There was a post a while back around poor and homeless people encountering exactly this problem on a regular basis. Lots of people in the comments were incredibly dismissive and sometimes actively malign about it.
Edit: One suggestion from me would be to try and start the dead phone connected to power but with the battery physically removed (assuming it's removable). That might bypass whatever issue it's having and let it start up.
> There was a post a while back around poor and homeless people encountering exactly this problem on a regular basis. Lots of people in the comments were incredibly dismissive and sometimes actively malign about it.
Even worse than that, they're often connecting from public IPs that are "suspicious" which causes automated systems to treat them more harshly.
In Canada it's gotten to the point where you need an internet connected device to participate in the most important systems; government, banking, etc.. It's very sad that device can't be supplied by the libraries. They have them, but big tech discriminates against anything that's not a personal computing device.
but big tech discriminates against anything that's not a personal computing device.
To be precise, anything that's not a "personal" computing device running the latest spyware-filled locked-down software and a browser that can be anything as long as it's the three that Google implicitly "approve".
government, banking, etc..
Banking is private-sector, but I believe the government should always be accessible even if you live like the Amish...
In Ontario, the traditional Amish largely opt out of social programs and public education that they're eligible for; they manage as they can within their communities privately, perhaps hiring outside services as necessary. Some make use of provincial health services; you can get the documentation and ID for that with some paperwork (which they probably have - income tax statements and birth certificates, etc.) in person at government offices. Otherwise the only mandatory interaction with the state is basically birth registrations and paying income taxes. Both of those can still be done with paper forms by mail or in-person, at least for now.
> Banking is private-sector, but I believe the government should always be accessible even if you live like the Amish
I got a notice from my state that I'm required to make future tax payments electronically. For that they require ACH. Banking may be private sector but participating in it is increasingly non-optional.
The trouble with the idea of banks being accessible, is that you also need to deal with KYC checks. Not all financial things require them, but it's creeping. I wonder how many homeless people have no ID.
Historically, you were known by people around you and you could be "verified by relative" in the case of a house fire destroying all your documents or something, but your life mostly worked in your home town and traveling or moving elsewhere was hard. Trying to cash a check anywhere but your home town was hard, etc.
I'm a former military wife and this was a big enough issue for the American military that military facilities would cash your check at the BX/PX. Local banks and such often wanted nothing to do with military members.
And now we have this highly digital, highly mobile society and if you are rich enough and such and keep all your ducks in a row all the time, you have tremendous freedom to roam the world, pay with plastic, etc. But for a lot of people, it's increasingly problematic that we default to state ID and digital formats and so forth.
These systems should enhance older methods of making life work, not crowd them out and make life a living hell for anyone who can't keep up with it. And we should be optimizing for helping ordinary people make their lives work, not optimizing for trying to squelch bad actors and too bad, so sad if innocent bystanders get run over in the process.
I don't know how to make my life work. It seems impossible at this point and it really shouldn't be. We have the means to make life for me actually work and no matter how much I do, it's never enough.
> they're often connecting from public IPs that are "suspicious" which causes automated systems to treat them more harshly.
What's worse is that the the error messages never explain the problem. It's just an endless sequence of "Oops! Something went wrong" "We could not fulfill your request" "Please try again later".
Could drive someone crazy if they're not savvy enough to realize what's going on.
I tried to sign up for a tutanota email account the other day through a VPN and when it came back and said "We don't trust your IP, use another connection." rather than being annoyed I was just glad they gave me a straight answer for once. It wasn't the answer I wanted but it sure beat being gaslighted into thinking I was having connection timeouts or browser incompatibilities to waste my time.
Sure, but "only technical people will understand what the problem is" is infinitely better than "literally nobody will understand what the problem is".
I mean, I'll agree that it's slightly better in absolute terms. "Infinitely" is a strong word choice for a case where 95% of users will still be in the dark, unless you insist on using the term in a pedantic mathematical sense.
>What's worse is that the the error messages never explain the problem. It's just an endless sequence of "Oops! Something went wrong" "We could not fulfill your request" "Please try again later".
You're absolutely right. They each carry the tone of "This content isn't available right now", like when trying to view a tweet from a shadowbanned user. I've seen that drive people, particularly family, into a kind of aggressive version of frustration.
> They each carry the tone of "This content isn't available right now"
At this point it's merely static deception. Wait until they run a GPT
bot programmed to interactively lie to you, deflect, stall, misdirect
and stonewall you based on your personal profile. These companies are
devious and untrustworthy to their core, and the only reason anyone
uses them is because they're forced to.
Quite staggering account of how technology has created the worst of
all possible worlds for everyone. There are no winners here. People,
we have failed. Give up and grow vegetables :)
In the US if you are under 135 percent of the Federal Poverty Level you qualify for a free Mobile Phone with internet service. I am surprised Canada does not have a program like that
I experienced the only slightly inconvenient of this when I was replacing my bank card, even going into a Pret, I was unlucky enough to go into one randomly that didn't accept cash.
But for people that don't have bank cards, or can't charge their phones this is a real problem.
My local library actually lends out hotspots, unlimited data, no charge. Its an amazing service that would be amazing to see spread around to all libraries.
The problem referenced above was that the poor people in question don't have devices, so they log in from public or loaner devices. Those are seen as "suspicious" by the algorithms, and without a personal device there is no way to convince said algorithms.
In Canada, on the way back to Massachusetts, I needed to download a repaired version of my COVID card. But the Massachusetts Government Website, that you need access to in order to do things that citizens of the state need to do regardless of their location, silently blocked Canadian IP addresses.
While we were all watching CCP implement their social credit system, big tech gave us one while our gaze was elsewhere. These algorithmic systems can pretty quickly make you an unperson in our society.
Theoretically one is implemented by state's request and the other happens while the state is busy looking away. Yay for freedom but when you're at the receiving end of the digital stick, is the difference really significant?
Problem is that support people mistakenly resetting account auth when the attacker calls up and social engineers them is a bigger and more common issue than people’s only device dying. Not to say that’s not a thing that happens, but it’s a smaller of the two problems.
It's a smaller of the two problems for the company. If you are really poor, losing access to your online life because you couldn't pay your phone bill or something can be a huge, huge problem.
I have been homeless. I'm not currently. But this is an extremely stressful situation that could do all kinds of damage to my life if I can't get it sorted.
It's not just a company problem.
Having someone hack my google account then getting access to my bank account would be just as bad on a personal level. My whole live is managed online too.
Having spent nearly six years homeless and also had a college class from SFSU in Homelessness and Public Policy and having written about homelessness for years, I can assure you that for the vast majority of homeless people, losing their physical phone or being unable to pay for it is a much bigger problem than other people wanting to break into their accounts and steal their identity or some such.
for the rest of us having a hacker gain access to our accounts and stealing money or scamming others is a far greater risk. And for google a far more common occurrence. There is a reason there are so many safeguards in place and its because hackers are trying all day every day to break in and steal identities and money.
Homeless people don't need to use 2fa if they are so unconcerned with someone stealing their account or identity. For the rest of us 2fa and making it hard to steal accounts is 100% a must.
Were you so harsh on self-entrepreneurs that came here crying out loud because Google did shut down their developer account for some unrelated payement error on a linked account?
I hope so because otherwise you are just discriminating people based on their wealth. But praise lord dollar that if you ever fall from your status you won't find pedantic guys like you when seeking for help.
There's a recurrent thread of posters blaming everybody else for having issues with the big companies, because big companies cannot make mistakes otherwise they wouldn't be "big", right.
To be fair to the commenter, the company implementing the system is to blame. I can understand why Google (or other businesses) would prioritize customers concerned about security over the homeless. One is a more profitable customer.
Does that make it right? No. Does that mean people won’t get hurt? No. Plenty of ink on HN has been spilt about how companies act according to a profit motive, and often not in societies best interest. Recognizing this doesn’t make you complicit.
Kind of. The problem is that even when 2FA is disabled, Google's security panopticon will sometimes insist on additional verification anyway, even if you know your password, if it thinks something is suspicious.
If you don't have a verification method—or cannot access it—Google will literally just lock you out.
I have personally experienced this on accounts I don't access regularly.
For a careless user, or one who does not bother to learn about the risks, having one's account stolen is more of a danger. On the other hand, for a reasonably cautious user with a basic understanding of the risks involved, and whose life varies at all from predictable (affluent) norms, losing account access due to Google's protective measures is a bigger danger – and more of a hassle to guard against – because these protections are so easily triggered
I think the GP's point was that the "someone else having access" bit affects everyone, not just homeless people, if the company makes it easier to reset/regain access to accounts.
Bottom line, though, is that these companies should be required to find a way to maintain that high level of security, but also have a process so anyone who loses account access can get it back in a reasonable amount of time.
Yes, I am well aware of that. I have been on Hacker News since 2009 under my Mz handle and I have a Certificate in GIS from UC-Riverside, the most respected GIS program in the world at the time that I attended (2002, IIRC).
I don't try to crow about being some kind of tech genius because for the HN crowd I'm not. But I'm not poor due to being mentally retarded or something. I have an incurable medical condition as does one of my adult sons.
Perfectly average geographers on HN represent! I feel like seeing another GISer in the tech world is like seeing someone from your country while on vacation. You’ve just got to say hi because it feels so rare.
Edit: thanks! Solved. I’ve deleted this part of the comment because I always feel very socially awkward and afraid I’ll make others feel awkward.
I'm sure plenty of people would rather live with the small chance of a hacker even wanting to gain access to their account than the very large chance of eventually losing access to the account entirely.
Although they probably wouldn't want to live with all their emails being discarded because gmail becomes so easy to hack and everyone assumes gmail accounts are spammers.
Huge amounts of spam already originate from gmail addresses, so I don't think this is a good example. That's not to say that I think security should be weakened, though - it should not, but for other reasons.
Back at the start of 2FA rolling out it used to be an absolutely massive issue where the attackers would call up support and tell a sob story and have the account reset and in the control of the attackers.
As a user it doesn't matter how well you manage your own security when that can happen.
but should i have to have an insecure account because homeless people exist?
No, of course not.
This is like when people who drive get chuffed about pedestrians wanting their lives to work and acting like "Well, if we do anything for you, then my life will fall apart." As if we can only build a world that works for cars or build a world that works for non-drivers and the other camp just has to accept a sucky life and all kinds of flak for not liking it.
What in the hell makes you think someone must get screwed and it might as well be those who already have the least? No one is asking you to get screwed here.
> the topic of this thread is suggesting google should reduce security for everyone
I don't really see that anywhere; I think you're jumping to conclusions.
Every system will need to have some escape hatches, whether that's a governmental bureaucratic process or a Google account recovery process. Because no matter how well you design a system some folks are going to fall outside of it because the world is complex and the number of possible situations are too many to capture.
"Yes, but it's only 1%" – yes, but it's 1% for system A, and a different 1% for system B, etc. and it all adds up.
All of this is why things like appeals exist in many processes, and why we have judges in addition to mountains of laws. None of this is perfect by any means and there's lots that can be improved, but at least there's the recognition that The System isn't perfect – even if it's more symbolic than anything else at times.
If I lose access to my HN account then that might be annoying, but fundamentally it's not really a big deal, at least not for me. But some accounts/services are connected to all sorts of things and much more important than some HN account and connect to "real life" in much more complex and impactful ways. You can't on one hand have a service wanting to become central in people's lives but on the other hand also just shrug at the edge cases and pretend it's not your responsibility when people get screwed over.
The solution to that is to make the increasingly intrusive security processes an opt in, not to completely write off anyone who can't reliably keep a particular physical device on their person and working indefinitely.
> The solution to that is to make the increasingly intrusive security processes an opt in
Absolutely. A common phrase is "mechanism, not policy". The service providers should be enabling all kinds of mechanisms for account level security so users can pick what works best for them. They should absolutely not be imposing any kind of policy. That's where all the source of trouble comes from.
Only I know the threat models I care about for any particular account I have.
For some of them, preventing unauthorized access is the top priority and I'll enable geofencing, 2FA, hardware tokens.
For other accounts, availability is an absolute must and more important than anything else so for those I'll just have a strong password.
Only I can possibly know the correct answer, so for a service provider to come in an impose their policy on my requirements is fundamentally wrong.
> Only I know the threat models I care about for any particular account I have.
You are not neccesarily the person being negatively effective.
Email service providers are all about reputation so their stuff isn't marked as spam. When your account gets hacked and starts sending viagra ads, you are not the one who suffers the fall out.
There are lots of email providers out there with different policies. One of the reasons gmail is popular is because of these policies.
Gmail is already a well-known spammer. Loads of spam come from Google, I see it everyday, by far the biggest source of spam I see. Unfortunately, they're also so big, with so many legitimate users, that you can't block them wholesale if you're expecting to deal with the public, many of whom have a gmail address.
In that case I think it's fine to have a default security profile, and let people add or remove things as they see fit. On account creation, they could even present a questionnaire that determines whether the user values security or availability more, and set the security requirements accordingly.
It used to be opt in until the icloud hacking saga where the public demanded something be done. So it was decided users want mandatory security by default. Almost all of these services provide backup codes you can write down on paper as well.
Sure, some people are going to lose their only device and the bit of paper, but at that point if you have literally nothing to identify yourself with, it's going to be hard to provide a secure service to you.
It can still be opt out with a fallback on the old approach of security questions. The name of your first pet, your favorite teacher, etc.
It doesn't matter how much in general 2FA works out better for most people, there are lots of people for whom it is not viable. They know who they are. Give them an option that doesn't make their life worse.
OP knows who they are, but I would not be surprised if many poor/homeless users wouldn't realize they need to opt out of something until they find out the hard way when they're locked out and can't get back in.
That might help for a certain subset of people in this scenario, but there are also people with subtle mental conditions that, while capable of living productive lives, are also unable to deal with MFA. There are also the elderly and non tech-literate.
Tying someone's identity to their phone number is not the answer, though.
I have this at the moment - I'm travelling, moving country every few weeks, so I need a new SIM card and phone number every few weeks. My phone number is temporary at best.
I'd massively prefer to take the risk of my identity being stolen than constantly fighting security measures that assume people never change their phone number (or country of residence, etc).
You don't need to use a phone number for google. I don't have a phone number attached to my google account at all due to the risk of sim swapping despite asking my carrier to lock it, instead i have multiple hardware keys and devices + backup codes in a safe deposit box.
If Google ever thinks you're doing something suspicious, they'll just make you authenticate using a physical device instead, by way of Android functionality they never told you about or asked you about using. Hopefully they won't demand you authenticate on a device that's defunct.
luckily, so far, this doesn't involve the phone number. Google seems to know what my device is and how to reach it without needing to know the number. Little bit scary, but really useful.
You do for lots of other things (and many people have it for Google as well). Most banking or payment, a random selection of apps that decide you now need verification, new apps in the new country...
The problem here is there are ways to allow for both but they are labor intensive and Google (and other tech companies) do not like things that do not scale because it cost them $$$, they prefer no customer service and automation using Security as a cover for their poor practices.
In this instance if they need a code why is there not a process to hell use US Mail and send a paper code to the registered address of the account owner? Analog is often the solution to these type of problems
Maybe, since Google wants to be that important to people's lives, they should be force to have representatives, to whom one can go and have things sorted. Needs to check your id and then phones home (...) to get your account unlocked.
I think a part of the problem is that the US doesn't have a vast and widespread ecosystem of cheap, relatively simple, slightly rugged android phones like a developing nation market does.
Go look at what you can buy for an Android phone if you exchange 100 USD to rupees in Rawalpindi Pakistan for instance.
Now imagine you drop your phone or screw up its hardware somehow and want to get it repaired, you can probably fix it at a local repair shop (some 1-man operation in a tiny retail stall) for $20-30 max with basic hand tools. Those guys might have a collection of pieces of the same model phone you have, or the ability to take 4 dead phones and mix/match pieces to make 2 working ones out of them and then re-sell them, etc.
Is there anything I can do to help poor and homeless people with technology? I'm in New Zealand and I would like to find some more ways to help people.
Low hanging fruit: donate old but still usable tech to local programs that pass such out. Volunteering at local organizations that do such work is another possibility.
If tech is your thing, coolios. Run with that. Better to do something than to do nothing.
But if you really want to make a dent in homelessness, my research suggests that this is mostly a housing supply/housing affordability issue. We aren't building enough new housing and what we do build tends to be too big and tends to require a car to make life work, which is an additional big expense and -- at least for some people -- a logistical issue even if they had the money. Some handicapped people simply don't drive. Some seniors simply don't drive anymore. Etc.
So if you really want to work on homelessness, I would encourage you to educate yourself about housing issues in your neck of the woods and try to get involved. I write about my ideas about what I would like to see for the US here if you want to look that over: https://projectsro.blogspot.com/
Edit: One suggestion from me would be to try and start the dead phone connected to power but with the battery physically removed (assuming it's removable). That might bypass whatever issue it's having and let it start up.