Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Gmail registration now requires scanning a QR code and sending a text message(discuss.privacyguides.net)
37 points by negura 5 hours ago | 21 comments
Aurornis 6 minutes ago | parent | next [-]

> Supposedly, using the QR code on the smartphone triggers an SMS sent from your phone to Google in order to verify your phone number.

Does anyone have a better source of information than this one forum comment from someone who thinks scanning a QR code is enough to get your phone to send a text message?

dvh an hour ago | parent | prev | next [-]

Any Gmail person can tell me why Gmail is tolerating Gmail phishing emails that use Google's own services (e.g. https://storage.googleapis.com/savelinge/... ?

More info here: https://news.ycombinator.com/item?id=46665414

torben-friis 8 minutes ago | parent | next [-]

Spam is getting horrible lately. I get all sorts of new techniques including:

- using legitimate sites to bypass filters, like sending you a bill through a legitimate bill-creation site

- pretending to be a tracking service for something you supposedly ordered, then over the course of days pretending the package got lost on the way and offering a discount code for the 'purchased' amount, expecting you to use it on their phising site.

Gmail not only fails at spam classification, they classify this messages as important and nag you with first priority notifications and summaries.

dewey an hour ago | parent | prev [-]

The same reason spam filtering is hard. It's not possible to catch every misuse of the service without too many false positives.

dvh 43 minutes ago | parent | next [-]

The same 5 urls has been used for 3 months

dewey 40 minutes ago | parent [-]

That doesn't really change the fact that it's hard. Do you know how many full movies are on YouTube that infringe on copyright? How many pirated streams are hosted on S3? How many piracy sites are behind Cloudflare. It's just very hard to police at scale and if something is flying below the radar it will be there for a while. They probably spread out their assets over many accounts, or even use misconfigured buckets with write permissions to drop some files in there.

unholiness 13 minutes ago | parent [-]

https://xkcd.com/277/

cyanydeez 15 minutes ago | parent | prev [-]

Ok, it's even harder when you do not care because they people are either freeloaders or locked into your solution because it's a customized mess.

8cvor6j844qw_d6 an hour ago | parent | prev | next [-]

Recently helped a small business set up a Google Workspace account and we hit a wall during registration.

Told the owners that if Google is already being difficult during signup, imagine being locked out later with client work on the line. Pulled up a few horror stories about Google lockouts to drive the point home. They ended up with another workspace solution.

Aurornis 9 minutes ago | parent | next [-]

> and we hit a wall during registration.

What does this mean? The scanning a QR code and sending a text message from this article, or something else?

super256 43 minutes ago | parent | prev [-]

With which workspace solution did they end up with?

p0w3n3d 12 minutes ago | parent [-]

I assume "next leading brand" ;P

opengrass 33 minutes ago | parent | prev | next [-]

I got this a few weeks ago, it was a URL like "sms?:number" which tries to pre-fill text in app. Didn't work for me (Fossify) so I had to copy the number and verifier text from that URL and send it manually. It's for saving money spent on providers like Twilio.

CWwdcdk7h 16 minutes ago | parent | prev | next [-]

Last time YouTube wanted to verify my phone number it was easier to find a free service to receive SMS than for Google to deliver it to my actual phone. And Google didn't care I "verified" a number assigned to other side of the world.

dsr_ 13 minutes ago | parent | prev | next [-]

... and gives me a message on my primary phone: "This number has been used too many times."

spwa4 21 minutes ago | parent | prev | next [-]

The real problem for privacy is that governments are increasingly outsourcing the verification of identity and bot protection to private companies.

carlosjobim 2 minutes ago | parent [-]

Outsourcing? Governments have never been involved in bot protection or online identity verification for anything else than their own websites.

It's like saying that the government has outsourced burger making to McDonalds.

findbizonline 5 hours ago | parent | prev | next [-]

When did it start?

reconnecting 29 minutes ago | parent | prev [-]

Gmail has been evil both for client privacy as they use email scanning for marketing purposes, and for 'spam' filters that reject legitimate emails.

The fact that they're introducing QR/SMS/MMS/whatever they want is actually a great signal, because it will significantly harm the customer experience, which will result in the growth of responsible paid email services.

riddlemethat 21 minutes ago | parent [-]

The only “real” competition for Google Workspace is Microsoft if you need a full collaboration solution beyond just email, and 99.999% of customers of such hosted solutions need that full solution. It’s why Dropbox worked even though hacker news users probably roll their own sync solution.

reconnecting 18 minutes ago | parent [-]

Tuta, Fastmail, and Posteo are all much better alternatives to Gmail in terms of privacy.

My comment, as per subject, is about Google Mail.