not profitable for them.
The highest comment in the thread is somebody defending Google, a trillion dollar company that profits hundreds of billions of dollars per year, with a wide-ranging monopoly on tech services, as being a victim providing a free service for the public good. While stating that holding onto data is a liability. As though the data was not the point. As though the data was not the payment.
I need to get off of this fucking website.
I hate Google when they pull anti-consumer crap. I believe they're too big, too unaccountable, and something needs to be done about them. Their power rivals that of a country and that shouldn't be considered acceptable.
But man, I would hate to be the one dealing with Gmail. It's a nightmare for the reasons I listed above.
Someone can in fact hold both of those opinions.
I was also actively telling people to de-Google and go elsewhere for a mail service.
Does everything need to be black and white?
Gmail is a nightmare for everyone else to deal with. Gmail is anti-consumer crap, through and through. A big part of why everyone uses Gmail is because using Gmail is the way you get your e-mails delivered to people who use Gmail. Google arbitrarily blocks e-mails from people using other domains, so together with Microsoft they've created a monopoly on e-mail that forces people into using big tech e-mail domains if they don't want their e-mails to get eaten. And the reason they do this is even more anti-consumer -- because they are farming a massive trove of data from your e-mails.
It's bizarre how you make up a sob story about how Gmail is just so hard for Google to deal with. They aren't maintaining it for charity. I'm sure, if I had no ethics, I could manage the burden of dealing with a software system that harvests the data of >1 billion people as part of my corporation's business plan that nets hundreds of billions of dollars a year. The reasons you listed for why it would suck to be Google -- it's "free" for users, expensive for Google, and oh god, you have to hold on to the data... are not reasons at all, because Google profits from it and Google wants the data. The data is the point. You belabour how Google has the burden of controlling a huge chunk of the internet's infrastructure, as if gaining control of a huge chunk of the internet's infrastructure is not literally their anti-consumer goal.
Google Ad's revenue per user is ~$50/year
>They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free. If they ever shut it down the whole world would end up rioting because it's so widely used.
Google used to literally have a counter inside Gmail showing how your account had a super huge and always increasing amount of storage. The courted their current market position. This isnt "Oh how did we get here with our big bleeding hearts" its just enshittification.
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free.
Don't bullshit to us here, please.
Google scan billions people's emails (including very sensitive ones like medical record letters) to then show relevant ads AND sell the data to some partners (hundreds of them).
It's not called "public infra for free". It's the serious for-profit business. The surveillance capitalism on the march.
>They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free.
Not for free. Being monopoly is a huge reward. It isn't possible today to have a small email provider. While probably not having that intention from the start, Gmail played a huge role here as its existence allowed everybody to just ignore/block small providers.
> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free.
Lol, what? One of the biggest company on Earth is being pictured as a victim for creating services that siphon data out of half the planet's people? Don't take it personally but I can't fathom how you think this is FREE. It's literally the most lucrative business there is and it's only going to get worse—and not for them.
Why do people keep saying google is free ?
People pay for it dearly with their data for advertisement.
In fact, even when you _do_ pay, you still get ads!
Just watch when they squeezed everything out of the users they are going to slap a fee on them and tell them to fuck off otherwise. It's the same pattern repeated over and over with big tech.
> huge chunk of internet infrastructure, for free
for free? I guess tracking you to death and shoving ads down your throat does not count as monetizing anymore then?
You assume there will be no takers to replace Gmail, whereas there probably will be hundreds waiting to do it.
There are plenty of e-mail providers out there. None of them have even come close to toppling gmail. Gmail is free and good enough for most people. Gmail is to e-mail what kleenex is to tissue. It's almost synonymous.
I am not sure the backslash would be big if Gmail said that a year from now you would have to pay $9.99 per month to use your Gmail ($12.99 ad-free). I mean people would complain, but would that actually give a backslash? Especially if they made it easy for people to move their account elsewhere? People are used to paying a lot more for things outside of tech.
I suspect what is really holding them back is the loss of data, and the loss of the assumption that ~everyone has a Google account that they are logged into, which means they can be traced around the web. Google also benefits from this, since its anti-bot tool will be more accurate and less fustrating to users.
> I am not sure the backslash would be big if Gmail said that a year from now you would have to pay $9.99 per month
I think approximately 95% of all Gmail users would leave. Regular people are accustomed to paying nothing for things like email. And if I have to pay for email, I am not paying Google for it, especially not twice the cost of Fastmail.
[dead]
Their existing premium plans start at $17 per year. Even pushing people to that level would be a serious upset. $10-13 per month would make everyone hate them.
> Especially if they made it easy for people to move their account elsewhere?
Sounds mostly impossible.
> People are used to paying a lot more for things outside of tech.
They're not used to paying for an email account.
[dead]
I have no issue with firms making money, and I am sympathetic to the people who work on these problems.
Not for one second, am I sympathetic to the firm, because it is simply a business acting on its incentives to minimize costs and maximize profits.
Google keeps it running because they make money off of it. Tech firms have profit margins unlike any prior industry; maybe feudal kings come close.
They make money off of it because they (like all tech) avoid investing in human heavy services like customer support / trust and safety. I have had google safety members vent about how they can’t get engineer attention. That when they do get it, engineers don’t want to help the moderators or the moderation software. Their incentives drive them to find a way to obviate the moderation process entirely.
People working to fix things and make it better for users are great. The firm? Heck no.
>> They've essentially gotten roped into maintaining a huge chunk of internet infrastructure, for free
They CHOSE to offer it for free so they could monopolise the market. They got roped into absolutely nothing.
What a lame first comment. They're making tons of money. Sounds hard. Let's give up all our freedom.
A lot of people here work for Google. Tough to understand something when your salary depends on it.
Source:
They have gotten ROPED INTO? seriously?
The company that wilfully monopolised email somehow got involuntarily roped into running said email?
Do people love revising history like this?
You think goole is the victim here? Poor google, owning gmail.
You know, if it's such a bad deal they can stop owning it any time they want. They already lied about it - I was told I would never have to delete email, and turns out I had to.
I don't care either way, I moved to tuta last year.
Any Gmail person can tell me why Gmail is tolerating Gmail phishing emails that use Google's own services (e.g. https://storage.googleapis.com/savelinge/... ?
More info here: https://news.ycombinator.com/item?id=46665414
Spam is getting horrible lately. I get all sorts of new techniques including:
- using legitimate sites to bypass filters, like sending you a bill through a legitimate bill-creation site
- pretending to be a tracking service for something you supposedly ordered, then over the course of days pretending the package got lost on the way and offering a discount code for the 'purchased' amount, expecting you to use it on their phising site.
Gmail not only fails at spam classification, they classify these messages as important and nag you with first priority notifications and summaries.
I can’t prove it, but it feels like the world recently decided that spamming/scamming is acceptable, so the number of spammers/scammers has increased dramatically.
The number of spam calls, texts, emails, iCloud account unlock requests, etc I’ve received in the last year is insane.
I believe that these spammers now concentrate their efforts towards e-mail addresses hosted by major providers, like Gmail.
The reason is that I have an opposite experience, during the last couple of years I have received much less spam messages than before.
I have hosted my own e-mail server for more than 2 decades. Previously, I had to filter large quantities of spam messages, but lately the number of spam messages is much less than 10% of the total number of received messages.
I’m considering self hosted. I’m so tired of the major providers not even trying. And I have no serious control over blocklists.
My personal domain has the MX records pointing at Gmail. It gets far less spam than my Gmail address does.
What about fastmail.com or hey.com or proton.me? I have heard good things about all of them.
I use fastmail, I love it. I have a catchall and thus can use a different address per service. Leads to sometimes awkward conversations as to why the email address contains the company name in it, but can also be a life saver. For instance, free recently got hacked and all their email db was online. I can just block this email address and not receive the spam. Fastmail itself is reliable and fast on the web, but I only use it through IMAP anyways. It works perfectly.
[dead]
Lack of accountability for the companies that allow their services & platforms to be used for spam/scamming.
Take DocuSign for instance. Still, this many years later, is a major source of phishing emails from their free trials. DocuSign could easily shut this down today by either requiring a CC for the trial, or forcing a call with a sales rep to start a trial. But they don't, they continue to allow their service to be used for wide scale phishing.
Atera, an RMM, is another one that has been a big source of malware delivery, also via the free trials.
Shutting down the trial accounts after the fact does nothing, the emails already went out.
I feel like there's no way for them to win, though. The kind of accountability you're talking about what require them to do essentially tons of KYC/AML vetting, and HN would be equally outraged about that.
It's a little hard to get outraged about that hypothetical, given that legitimate usage of DocuSign typically involves sending them documents containing all sorts of sensitive information.
Every single day since around the start of the year I get at least 1 text with the content of roughly: "FROM TRUMP: You could be the next winner of this PRIZE/MONEY!", "Click here to receive your $10,000 tariff refund!", "DEMOCRATS are trying to DESTROY EVERYTHING!". Plus I get almost daily calls that immediately hang up, and leave a 30 second voicemail with no audio.
I've always had some level of political spam, usually only close to voting months, but this year has been the worst for me.
> I can’t prove it, but it feels like the world recently decided that spamming/scamming is acceptable
In the US, we elected a well-known scammer ... twice!
In addition, it feels like the past 5 years have brought on more marketing spam. I've been slowly reappearing onto marketing lists that I either never signed up for or unsubscribed from. They're coming from legitimate companies that I've done business with.
It's AI that's doing a lot of it. For a lot of spam, scammers would want to exclude anyone who may not fall for the scam due to the costs associated with dealing with people who won't pay you. Now that AI decreases the need for a human scammer to scam, expect them to start to widen their scam nets.
The decline had been happening long before AI hit mainstream.
It's been a _lot_ of years that I've hesitated to answer calls from unknown numbers.
Yeah this feels like one of those cases where the term "AI" gets broadened out so far it becomes meaningless.
This stuff is automated. The ability to automate spam calls (using the same form of APIs developers love, like Twilio) make it absurdly easy for one person to set up a spam machine. No AI required.
The lead generation was automated ten years ago ("Hello?"), but the actual scam conversation was not. Until recently, you still had to pay somebody in South Asia better than the prevailing wage of ~$1/hr to have these conversations, as well as set them up in an office with computers and managers, and bribe local police (call it $5/hr of fully burdened work product). If your success rate is ~1% and the average human portion of the scam lasts 12 minutes, you're getting 0.05 successes per hour, and you better be netting an average of $100 per successful scam (accounting for financial clearing issues / reversals!) or you're losing money on every hour worked.
You're correct about the calls, but the ability to talk with the people was the rate limiter. Even if you have many people in Cambodia or India, the scammers still needed to scam more than they paid out. Now you can have AI bots that do the first level of filtering.
Unfortunately scamming is a business and if certain actions become less expensive, I would expect more of them.
I get these voicemails almost daily it's a cutoff message talking about "a loan just came across my desk"
It's such a good tactic too to start the voicemail with the conversation already going people are like "what? who?"
AI + FCC weakening
Not just the FCC but the entire regulatory apparatus is completely non-functional when it comes to regulating commerce.
The clear, unspoken message in the USA is now: "Enrich yourself in any way you can, as fast as you can. Buyer Beware is the law of the land."
New tools like LLMs probably make previously unscalable techniques scalable.
I think part of it is AI allowing sophistication at scale, but there's also a generational factor. The techbro + business shark culture, influencers who manipulate people being role models, and so on.
[dead]
Oh no - you can definitely 100% prove it, this is the direct consequence, the exact intended consequences, of Trump gutting consumer protections - across the board, not only online but with food and laws about not dumping chemicals in rivers.
The man is the absolute worse person - unless your a rich guy, who wants to make more money by screwing over people who mostly don't even know it.
Anyone who reads this, I dare you to find out why that thing in your life you hate so much, sucks so bad - nothing is ever by accident or unintentional.
The United States, and its People, will be discovering/realizing different ways we have been absolutely f-d by that grifter for likely the rest of my millenial life, thankfully (silver lining!!) US life expectancy has dropped substantially for the 150 million Americans in the bottom 50% of income - rich people in America have to deal with this bs for almost 8 more years than we do
Oh yeah, if you want a faster out even yet - just make 30k or less per year, your life caps at 71 then.
I joke but I hate so much that people will read this and then promptly go back to sustaining this system at their job.
We work our lives away so the rich dont have to and they get to live 14 more years on average than poor people.
If I put on my tinfoil hat, it seems to be something deliberate, to push us all towards accepting hardware / software attestation and better "online id" stuff - "Don't you want to identify and stop the spammers and phishers?".
Email scanning and file scanning (on our computer) became acceptable when the level of spam and malware became intolerable. But it was at cost of our privacy. Today, Gmail scans all your mails and makes money from it. Both Windows and macOS have built-in anti-virus or malware scanners, and file indexers, and thus know all the applications and files in your system (which provides for more data on your profile with them). Now with both OSes, and even browsers like Chrome and Firefox, including AI, they will now use our own computers to not only collect our personal data, but even process it on our system and use it to build even better profiles to more profitably exploit us.
It doesn't have to be deliberate; it's just the economic incentives at work. AI providers are inclined to sell AI to everyone with a pulse, and it just so happens that a lot of its use will for towards spam generation.
It also just happens that they're the ones best positioned to provide attestation and identity services.
Eh - conspiracy territory. There’s been a massive evolution in phishing and spams with LLMs.
> Evaluating Large Language Models' Capability to Launch Fully Automated Spear Phishing Campaigns: Validated on Human Subjects
> https://arxiv.org/abs/2412.00586
LLMs make phishing absurdly profitable, and can now make profits from targets who were previously economically unviable to target.
Gmail spam filtering is so bad that I believe it has to be intentional. I think they see email as a long term ad revenue opportunity and want to desensitize people to the spam.
I wonder how come I have such a diametrically different experience. I don't remember the last time any spam email got through the automatic filter into my inbox, and I had a gmail account for 20 years now.
Could be an A/B test. I’ve had mine for 17 years, it only became an issue 5 years ago.
I'm not seeing any of this, and I've have been using the same email address that forwards to gmail for decades at this point, and it's in every major email data breach.
I get, maybe, one actual spam email per year through gmail's spam filters.
I get more actual spam at my work email, which is not hosted by gmail, even though the email volume of emails sent from outside of my employer's network is orders of magnitude smaller than my personal email volume.
> pretending to be a tracking service for something you supposedly ordered
There’s a leak or someone is selling the data in a lot of the delivery companies in my country. I order something then without fail the fake text message pretending to be the delivery service. Only thing they screw up is claiming it’s failed to deliver too soon and the weird urls.
Messed up these companies are either selling it or being irresponsible with data.
Seems to be involved with government services too. I signed up for a welfare program that had me input all my data before denying me the service a few months ago, and the next day I started receiving spam calls and texts using some unique pieces of information that I had submitted in that form.
Called my state senators to complain about it and ask for assistance. Enjoyed the complete lack of follow through.
Spam is now AI powered. Let that sink in for a bit.
> like sending you a bill through a legitimate bill-creation site
Why aren't these things opt-in? Ditto for every other thing that sends you email. I reflexively mark anything I didn't sign up for as spam on principle.
Google is fine with everything if it's their service. I've completely blocked *.bc.googleusercontent.com, because it's basically used as a spam farm for years now, but Google couldn't care less as they apparently can't be bothered to even slightly inconvenience their compute engine users.
The same reason spam filtering is hard. It's not possible to catch every misuse of the service without too many false positives.
The same 5 urls has been used for 3 months
That doesn't really change the fact that it's hard. Do you know how many full movies are on YouTube that infringe on copyright? How many pirated streams are hosted on S3? How many piracy sites are behind Cloudflare. It's just very hard to police at scale and if something is flying below the radar it will be there for a while. They probably spread out their assets over many accounts, or even use misconfigured buckets with write permissions to drop some files in there.
Google's inability to scale their services should be a regulatory issue.
If their platforms (Gmail, YouTube, DoubleClick) are being used to launch scams, they're failing at scale and governments are failing at legislating / regulating.
The only way to use Google services somewhat safely is with hefty ad (and the rest) blocking.
All this ID and surveillance and privacy invasion and metadata retention and yet all these scams only seen to grow. It never seems to end up protecting anyone deserving of protection.
I wonder what it's all been in aid of...
Trust and safety doesn’t have the same maturity as cyber security. Things like trend and signal sharing between tech firms doesn’t exist, except through informal slack channels and WhatsApp groups.
The first major safety conferences for trust and safety came together only in 2023.
I kinda lost the plot here - what does piracy have to do with spam and phishing?
both deal with distinguishing legitimate vs illegitimate content.
Attempted platform moderation and abuse-enforcement.
This argument actually doesn’t work in Google/your-point favor since finding pirated content on Google is now practically impossible.
The reality is, Google is driven strictly by incentives and there are no consequences for letting spam/scams run wild vs. pirated content which gets automatically removed when a DMCA notice is received.
There is 100% pirated content on Youtube - not too much from Hollywood and you won't find anime on it - but if you watch foreign language media, there is very often the Official account and then like 4-5 others just blatantly providing the identical content, which is promoted alongside the legitmate content, so its fairly easy to start watching legit stream and find yourself not watching legitimatly a few episodes later, playlists are huge to prevent that.
The problem with this is the piecemeal enforcement all but proves they only care about stuff they get a cut of and that fact became more clear to me recently when I was watching a random drama made in Asia that I wont name due it being one of the best historical and educational shows I've ever watched - but there was a scene (this was made in the 90s btw) that was entirely innocent, not sexualized - it was done humorously, but I'm not a pdf file either so - anyways, there were fully naked children, with absolutely no censorship, on Youtube - 100% long enough to be noticed by their trackers - they obviously just are not reviewing certain content, at all.
I don't care about piracy at all - I'd still use Youtube if it was the primary source for pirated content, the idea that there may be some obscure content, that seems totally fine, in a language nobody really uses - except for Epstein types, if ever that was discovered - that Youtube had become a haven for pdf files bc of lax application of standards - I would want Youtube split away from Alphabet and force sold on the cheap to a more responsible owner (like Tiktok minus the responsible owner part) - plus an enormous fine.
I didn't believe that such content could exist at all on the platform - until I literally saw with my eyes that it obviously can.
https://xkcd.com/277/
"It's so easy when you don't know how". I'm not sure if this phrase is in common use at all, or if I just misheard it once and attributed it to mean that when the details of a problem aren't obvious, its easy to conclude the solution is simple. "Why don't they just do ___?"
At the companies I've worked at, I refer to this as the "well, can't you just...?"
Yeah, I can "just" after I "just" do A, and B, and C, and D, and E, and F, and G.
Drives me batty on top of being insulting. "Surely you realize I thought about that weeks ago, and if it were that simple, we wouldn't be having this conversation."
But hey, I get paid every 2 weeks.
It's probably possible to catch a lot more of them, but why look too hard when you can hide behind section 230 immunity and pocket ginormous profits instead of spending on this lol...
Ok, it's even harder when you do not care because they people are either freeloaders or locked into your solution because it's a customized mess.
[dead]
Ah! I have no answer for it, but am happy, Virgil-like, to now have a theory why the same stupid, obvious "Costco" spam from an @gmail.com address keeps showing up in my inbox no matter how many I mark as spam.
They seem unable to prevent phishers from using their acquisition, AppSheet, to send relatively convincing, targeted (to nobodies like me) emails that make it to primary inbox.
So, pleas ignored, forward these recruitment scam emails to the legal/fraud/phishing teams of the impersonated brands. For a company without the appearance of caring (in my opinion), perhaps law firm letterhead can encourage necessary prioritization.
It follows the same logic as physical junk mail. We accept the fact that we will receive junk mailers in our physical mailbox and just toss them out.
There is a big difference between advertising your services and trying to literally steal people's money.
This is an underrated distinction. Sadly, the line is so much more blurred now than even when I was a kid in the 90s.
There are so many businesses now which exist mainly to cheat you, operating at the very edge of what’s technically legal, and relying on their customers not really understanding the full terms of the deals they’re agreeing to. It’s sickening.
Can you post an example? Thank you.
Every payday loan company, the "we buy houses for cash" companies, rent-to-own companies, title loan companies, the entire buy-now-pay-later ecosystem, the timeshare industry.
Seriously dotancohen, get your people under control.
Not when half those "advertised services" are in fact scams.
We shouldn't accept that either. The USPS could stop accepting junk mail, if it were funded properly and didn't have to rely on junk mail for revenue.
Yeah, but junk mail funds the USPS, without it Republicans would've killed the postal service long ago, See the Pension requirement that they pushed in a vain attempt.
In the Netherlands you put a sticker on your mail box with either of these: - NO ads, NO magazines/papers - NO ads, YES magazines/papers
Some municipalities even make it opt-in so you'd need YES/YES to get mail without a name and address on it. (ie. not direct mail)
There are also laws to enable opting out of direct mail (with name and address).
In effect, junk mail is just gone once you slap a sticker on your mailbox. This is not an unsolvable problem if you just regulate things.
What jurisdiction is responsible for regulating my, Israeli, email "sticker compliance" when using Gmail, American, and the sender is in Romania?
the analogy breaks at "...to get mail without a name and address on it". spam emails always have RCPT TO.
No idea, I didn't say anything about email.
That page looks phishing-related but doesn't appear to directly serving abusive content?
Does that XML get processed by a mailreader?
<ListBucketResult xmlns="http://doc.s3.amazonaws.com/2006-03-01"> <Name>savelinge</Name> <Prefix/> <Marker/> <IsTruncated>false</IsTruncated> <Contents> <Key>winbridge.html</Key> <Generation>1775478745793193</Generation> <MetaGeneration>2</MetaGeneration> <LastModified>2026-04-06T12:32:25.871Z</LastModified> <ETag>"3616712a8e68db66062a3f514b5fb7c8"</ETag> <Size>626</Size> </Contents> </ListBucketResult>
I am guessing that service returns the XML file as a directory listing; the file called winbridge.html does exist in that directory (and contains a JavaScript code to redirect to a different URL). (Another comment said they shortened the URL to remove PII (which I am guessing was in the fragment part of the original URL; the JavaScript code makes a new URL from randomly selecting a domain name (even though the list has only one) and appending the fragment part as the path), so I suppose the file name was removed and then this directory listing is the result.)
I shortened url to remove PII. Full url causes few redirects before landing on scam site.
[dead]
> Supposedly, using the QR code on the smartphone triggers an SMS sent from your phone to Google in order to verify your phone number.
Does anyone have a better source of information than this one forum comment from someone who thinks scanning a QR code is enough to get your phone to send a text message?
EDIT: It’s just an SMS URI. It doesn’t automatically send anything, just opens a text message for you to send.
This is just the old phone number verification with a QR code convenience method.
What happens when your phone can't do that? I use a flip phone. It can't scan QR codes despite having a camera
Apparently it’s just an SMS URI.
It’s not something specific to a phone. It’s just a convenient method to enter your phone number.
To enter their phone number because you sent an SMS to them.
So if there are any costs for sending this SMS it’s on you.
> So if there are any costs for sending this SMS it’s on you.
It's a $0/month e-mail service.
If the price of entry is a single text message, I think that's fair.
There weren’t any infrastructure costs to sending the first SMS ever,
there shouldn’t be any remaining for the consumer today
unless you’re a real unfortunate soul.
Exchanging SMS messages with any sort of reliability (like not losing your messages when you go through a tunnel) requires running an SMSC. That costs money.
Furthermore, carriers still charge each other for exchanging SMS traffic, though many of them just charge the difference rather than sending each other bills.
This approach is quite costly if you're out of the country, though. Sending an SMS is hit and miss when roaming in foreign enough networks, and each SMS can cost you a significant amount for exchanging 10 characters. Even receiving SMS messages far away from home can cost you money, which is a pain if you have a relative that could never get used to modern messaging services.
Are you one of the unfortunate souls I mentioned?!
PS Has the bio trap snared any robots yet?!
Someone didn’t read all of the words ^_^
Infrastructure costs were marginal, near 0,
because SMS was just 140 bytes of text stuffed into already-occurring network traffic
between phone<->telco.
I did some work with Verizon and an IoT customer was asking about SMS pricing and the VZ guys laughed and said it cost less than a penny for every 1M SMS.
Yep, bastards!
and that’s only because an accountant demanded a cost of goods sold!
Continuing that behavior until everybody’s grandma had iMessage, is a large portion of why I don’t trust a telco!
(Not building out the full range of rural etc network they promised to, while cashing all of the government subsidies, struck me wrong as well.)
[dead]
Technically if you can copy paste the qr code into any qr reader website and manually do it, I think it's possible? Assuming it doesn't change the code very rapidly every few seconds.
Would be a bit silly for it to rapidly change given that manual action must be taken after scanning even on well supported devices.
My S24 Ultra no longer has rear cameras, they no longer work after the phone fell from a table. I can not scan QR codes either.
So many companies - such as electric car charging stations - require this without considering failure modes and alternative workflows.
The elder gods have declared that you have been unpersoned... until you buy a new phone.
Also try squeezing the phone at various points to see if it pops the internal connector back in. You can find a repair video to see where the connector is.
They properly do, but then conclude that it would be more costly to implement and create those workarounds than not getting the extra 0.01% of users.
then google has decided that you no longer should be able to use GMail (for now) and the internet (in the future)
eh, they gave up on trying to control usenet and haven't touched gopher so I'll just go there
The old method was for you to receive an SMS. Because it's easy to pay a phone farm 30 cents to receive an SMS now, they're changing it to sending. Phone farms will also adapt.
https://datatracker.ietf.org/doc/html/rfc5724#section-2
I think it's probably enough to get your phone to open your texting app with a pre populated number and message body, then all the user needs to do is hit send.
But isn't phone number verification usually works like... Google sends you a SMS, not the other way around?
you see, in that case google has to pay, but flipping it like this makes the customers.. oh wait the product pay.
It probably opens a prefilled text message and the user still has to hit send. That's the only API I know on iOS anyway.
Can confirm this is what scanning the QR code does. I just went through this to get my Google dev account verified.
Regarding how easy simswap is in 2026, it's dangerously stupid from Google to rely on SMS
I wish it was. I've looked everywhere for several years for anyone offering this service so I can get into my 2004 Google account that they enabled SMS 2FA on one day, without any notice, but it has the wrong phone number. I have the username, password and the recovery email address is set to another I own too, but without the SMS code I'm hosed.
You should just determine which carrier hosts the phone number and then go get a job there as a customer service agent or store employee. You'll get full permissions to change accounts, so you'll be able to make the change, fix your gmail, then change it back.
You probably risk some legal fallout though, so be cautious.
This reminds me of the women who sleep with Meta employees to get their accounts unlocked. It's 2026, we gotta do what we gotta do to get our digital lives back.
I don't know why verizon etc.. don't charge like $0.25 cents per sms. Then these provider would stop sending too many sms.
I recall reading that twitter was getting "scammed" because there were some phone services that cost money to receive texts (and possibly some of it was being passed on to the customer of said phone service) and they were getting spammed with phone verifications to get the payouts. I guess when twitter extorts your phone number out of you under false security pretenses and then uses it for advertising that's legit but if some one tries to a get a cut for themselves it's a big problem.
It occurs to me this "force you to send the sms" might be a way to avoid exactly this sort of thing.
They used to do just that, though people could pay about $25-30 (in like, 2008 dollars! So that’s closer to $47 today) for ‘unlimited text plans’.
I know you mean charge just these bulk senders, but if they didn’t charge consumers a similar rate too, whoever wants to spam SMS can just set up farms of consumer SIMs and dump them onto the network that way. In fact, they already do this.
That clarification matters, but I don't think it makes the privacy concern disappear
Recently helped a small business set up a Google Workspace account and we hit a wall during registration.
Told the owners that if Google is already being difficult during signup, imagine being locked out later with client work on the line. Pulled up a few horror stories about Google lockouts to drive the point home. They ended up with another workspace solution.
When trying to upgrade from the Business Standard to Business Plus plan, Google will reduce your workspace storage from 2TB/user to 0 bytes for up to 24 hours while it upgrades you.
These are actual quotes from support:
> Upon checking, I see that the storage is showing as 0 bytes, because of the upgrade that has been done from business standard to business plus. Not to worry as this is very normal.
> I understand your concern and how important it is for the storage to be updated due to the business requirements. > > To give you full transparency into what is happening: when a Workspace subscription is upgraded, our backend systems must first detach your previous Business Standard storage allocation before provisioning the new Business Plus limits. During this transition window, the quota temporarily defaults to zero.
> Now please turn ON user storage limit nor shared drive storage limit. Once you turn ON, please wait for 5 minutes and then please turn it OFF.
^ That last attempt to try to force storage quotas to reset faster didn't work, btw. Still took hours.
Google Workspaces are just like Windows 11 on the network, and constantly running Windows update. You never know what changes, installed/uninstalled, or breaks.
I feel like I must be using a different gogole workspace. I've used it every day for the last 10 years and just don't seem to have these issues? Stuff just seems to work for the most part? It's all way more stable and low-admin than any other desktop software I've used at least!
Are you a home user or corporate? Do you maintain a deployment for multiple users?
This is why I have I have started planning to transition away from Gmail for all domains I manage. Gmail doesn't actually get any better as a product - just more annoying as they try to upsell me on crap I don't want or need. It gets a bit more shitty every year.
The sheer size of Gmail means I have zero chance for support even though I pay for a service. The risk is too great to be acceptable.
> and we hit a wall during registration.
What does this mean? The scanning a QR code and sending a text message from this article, or something else?
I've been reasonably happy with it since 2013 now.
This last year however, I've started to hear complaints from staff of annoying popups about AI stuff people don't want to use
What do they use instead? Grass tends to be greener on the other side. Though it wouldn't surprise me if Microsoft offered better support despite having a worse product.
With which workspace solution did they end up with?
I assume "next leading brand" ;P
Hopefully that means Nextcloud ;)
No idea, but there's Zoho.com ...
Cloudflare for email people, its the best and free
Can you clarify this statement please?
I'm confused too. Cloudflare is a DNS, anti-ddos, CDN, and light cloud
https://www.cloudflare.com/developer-platform/products/email...
But it's only for receiving and you still need external mail server/address?
https://developers.cloudflare.com/email-service/get-started/...
This is not really an 'email service' the average person can be expected to use..
Then don't use it ¯\_(ツ)_/¯
This is useful. What were the horror stories?
Which workspace solution did the client settle on?
Yeah, I can't even register a new Gmail/workspace account at this point. "This phone number has been used too many times."
Everyone hates on Microsoft, but their platform is 50x better than Google. Personally nowadays I would be looking at Proton if I was going to setup a workspace for my company.
This is hilarious. Microsoft has had many issues and outages with M365 in the last few years. I mean, I guess if you don't rely on mail, then sure.
If one takes the comment to mean, 50x better for support, I can believe that. After all, 50x almost nothing can be achieved fairly easily.
Maybe MS actually has support. The UI is so much worse than Google's (which is bad enough for communication compared to Slack) that you just cannot win though.
We are 365 shop… I cannot think of one single time the 365 being down has affected us at all. Maybe you’re right I don’t know. Maybe your region is worse than my region.
Nobody cares about very temporary outages, they care about support
I have to say, I’m finding the “New Outlook” deeply unsatisfying coming from a GSuite company the past 4 years. MS was better in 2021 than it is now. The new one reeks of Jony Ive style minimalism. I constantly can’t find anything I need, and it takes a lot of fiddling to do simple things.
I generally have rooted for MS over GOOG on this type of thing, so I am not saying this out of fanboyism.
Outlook is better than Gmail? This is a hotter-than-the-Sun take.
Have you actually tried both?
Used them both for years.
Outlook eats Gmail for breakfast. The way shared accounts, lists, and work assignments are done in Outlook require their backend (share point inheritance), and google drive is pretty good even for some small files, but when all is considered O365 wins.
Then if you are in Europe, you should not use any of those and other very good solutions are currently growing super fast.
The latest moves from google are the damning smoking gun evidence that anti monopoly court ever needs. "Do this or else". Recaptcha, gmail, google suite, android, chrome, colab and even google play must be viable businesses on their own, separate from google ads machine. Gmail must start competing for users with other email providers. And, yes, recaptcha must pay its infrastructure cost in full only from recaptcha revenue. This is the good way to level playing field, silence all the critics and let air into the room.
I like how they argued AI was a massive threat to their search empire and subsequently advertising empire ... and then a few weeks after the judge issued their astonishingly light measures to address Google's monopoly abuse, they partnered with Apple and achieved ~100% of default AI agents on smartphones being powered by Google!
Google is a such a monopoly in email you can just go online a get any other free or paid email service.
I went through it to register just now. No QR code required. Same flow as it has been for years:
1. Personal/Child/Business
2. First/Last
3. Pick email
4. Date of Birth
5. Backup email / Skip
6. Password
7. Enter phone number
8. Confirm with 2FA code
9. Done.
I just made the email testregistrationflow@gmail.com and have since forgotten the password. So that’s one burned. But feel free to try testregistrationflow1@gmail.com and see if it works without a QR code.
The headline is clearly a misstatement of what is a specific flow for someone to make many Gmail accounts programmatically.
You can reach a point where the phone number you used for 2FA has been "used too many times" and then you're stuck in the middle of registration. There doesn't seem to be any documented limit anywhere and the only solution people have been able to use is find someone else to help you verify with their phone number. What makes this more difficult is when you get logged out of one of your accounts, they ask for a phone number for 2FA to login, you provide the same phone number you used originally (even though it is not officially associated with your account, just to verify registration), but that fails because your number has apparently been used too often. So now you can't even log in to your valid account that already exists. Sure, should have added some other form of 2FA or a passkey to the account, but why can't I verify with the same number I used originally? And just to top things off, you can't use your Google Voice number for 2FA account verification when signing up for another Google service.
>find someone else to help you verify with their phone number
Very risky, either of you gets banned (it's a risk given now ban happy Google are) you'll both lose your accounts.
The number is not associated with your account, it is just used to verify legit account creations. Retroactively nuking an account due to using a "banned" phone for account creation verification would be wild and not in Google's best interests.
You can totally get a random "we've detected a suspicious activity, please verify the phone number you've used during registration" form during login.
IIRC the limit is 4 accounts and it's documented somewhere.
I'm constantly spinning up new accounts for clients and I've used my number on way more than 4 accounts, so maybe it is on a rolling basis over some time period?
Probably depends on how "trust worthy" you seem to Google for them to trigger this requirement. Things like using Linux, using Firefox, using a VPN, etc.
Or it's just being A/B tested right now.
The irony is that no real scammer would use this setup because they know it would stand out.
Denying scammers the ability to use VPNs and virtual phone farms without standing out does make their job harder
They should probably go back to the original invite only flow they used when Gmail launched.
Every account having the ability to invite an only small finite number of new accounts is one way to thwart scammers.
Not without some kind of delay function and probably filtering/evaluation of which new accounts get this capability...
Everyone here should be familiar with exponential growth of n-ary trees. If you can get one of these accounts and each new invitee gets to invite 2 more, you can already have accounts gone wild.
If it's a tree, it's easier to prune an entire branch that's gone bad.
So, the scammer should send an invite to a real person from one percent of the accounts in the tree, wait a few months, then flip the evil bit on 90-95% of the accounts they registered. If the whole tree is cut off the reputational damage is really high (10,000 valid users nuked because of actions other accounts took...)
Yep, it's a never-ending escalation.
It was not finite, or uniform. I refilled the invites every week or so based on user behavior.
Not really, even "legit" marketing providers have massive automation rigs to warm email addresses, make them behave naturally and email each other in rings for a bit before using them for cold outreach.
So they'd just do this to farm invites if they needed
That's certainly an interesting idea - mostly everybody should know someone who has a gmail account, so if you get a couple invites a month, that should be plenty and the setup would
Well I was about to say destroy scammers, but I just realized that they would send out spam to places where you could gamble your invites for Real Cash(TM) or just straight up buy them.
This would lower the creation of accounts, but then they would be rarer and worth more to spammers, since a spamming gmail would be rare.
And we would hear sob stories of people getting their accounts closed for inviting spammers.
When you create an account through google services on a phone, you don't even need a phone number.
I hit both a google QR captcha and traditional captcha today. They're phasing it in.
"A tester in A/B testing situation swears that B tester is not telling the truth"
It certainly disproves a headline saying “Gmail now requires scanning a QR code”.
This is why I always ignore these headlines until I see the change firsthand. In this case it wasn't even an article, only a brief forum comment, for a topic as complex as spam protection. Might not be an A/B test, could just be someone with a low-trust profile (eg Arch Linux ipv6 in Singapore with multiple Gmails).
Well, a headline that states that “Gmail now requires scanning a QR code for some people some of the time” is not too exciting.
Yeah I set one up a few weeks ago for testing, same process.
I just checked and it asked me to scan QR code and after opening QR code it will attempt to send some random token..
Google is probably doing A/B testing or they are using some sort of ML algorithm....
Maybe it depends on the country?
This feels like one of those "security" changes that also happens to conveniently eliminate a lot of privacy-preserving workflows
Because it is. Total surveillance only works if the people are forced to wear the tracking collar. The next steps are tying it to CBDC, that require a phone number to access your wallet, and tying it to realid/passport to restrict travel.
2FA has become the wedge to break privacy into a million shards.
Total surveillance only works if the people are forced to wear the tracking collar
Better to call it a noose. Because you can also be entirely "unpersoned" online if you don't comply.
I prefer TOTP, but service providers seem to prefer their own apps or sms.
Phone numbers have become the unique identifier used to build profiles of people and the providers can still claim “security” when they change it to pursue that revenue stream.
There are services online dedicated to temporary account activation phone numbers to bypass Google's requirements, but most of them can only receive messages. Requiring the user to send an SMS seems like an excellent method to get rid of those services so that bots can no longer use them.
I don't really see the point of a privacy-preserving workflow when it comes to a Google account. It's not like they need to know your phone number to track you.
They might adapt and support sending sms (hopefully) in addition to receiving them. I guess all other services which send sms verification code will switch to ask the user to send the sms, like google.
>>don't really see the point of a privacy-preserving workflow when it comes to a Google account. It's not like they need to know your phone number to track you.
More information is always better.
Also, if you can get a Google account, it's like a magic ticket to use services that want to violate your privacy. So, if you can get an anonymous gmail account, then you can use it for all the enshittified sites, and reserve your actual email for sending and receiving messages to humans.
Is this the reCAPTCHA crap I just ran into minutes ago? It’s the Cloudflare “verify your humanity” thing, and the checkbox isn’t good enough, so now there is a “mobile verification, the support page for which (that I briefly skimmed) talks about scanning a QR code.
(EDIT: TFA didn’t clear it up for me, but it sounds similar.)
Wechat (Weixin; 微信) from Tencent has been doing this for years. Now Google is becoming the new Tencent and the US is becoming the new China
Do we get cheap EVs and high-speed rail now?
Tech first north korea
Nope you get Marvel Avengers :)
I got this a few weeks ago, it was a URL like "sms?:number" which tries to pre-fill text in app. Didn't work for me (Fossify) so I had to copy the number and verifier text from that URL and send it manually. It's for saving money spent on providers like Twilio.
I tried to create a new gmail address recently because my primary gmail address is my name, and it's quite common, so I get more email for other people than I get for me.
My phone number - which I've had for about 15 years and have only ever used for personal purposes (minimal SMS, mainly just an iMessage/Whatsapp ID) - is apparently "not eligible" to create a new gmail account. Which is quite strange.
For something as central as a Google account, it feels pretty unreasonable that a long-held personal number can be silently rejected with no appeal path or explanation
If this is with a new android phone, return it and let the manufacturer know why you couldn't use the phone.
If he had this phone for 15 years, I bet it's not bound to a phone, it's bound to a sim card.
Phone number, it’s not tied to any piece of HW because is portable. I’ve had the same phone number equally as long, but I’ve transferred it to multiple devices over the years.
> requires scanning a QR code
That's like saying you need to "scan a QR code" to open a train door, not mentioning that the real requirement is linking your phone to your payment data so they can bill you. It's not the ability to turn a data matrix into bytes that Google is verifying here...
Register your own domain and use that for your email, and you'll no longer be held hostage by Google. Takes almost no effort and will cost you a few dollars a month.
But what do you actually use as the email host? If you just set up your own mail server, you're almost certainly going to have everything you send go straight to spam.
You still need to register with someone like google, or Proton, etc.
Believe it or not, email service providers actually exist.
Rollernet.us is a good one. They have excellent deliverability, reasonable prices, and everything you could want related to email.
They have a few minor other services, like DNS management, but they are not a cloud compute provider.
Another option is to use a cloud compute provider like AWS. You don't need to run the VM yourself to use SES for email messages. The hard part is the webmail access: you have to choose between a poor interface (an S3 bucket) or running a managed VM to host something like Roundcube.
Yeah, but you're not beholden to them. There are 100 different hosts you can use if you own your own domain. If a host changes in a way you don't like, just move your domain elsewhere. If you're using Gmail, you're stuck with Google. Being independent of any one host is the important part to me.
Personally I have my own mail server and use smtp2go for sending which handles the deliverability issue. I'm not sure it's worth it going this way but I found it fun and its been 0 maintenance
There are tons of hosts! Personally, I love Fastmail.
> you're almost certainly going to have everything you send go straight to spam.
I run my own email server on DO, nothing I send goes to spam. (I normally follow up on nearly all emails in case you're assuming some flavors of sample bias.)
Runbox is great, and not that expensive.
So? Your email won't be held hostage.
I have done as OP suggested and the main benefit is that I can move my email elsewhere.
For now my email is with Apple, since they offers email hosting as part of the icloud+ (or whatever its called). If they decide to die/enshittify, then I can move to another host without having to change any contacts.
One the other hand, since I did use my bare gmail for some years, I am still stuck with it, in case I have some service that depends on it.
I switched from self-hosting to Apple’s servers a year or so ago and it’s been splendid. No issues sending to other servers, decent spam filtering, and no nickel-and-dining for having more than one domain, or more than one user, or adding email aliases. If you’re already paying for iCloud+, there’s no extra charge for it.
I don’t wanna sound like a salesman. It’s just that it’s been a surprising good experience for my family, especially for the price tag of $0. And if it ever does start to suck, I can point our domains at a different server.
> and will cost you a few dollars a month
Dead on arrival.
If you don't feel that's worth it you can use Gmail, yeah.
It's not just me; most people won't. That's the issue.
Even if your time is worth $0, you're paying far more than a few dollars a month to have a google account. Price discrimination from third party vendors is probably running you 5-10% of your credit card bill every month.
That's opaque to most users.
If it weren't, then Google's business model would not be viable.
Why is it an issue? I don't care what other people do with their email.
Democracy is the style of ruling where majority's ignorance dominates over the vulnerable. You will be eventually forced to use internet and forced to use the way your government wants you to use it.
Yeah, fair point. They're certainly trying to push it in that direction but so far there are still alternatives. I've seen age verification get a hell of a lot of pushback so that's encouraging.
I can set up all of the personal services I want. The average person does not want to do that. They do not have the skills, and it does not add value for them to do so 99.999999% of the time.
The tools and offerings we're given are built to fulfill the needs of the greatest number of people. For better or worse, those people are not people who want to mess with the infrastructure around their email.
Because when most people use the one email host, they neglect all other users. Even my yahoo email is regarded as second grade citizen now. A hospital straight told me they refuse all yahoo addresses.
I mean, that's certainly retarded, but most businesses aren't that stupid in how they choose to run things. I've never, not even once, run into a business who cares what your email is. They will use any address you want, whether you have a known provider, or self host.
I know this ^ seems unreasonable, but I know you’re right.
Mostly because of conditioning: it’s been 25 years now that free webmail is the way Gen-X, Y, Z, and future generations do email. Boomers and the older Gen-Xers may still be hanging onto an ISP address, if they haven’t moved too much since the 1990s.
After all that, plus with their email addresses being the opposite of portable, there is no limit to how much crap people will take, when the alternative is learning a little bit about domain registration and DNS, and paying $60 a year for Fastmail or whatever. Email, they believe, is supposed to be free as in beer.
Sad but true. Also, confession: I used to use first name @ full name . com and got tired of the confused looks and typos when I had to give it out, so now I use a six-character Gmail with numbers so that it’s just like people expect.
It seems we're at a bit of a crossroads. It seems like the world both needs:
- Permissionless email (i.e. for agents, empowered users who can program now)
- Pervasive email allow listing
Wonder if these can both exist at the same time, i.e. having a "public" email that is read first by AI (let's imagine we're in a world where prompt injections weren't so possible) and heavily filtered, along with one that is private and allow-list gated (via some easier-than-gpg-to-use identity marker).
Oh, excellent! Having been on the end of someone flooding a service with tens of thousands of autogenerated Gmail accounts.
And if you don’t want to share your phone number with Google, which I totally respect, there are a zillion other email providers. Contrary to popular perception, Gmail != email.
most major platforms reject email addresses that are not from major providers. for example creating a deepseek account asks to use a "global provider" and gives GMail as an example. github recently rejected @proton.me. discord does this as well etc
I’ve never, ever, not once, been blocked from registering because I was using a self-hosted domain. I’ve seen plenty of services that block anonymizers, typically with the explanation that they were getting too much spam from there.
Won't be registering any new gmail accounts in the future and will gladly dump the ones I have if Google tries to force obtaining my phone no.
Google is trying to retain the value of their userbase, because many third party services use Gmail auth as a signal for low fraud risk.
Yep. In general I'm glad I have so many random accounts now that everyone is getting more protective, it's like a credit score.
I recently had to do google takeout on an old google apps account. The account didn't have 2 factor auth and while enabling it I got stuck in a loop scanning the QR and getting a code via text message. I can't remember how I eventually broke out of the loop?
I wonder if there is a single engineer at Google who actually understands the whole registration/verification flow and all the edge cases?
Last time YouTube wanted to verify my phone number it was easier to find a free service to receive SMS than for Google to deliver it to my actual phone. And Google didn't care I "verified" a number assigned to other side of the world.
Be careful. Google once locked me out of an account that I've owned for over 10 years one day. My username and password were correct, but they randomly flipped 2FA on (without my consent) and sent the recovery code to a phone number that I switched away from years ago. It was completely unrecoverable. There's absolutely no way to get in touch with customer service. Never make an account with them unless you're not willing to lose it randomly to automated bureaucracy.
It's becoming increasingly hard to find a service that lets you see verification messages, and even then google doesn't like a lot of the numbers those services use
In my country there are several telco operators that will send you basically an unlimited number of SIM cards for free (as in free beer) that you can use for getting the verification SMS and then immediately throw the SIM away. The only "cost" is that you have to wait a day or two for the SIMs to get to your physical mailbox.
What happens when they ask for you to get another code to that same number, though? Can you access that number again?
Can you delete the phone number after verification + switch to TOPT (with the private key written down next to your password, probably in a password manager) for 2FA?
I think that's considered "more secure" in most account security flowcharts.
Yeah I try to switch everything to TOTP these days, try to remove the SMS option on whatever I can. Google offers about a dozen ways to verify your account now.
If you create an account from another country, since you can only send the sms verification from that country, locks your account to that country for at least one year. I created a US account years ago and it still is US. I don't even spoof my location.
Gmail turned me off way back when it became obvious that they scanned your email to present relevant advertising.
I've paid for email nearly forever (Earthlink, not the most high tech provider but good enough) and get nearly zero spam. Their price went up again recently, but apparently if you mention Fastmail they'll match the cost.
I was listening to the local TV news a few weeks ago and the reporter talked about an SMS scam insisting that you owe unpaid turnpike charges. He said "most of us have seen them". I'm thinking, I've never received anything like that!" and then realized it could be because I don't give out my phone number to just anybody who asks. And tend to push back when they do.
I use GMail and Hotmail/Outlook but via Thunderbird or the Android app, I almost never use the Webmail interface.
What happens if Google pulls the plug on your account and you have no offline archive?
Most people don’t understand how QR code works. So right now it may just send a SMS or prepare for it. But some day, it will do the remote attestation under the hood and the end user does not see the difference. I would bet a lot for this preparation.
The days of my old google account that predates real identity policies are numbered...
People already assume that your "google name" is your official name, so much so that I had to patiently explain a delivery man once that the funny nickname he had for some reason in the delivery notice did not match my ID because that was an old google account from a time when it was usual to use any funny handle for your account.
Is this for GMail only or just Google accounts? A while ago I was able to signup for a Google account with an iCloud relay email, and it _seemed_ like I had to give my phone number or use Google Authenticator… but I worked around it by using Chrome Devtools to create a virtual WebAuthN device, after which I was able to scan a QR code for 2FA with 1Password.
I get like 33 and a half million spam messages per day to my Shopify store, all bots using Gmail addresses.
Google really need to get it together. Their sender reputation bypasses all the normal spam filters, but if it was up to me…
Thanks for the update. I've been meaning to fully move away from gmail. It's clear that now is the time.
Gmail has been evil both for client privacy as they use email scanning for marketing purposes, and for 'spam' filters that reject legitimate emails.
The fact that they're introducing QR/SMS/MMS/whatever they want is actually an interesting signal, because it will harm the customer experience, which might result in the growth of responsible paid email services.
> Gmail has been evil
It is good to realize that it has never been "Nice Uncle Google" and always an advertisement moloch offering tools to hook their product. All that trust that was bestowed was never warranted.
This seems pretty optimistic. If you ask 30 random people on the street if they’d rather give Google their phone number and jump through whatever dumb SMS hoops, or switch to a new email address and pay a few bucks a month for it for the rest of their lives, I’m thinking Google is getting all 30 phone numbers. Sadly.
https://forum.palemoon.org/viewtopic.php?f=3&t=31971&hilit=s...
The only “real” competition for Google Workspace is Microsoft if you need a full collaboration solution beyond just email, and 99.999% of customers of such hosted solutions need that full solution. It’s why Dropbox worked even though hacker news users probably roll their own sync solution.
Tuta, Fastmail, and Posteo are all much better alternatives to Gmail in terms of privacy.
My comment, as per subject, is about Gmail.
His point was just that many business users can only purchase Google’s solution or Microsoft’s solution, because they’re the only services that will offer interoperability with many other security and compliance services and advanced functionality like SSO, third party email scanning, compliance journaling etc. The email market is essentially a duopoly as soon as you need any functionality beyond basic email.
The simple fact that you believe this is insane to me. Microsoft?Security and compliance? Ahhh, yes the north star of security!
No, you don't need either of these companies if you need a corporate stack for communication and collaboration. And anyone who believes Microsoft or Google is doing anything out of the ordinary to protect their users or data is out of the loop.
>No, you don't need either of these companies if you need a corporate stack for communication and collaboration
A lot of corporate (customer) email sevices drop email from everybody except a very short whitelist.
It's not about actual security; it's about the appearance of it. It allows CTOs and such to check a box to say "Why yes, our vendor is secure! Look at all their claims! Look at how many other companies use them!" That's it. Safety in numbers for clueless CTOs.
This is just the new "no one gets fired for using IBM".
We need actual liability laws for compute services at this point, and they should pass through every entity between the bits on disk and the end user.
Google disappears someone's realtor's corporate email, and it cost the agent a $100K real estate commission? Google and the employer get to pay $50K, plus damages to the customer.
Or whatever. The point is not that they'd be paying lots of these fines. The point is the cost of non-compliance and insecure setups is 1000x the cost of just doing their jobs. At that point, the bean counters would allocate another 10% to engineering, and all the easily-solved problems would disappear.
Proton has calendars, drive and meet.
And is not a US business, which is an important selling point to several companies and public institutions here in Europe.
I agree with the broader point, but I'm not sure the migration to paid email is automatic
It was easy to see coming, and it’ll spread further and to more services. In fact, recently they even forced old accounts to log in or they would delete them.
It’ll happen with social media accounts and other things too. The account creation date is going to become an even bigger heuristic in their spam models.
Obviously this is bad in general, but what's the threat profile here? Google already has the content of your emails and I guarantee they have pinned down your fingerprint unless you're using Snowden-level counter-int.
Protest this by using a paid email provider. My $60 yearly payment just went through today, is that honestly too much for the typical person around here?
Reminds me of Telegram that forces you to pay premium to login to a new device depending on the country. Login, not registration. This is all due to the cost of SMSes of course.
You can bypass this if you have a passkey, but phone and password isn't enough. No idea why they opted to do that, it's not like passkeys are indicative of any device binding.
sms are free, at least rcs
RCS is not SMS. RCS does have a fallback to SMS in some rare inter-carrier cases, but it won't fall back if you're stuck on 2G or anything.
SMS also isn't free. Many contracts contain "free" texting, but that's just SMS being packaged into the subscription price.
Carriers charge each other for (excess) SMS exchanges, so SMS simply cannot be entirely free.
How do you scan QR codes on the device that is showing the QR code?
Didn't come up in testing. What sort of user wouldn't have a google-issued corporate laptop and phone?
I can say that this QR code could be requested if IP is suspicious and/or associated with unusual activity. Recently I did register a new google account from my own residential IP and it did not request any additional confirmations, not even SMS verification.
This could well be to help prevent sms pumping — where someone makes money by receiving smss to a particular set of numbers. Requiring the user to first send an sms breaks the economics that type of fraud.
I wonder how long it will be until those without smartphones will be completely forced out of the mainstream internet.
Time to leave the sinking ship.
Try Tuta, or Proton, or Fastmail, or Zoho.
I recommend people switch to Tuta mail - the most privacy focused, email service. Read about it.
If you haven't created a Gmail or an Instagram account in a while you might be surprised how aggressive it is. For instance, try doing this without verifying your phone.
Both can ban you right away because they had to ramp up their anti-spam protections. Pretty much everyone already have an account, so most people creating new ones are just that, spammers.
Or they are kids / young people, who didn't need email before, and now need it for school / college.
Yes but they're almost surely in the minority by now.
Soundcloud now needs a login for you to do anything. Instagram is not showing even previews anymore, the web's velvet glove is tightening.
the most nefarious thing about Gmail/Google Accounts is how it's not only the default SSO option, but for many AI services, notably even Chinese-owned ones like Deepseek and Kimi, it's often one of the only ones (the other being Apple ID).
fwiw I was able to set up a fresh google account without SMS via a used android device (with no SIM installed), 2 days ago. But I suppose on balance, having a second device is more onerous than having a second SIM.
Yes I had the same issue and wrote an hackernews comment[0] and was gonna write a blog post but laziness (but I am glad that privacyguides wrote an article!)
I also want to share a comment that someone (Velocifyer) added on my comment:
"If you make a blog post, make sure to also comment on how the audio reCAPTCHAs are nearly impossible and are blocked on public VPNs. The visual reCAPTCHAS have vauge instructions (they say “Select all squares with busses.” when they mean “Select all squares that have a bus or part of a bus and do not select any other squares.”. For 2 years I could not figure that out so I had to use the audio captchas but then Google blocked them on public VPNs and also made them almost impossible. I could only figure that out when Google Gemini clarified it for me."
Also another fact that I had discovered but to upload youtube vidoes more than 15 minutes you have to do this verification with sms and I found that its system of sending sms was quite finnicky and (too much limits is actually just one try)
Google and other tech giants's recent changes/lobbying are really impacting the open internet and it feels to me like we as people who have knowledge about these topics must do something to reform things as I simply cannot ask people who are technically unaware about these topics to fight for these changes unless we advocate and educate them about it
Most people just have simply way too much of other issues to fight for these things that they have almost taken for granted, but this to me means that the responsibility is on us people who are technically sound to fight against the attacks on open internet if we wish to preserve it.
I think my point is that we all might be waiting for other people to protest against these tech giants but I think that the world is looking at us people for such protests, Let's hope that we are able to educate more people and the open internet is preserved.
Our small steps might mean a lot in the future and so to not be dis-illusioned to make small steps thinking that they might be too small but we have to fight tech giants if we wish to preserve open internet. Every step is meaningful no matter how small
[0]: https://news.ycombinator.com/item?id=48042596
... and gives me a message on my primary phone: "This number has been used too many times."
Everything is going to get so much worse and AI really is to blame. So many websites now have these verification pauses and CAPTCHs because of AI agents. Part of it is agents. Part of it is everyone running their own awful versions of Googlebot.
Years ago IIRC there was a "bug" where the Android emulator allowed you to create real Google accounts. This was found and I'm sure millions of these accounts were created. There's a whole black market for Google accounts. Whereas I lost a Google account I'd created for a relative because it hadn't been used in awhile and it was tied to a mobile number I no longer had.
I don't see how this ends without registering for a service like Gmail being tied to your government ID.
I don't understand the anti-agent blocks. What exactly is the problem if an AI agent reads your website and summarizes it for me? If it is bandwidth, why not spend the effort making a screen-reader friendly version of the site, and somehow shunt agents to that (saving 99% of the cost of serving the page)?
(I run an ad blocker, so the ads will not be displayed either way, but I see more agent blockers on ad free sites than ad supported ones anyway.)
How could they.
There is one way to sign up for a gmail account that does not require this: get an old chromebook out of the trash or for $20, then go through the account setup process on ChromeOS. It will create a google/gmail account that does not require use of a smartphone.
Google has requried a phone number for registration for a long while now, and blocks many types of phone numbers, including almost all easily-created ones, making creating new Gmail accounts rather difficult without a trip to the store to buy a prepaid SIM.
(In many countries, including soon the USA[1], you can't get a phone number+sim without showing ID, also.)
[1]: https://reclaimthenet.org/the-fcc-wants-your-id-before-you-g...
It's important to note that even if you have to provide ID to get a SIM, Google still doesn't see your ID (yet).
When did it start?
Wow! My 93 year old mom will not be able to use Gmail.
There are defo still some workarounds to make new google / gmail accounts without giving a phone number or any info.
Now people only need to connect this to age sniffing and the global corporate-driven movement to destroy and abolish VPNs. Politicians are no longer working for the people but their own money - aka by definition these are lobbyists.
Note that "scanning a QR code and sending a text message" means, for the most part, a smartphone. One could do so via a tablet too, I suppose, but most who register will do so via their smartphone device. For some reason accessing the www is increasingly tied to "identify now!". This is a huge contrast to the freedom of the 1990s. I don't think we should accept that.
Have you got something to hide ?
They do all this and meanwhile, in between startups and a few personal accounts, when I try to register a new Gmail account and do the text message verification (the old/current TOTP style) I get "This phone number has been used too many times."
Meanwhile the amount of spam from Gmail I'm getting goes up and up and up.
A couple years after a hurricane left me without power for a week two, I fired up a generator, configured my phone as an AP, and went to do some important things in my Gmail account.
We need to prove it's really you, they posited. Simple enough I thought. I'll just use the same password I've used since 2001.
Oh, I must authenticate with a text, you say? Certainly not a configuration I've made myself, but they're holding the cards on this one, so be it.
I enter the confirmation code.
We still need to prove it's really you, again.
Shucks. I try again. And again. And again.
Sorry, but you'll now have to fuck off. Why? Because we've locked your account for complying with our security theater.
Fuck. I'm in a disaster zone. I need to get things done!
Google cares.
But thankfully, so did the FCC, which I registered a complaint with, arguing from the perspective of interference with emergency communications.
The FCC actually sent the rascals a letter. The leviathan complied and unlocked my account, and suddenly my password was secure again.
Thank you FCC. Although I doubt I'd get the same results with current adm...
This is not new, back I think in Feb when I registered a new one, it did ask to send an SMS instead
I also receive too much spam, I'll believe in their AI whenever they are able to fix spam.
spammers also use AI
The real problem for privacy is that governments are increasingly outsourcing the verification of identity and bot protection to private companies.
And what do you expect instead? To get a Russian gosuslugi ID, you also need to bind your phone and ID number.
And of course their database is leaked in real time.
Outsourcing? Governments have never been involved in bot protection or online identity verification for anything else than their own websites.
It's like saying that the government has outsourced burger making to McDonalds.
Estonia is the exception here, not sure about the other Baltics. Switzerland is trying. The UK is trying to try.
LiveJournal allows verification with Russian State ID "gosuslugi".
I do mean for their own websites.
Thanks, now I understand your comment.
This is a hard no for me. Google is out of control.
[flagged]
[dead]
[dead]
[flagged]
[dead]