> A few days ago, I was prompted to verify my phone number by Google. Immediately after completing the verification, I received an email notifying me that Google had overwritten all my personal information. It turns out that because my mom is the one paying the phone bill, they automatically "verified" the name on my account to be hers and updated everything on my account without my consent.
It sounds like someone at Google (not necessarily a programmer) needs to read "Falsehoods Programmers Believe About Phone Numbers:"
> 4. A phone number uniquely identifies an individual
- Projects under the `google` GitHub organization is from Google itself (Google for some reason force projects from Google employees to be umbrellaed under their own organization for some reason, even if it's a personal project)
- Google follows their own rules (applies to any "Big Tech" company)
- Google actually cares about correcting mistakes unless they hit the news/social media
- YouTube and Google tries to make the experience for you, the consumer (on YouTube: consumer = creators + viewers), as good as they can
I think they mean that just because code is under github.com/google, it doesn't make it an "official" Google thing.
For example, yapf[0] is under the Google Github org but has the disclaimer:
>Note YAPF is not an official Google product (experimental or otherwise), it is just code that happens to be owned by Google.
libphonenumber doesn't have any similar disclaimer and does seem to be an "official" Google product, but it's hard to tell what Google considers official or not.
Google does not offer (m)any developer facing "official" products. Google offers "official" products for consumers or enterprises (e.g., Gmail, Cloud Platform), but all of their FOSS code, of which there are many, are all "unofficial"; they are FOSS projects that happen to be developed by Google employees but come with a normal zero liability FOSS license (as opposed to their "official" products, which do come with some liability user agreements/contracts).
> Google for some reason force projects from Google employees to be umbrellaed under their own organization for some reason, even if it's a personal project
I don't think that is true. Google employees can have regular personal projects. If you have a "personal" project that is done under the scope of your employment (e.g., you work on YouTube and you wrote a tool to, I dunno, manage Makefiles to help yourself and/or other coworkers, then that would be a "Google project" housed under `google` even though it's not an "official" product).
These decisions haven't been made by programmers in over 10 years.
These lists made sense in 2000-2010 when programmers had the autonomy ( in most corporations ) to decide on what feature to develop and how it should behave.
This hasn't been the case since the industry introduced roles such as product owner.
I've had to implement my fair share of anti patterns that I was fully aware would degrade the experience for the user. At the end of the day, the programmers have been reduced to essentially blue color workers that just do whatever the MBAs decide on.
Is anyone old enough to remember when Google was an aspirational place to work? They had the best engineers and were doing the best stuff, and people spoke their name with awe. Now it's just Microsoft with a salad bar.
> These lists made sense in 2000-2010 when programmers had the autonomy ( in most corporations ) to decide on what feature to develop and how it should behave.
Programmers are some of the most in-demand workers in the world. You wield significant influence. And any even-slightly-functional workplace will at least try to listen to the word of their experts.
Perhaps it’s possible you didn’t do enough to explain why you didn’t believe it was the right work to do, or if you did, perhaps there were other factors in play than “user experience.”
Also, uh, “I have to do what my boss says” doesn’t make you a blue collar worker.
If programmers are some of the most in-demand workers in the world, why do they have to send out over 1000 job applications and are still treated like trash by hiring processes? Hacker News is one of the few places on Earth where this belief that programmers are in control of everything still exists. Pretty much everywhere else has adapted to the reality where programmers are in great surplus, but the investor class won't be happy until it's a minimum wage job, or even better, an unpaid internship. No wonder HN has a reputation for being a bunch of out of touch Bay Area investors with little concept of the real world.
Programmers have control over things product owners and management don't care about. Frankly, those are things nobody but programmers cares about. When it comes to meaningful decisions that would either improve or harm the user experience, I have only ever seen programmers treated as advisors at best and obedient little foot soldiers at worst. And why wouldn't they be treated this way by MBA types? Programmers are a necessary evil that management would rather not exist at all. Just because there are startups founded by programmers doesn't mean that's the reality of the vast majority of the software industry, or that said startups won't soon replace their leadership with MBA bozos whose only goal is making it to the next quarter.
I know, I was exaggerating. I thought it was clear from my usage of the word "essentially".
> perhaps there were other factors in play than “user experience.”
Of course there were. There always are - chief among them the profitability, because selling the customer on stuff they didn't need is profitable. Especially if you frame it "right".
But that example is completely unrelated to this case, to very little value in getting deeper into it.
> Also, uh, “I have to do what my boss says” doesn’t make you a blue collar worker.
No, but it does make you a non-professional. The distinction between professionals and non-professionals is that members of professions have ethical obligations above and beyond their obligation to their employer.
You will not find lawyers willing to perjure themselves, accountants to cook your books, or civil engineers happy to sign off on deadly designs.
In contrast, software "engineers" are not professionals, we are hired goons and you can easily find a software monkey ready to build whatever atrocity you want for the right price.
You made 3 claims, all of them easily disproven. When someone else pushed the claim further, immediately disproven. All you have left to your comment is namecalling.
You're being intentionally obtuse and I suspect you understand full well the difference between professionals like accountants, doctors and lawyers (who, yes, on isolated occasions fail to uphold the standards of their profession) and software developers who are not professionals and operate as solo hired guns, absent any widely agreed ethical standards from a community of peers. It's not name-calling, it's a fact of life: If I refuse an instruction from my bosses, I get fired.
I'm going to stop here because this is just an exercise in silly faux ignorance on your part.
That wasn't part of the parent comment, but okay, here: Tesco finance chiefs accused of cooking the books and bullying the finance employees below them to misconduct themselves:
“The three defendants who are on trial in this case are not the foot soldiers who misconducted themselves. The defendants in this case are the generals – those who are in positions of trust, and who were paid huge compensation packages in order to safeguard the financial health of Tesco.
“These defendants encouraged the manipulation of profits and indeed pressurised others working under their control to misconduct themselves in such a way that the stock market was ultimately misled.”"
It was at least implied, I thought it was the whole point, because obviously there are malpractising professionals full stop:
> [...] ethical obligations above and beyond their obligation to their employer. You will not find lawyers willing [on behalf of their employer] to perjure themselves [...]
but based on their response to your the examples, :shrug:.
My point is that [ethical] professionals [who are not committing malpractice] have an obligation to their peers, as embodied in a professional code of ethics that is independent from and supersedes their obligation to their employers.
[Many/most ethical] accountants [who are not committing malpractice] will tell their employer, "no, I can't sign off on those fraudulent financial statements," but software developers [as a community, I'm sure someone will pop up with one colorful example] will not tell their employer, "No, I won't run fake bots on the site to inflate our user numbers," or "No, I won't implement this browser fingerprinting to violate our users' privacy."
The sibling commenter seems to be willfully misreading this as "all lawyers are ethical"
im sure it will be deleted/modified/adjusted/enhanced; though #1 is subjective, "unless it is essential" -> and right there, it is essential for google to do lookups of phone numbers to correct account ownership information based on another-companies paid services. "whenever possible try to provide" ... nope, it is never possible; phone validation or bust.
edit: i gotta change my first guess that it will be modified soon. google does not set the goal to not be evil, so they'll likely just leave the repo as-is, unattended.
quote:
1. An individual has a phone number
Some people do not own phones, or do not wish to provide you with their telephone number when asked. Do not require a user to provide a phone number unless it is essential, and whenever possible try to provide a fallback to accommodate these users.
An previous consumer of Android teams work, across NDK, Studio, Gradle, and userspace libraries, I think it does, and am quite happy that Android development is no longer something I have to care about.
Look it’s not perfect but then I hear you sing praises about like Oracle® CORBA™ with Accenture® Access II™ and I’m not entirely sure we have the same standards for code quality.
They are institutionally incapable of fixing it. Companies like Google are too big for that.
Individual workers and even entire teams don't matter. They are just another cog in a massive machine. Customer service representatives are forced to follow a script, and they are technically unable to deviate from it. After all, if there's an override button, it just takes one of your tens of thousands of minimum-wage workers to go rogue to end up with a massive compromise.
To fix it you need your manager's manager's manager to file a change request, which will be put on an endless backlog to be potentially looked at by two dozen teams a few years from now. And if it's not a frequently-occurring issue, it's not worth the effort. Google isn't going to fix it because as an organization they aren't even aware you exist. You are collateral damage, and they are totally fine with that.
The only way around this is to shortcut the entire process. Post on HN and hope some manager high enough in the policy/tech chain can be bothered to personally agenda the issue.
I wonder if there's any sort of quiet constraint outside of organizational inertia at work here. Telephone numbers were (are?) one of PRISM/XKeyScore's favorite "strong selectors," and Google, like all major players in communications, does things to make its services play well with the current iteration of surveillance tools. I wonder if the current, seemingly boneheaded approach to applying phone company data to account data via phone numbers, including overwriting names, is some new requirement of the surveillance system.
Or, change the country to Sweden and anyone can still look it up, even online :) Checkout hitta.se, ratsit.se or similar services.
Which reminds me that someone claimed that the income/amount of tax paid is the most private data American citizens have (the context was the DOGE/payments stuff), meanwhile every Swedish residents income is very public information.
Negotiating your salary is a whole other ballgame when you know your colleagues salary and your boss knows that you know :)
There were "reverse directories" for phone->name, though you didn't get one delivered to your house with your phone subscription. You could also call directory assistance.
Yeah but I also remember that when I signed up for phone service, I could opt out of being in the phonebook at all if I wanted to. And you'd have to wait up to a year before the new phone books came out with updated information.
> It sounds like someone at Google (not necessarily a programmer) needs to read "Falsehoods Programmers Believe About Phone Numbers:"
>> 4. A phone number uniquely identifies an individual
But that has nothing to do with this. The idea here is that whoever is paying the phone bill is the same person who uses the phone. Nobody believes that.
I have an Indian colleague whose dad was in some kind of coma for few months after an accident. He had a real crazy time keeping the house running. His dad's number was attached to all kinds of bills - electricity, gas, milk, water, internet, cable, newspapers etc. Most of the services would send a verification sms to his dad's phone for any kind of interaction. No one knew the password. And it turned into a major nightmare. It wasn't just a question of paying the bills. Lot of these services had to be shutdown or have settings changed temporarily. And each one had a different set of documents/processes required to prove he was a relative.
The only place where the phone number really matters in India is when dealing with banks, AADHAR and the phone company.
Phone/Gas/Electricity/Internet/Cable etc bills can be paid through any of the hundred-odd mobile wallet apps. Other than some exceptional cases, none of them require access to the linked phone number.
It is related. The belief that a phone number maps to a single person, the one paying the the phone bill, is a form of belief that a phone number uniquely identifies an individual. The reality is that the number identifies two individuals: the mom paying the bill and the user of the phone.
According to the bizarre anecdote in this HN submission, the person who pays for the phone bill must be the person who is validating a YouTube account with that phone number.
Validating an account with a phone number constitutes phone use so, yes, Google and Youtube have shown an instance of belief that the person paying is the same as the person who uses.
To be completely fair, Android also allows having multiple sims and phone numbers on a single phone. I've never heard of people sharing a device without sharing the number, but it's possible.
This belief gets very interesting with company phones, where 1 person pays several hundreds/thousand phones. Oh wait, that's not a person but a legal entity?
I don't even want to guess the percentage of couples where one partner pays for (both, maybe three) phones/landlines, and that's ignoring all children, underage or not.
Don't remember what service exactly (Paypal I think?) that some time ago asks for me to "verify" the account by showing some bills with my name. At that point, the only utility bills they accepted for the verification, were all in my wife's name, which they didn't accept, so now I no longer have Paypal.
Good point. I actually think we're both on some of the statements, so that's at least one problem I wouldn't have. Still ridiculous overall, of course.
I’m sure the police would come to my door, but I could show records of it not really being “my phone number”.
Family plans are pretty common here, so I wouldn’t expect too much friction.
I would absolutely cooperate (obviously through a lawyer) with records if someone else on my family plan did something illegal.
I also have records showing that they pay me for the line.
Also yes, it would be a huge hassle. The probability of that happening is small, and I’m willing to risk it like many other things in life. I only do this for very trusted people.
I have some very bad news for you how ID works in countries that don't have national ID systems: companies use all sorts of awful hacks instead.
The UK treats "utility bills" as proof of address. Yes, these are trivially forgeable and often incorrect. Yes, it's a big pain that you don't exist if you're not paying bills.
> The UK treats "utility bills" as proof of address. Yes, these are trivially forgeable and often incorrect. Yes, it's a big pain that you don't exist if you're not paying bills.
Spent the last few months trying to explain to a randomly changing E.ON representative how unacceptable it was for them to send bills with my name on it to a non-existent address.
I moved out of the country in 2018.
They've offered me £10 credit. That I can't use, because I left the country.
I need to gather all the emails together and send them to the ombudsman, but there's around 80 emails now.
I've always vaguely wondered how the US knows who to tax, if they have no complete, trustworthy register of who the citizens are and where they live. It presumably works, I just don't understand how.
They rely on a number of inefficient proxy systems, like the UK: making employers keep track of the tax of employees, and making all the banks report "suspicious" transactions.
The US even tries to make its overseas nationals pay tax. As a result, everyone everywhere in the world who wants to get paid by Amazon has to sign a US tax form saying they're not a US taxpayer.
How does that even work these days? Taking a picture of a bill physically mailed to you is bad enough, but all of my utility bills nowadays are nothing more than an email! How's that supposed to prove anything?
I mean, I guess you could do something with the DKIM signature, but good luck getting non-technical people to forward a mail in a way which leaves that intact. Realistically the best you're getting is a butchered screenshot.
The rationale of that falsehood¹ addresses that point:
>> It wasn't even that long ago that mobile phones didn't exist, and it was common for an entire household to share one fixed-line telephone number. In some parts of the world, this is still true, and relatives (or even friends) share a single phone number. Many phone services (especially for businesses) allow multiple inbound calls to or outbound calls from the same phone number.
How does that address the point? They've got nothing to do with each other. Our example user isn't sharing a phone number with his mom. He's having his phone bill paid by his mom. It is correct to believe that the number uniquely identifies him. Explaining that "all phone numbers uniquely identify a single individual" is false doesn't matter in any way, because it isn't false as applied to the phone number that's giving us trouble. That number uniquely identifies an individual.
This should be a hint that you've misdiagnosed the problem... shouldn't it?
> Our example user isn't sharing a phone number with his mom. He's having his phone bill paid by his mom.
Having his phone bill paid by his mom makes it his mom's phone number by default; it's then shared with him, making it a non-unique identifier. That's why it falls into Falsehood #4 (and likely into Falsehood #3, assuming that his mom has a separate phone number that she doesn't share with anyone else).
> Having his phone bill paid by his mom makes it his mom's phone number by default;
No, it makes his mom the account owner. Just because I pay the bill for mine and my wife’s phones doesn’t mean her number is actually my number. Imagine operating a company and the CEO isn’t the one paying the phone bill, it’s the accountant, and you claimed that it’s not the CEO’s phone number, it’s actually the accountant’s, but it’s shared with the CEO. It’s nonsensical. The number is assigned to a person on the account which has nothing to do with who pays the bill.
Which makes the phone numbers under her account hers.
> Just because I pay the bill for mine and my wife’s phones doesn’t mean her number is actually my number.
It absolutely does mean that her number is actually your number. That you choose to share it with her doesn't change that; you can revoke that sharing at any time, or even cancel the line entirely.
(And of course, if both of you jointly own the account, then the numbers therein would simultaneously belong to both of you.)
> Imagine operating a company and the CEO isn’t the one paying the phone bill, it’s the accountant, and you claimed that it’s not the CEO’s phone number, it’s actually the accountant’s, but it’s shared with the CEO.
Is the phone bill under the accountant's name and paid from the accountant's personal bank account in this hypothetical? Or is it under her employer's name, and paid from her employer's bank account? The answer to that question determines the owner of the CEO's phone number, and in neither case is the CEO himself personally the owner of that number.
> The number is assigned to a person on the account which has nothing to do with who pays the bill.
And if that assigned person was the son then it would've been the son's name that Google pulled instead of his mother's, and Google's ignorance of its own advice would've gone unnoticed.
You don’t know how phone numbers work… and you’re making really bad assumptions through your entire post. Just like shipping addresses are different than billing addresses, account owners are different than account payers are different than account assignees. Google is tying to account payers, not assignees. This is clearly incorrect to everyone else in this comment section.
> You don’t know how phone numbers work… and you’re making really bad assumptions through your entire post.
My understanding and assumptions are evidently no worse than yours.
> account owners are different than account payers are different than account assignees
For residential/personal phone plans, they are not. In my T-Mobile account there is exactly one person who can be designated as the owner, payer, and assignee for all of the lines on my account, that person being me. I can at most change the label on a given line, but that label can be literally anything.
> Google is tying to account payers, not assignees.
There is no notion of an "assignee" from any perspective that Google can see. There is only the account payer, which is one and the same with the account owner.
(If the payer is not the owner, then that's called fraud and is a crime in most countries.)
> This is clearly incorrect to everyone else in this comment section.
And it's also clearly incorrect by Google's own guidelines as quoted above. That's the entirety of my point.
We're obviously not going to change each other's minds, so this is probably the point where we should agree to disagree and move on. Last word's yours.
Your quote disproves you. That explanation does not address the point of who pays. It addresses what point 4 is actually about, multiple people sharing a number, which is not happening here.
Lots of us have had to implement changes we've disagreed with or pushed back on, but this one looks so obviously wrong, it's particularly mind boggling.
I'm almost inclined to think maybe the process/tech isn't designed to do this and there's a bug, or somebody tasked with a manual verification made an outright mistake, or something else went off the rails. Any number of this could have gone wrong.
Then I think of the number of sites and services that have started asking for phone numbers, as if they believe doing it over and over will somehow change the nature of telephony--it would probably be a mistake for me to give Google or any of these other companies the benefit of the doubt.
We should stop normalizing giving phone numbers out to companies. If I don't want you to call me, why would I give you my phone number. And on the other side of that coin, why do you want my phone number if you're not planning to call me? It's not an identifier. Just don't do it.
Same with social security numbers. You don't get it unless I expect you to send me a tax-related form at tax time.
And physical addresses while we are at it. If you are shipping me something you need my address, but the fact that this became a mandatory part of authenticating credit card purchases is so invasive and provides practicaly no real security.
Depending on jurisdictions, it may not be about security, but just a regulatory requirement. I need to confirm any transaction made in the bank's app on my phone, so I feel my card is sufficiently secure in that sense. However, businesses here are required to collect my billing information for transactions that do not happen in person and unfortunately address is defined to be a part of that.
That said, I fully agree with you. I see little reason that buying, for example, a video game online needs my billing information more than walking into a store and buying it there, possibly with the same card.
This just reminded me of a quote: "If cash were invented today, it would be illegal." I forget who (first) said it, but it rings true.
> I see little reason that buying, for example, a video game online needs my billing information more than walking into a store and buying it there, possibly with the same card.
In your latter example, a nexus clearly exists between the business selling you a video game and the state, so sales tax collection is patently obvious.
When you buy online, they have to ask - it’s the only way to figure out the proper jurisdiction.
> but the fact that this became a mandatory part of authenticating credit card purchases is so invasive and provides practicaly no real security
This is insurance against fraud where the card number is stolen and goods are ordered to a location other than the cardholder address. Which the merchant doesn't want to be liable for. So most places will only ship high value goods (sometimes any goods) to the cardholder address.
The real security is now "enhanced verification", i.e. some sort of second factor and/or password in addition to the card. But this is much more annoying to use.
Every time I sign up for something that requires a phone number it says I already have an account because the previous user of the number signed up. I guess I should take over their Venmo/etc and hope a bank account is still linked.
I think that is mostly because the perpetrators are often in a different country than victims.
There is no global law or enforcement of rules, but the internet is global.
That is a fundamental mismatch in my eyes.
or ... because huge companies make a ton of money from it and pay lobbyist enough
Like it really isn't that rare to have issues where people tell you "nothing can be done, it's from outside of our country" or similar. And then you travel and realize, it's a "your country" issue and many or even most other countries have fixed it or at least massively reduced it and the whole "criminals are in another country" thing didn't prevent them from fixing it...
This e.g. is the case for US spam/scam/robo calls (which isn't "fully fixed" anywhere but starkly reduced by in many places including e.g. the EU).
>or ... because huge companies make a ton of money from it and pay lobbyist enough
Which companies are making money off frauds like pig butchering scams? I think you're overestimating how competent the state is and underestimating how hard it is to solve problems like these. For instance, we can barely dissuade other countries from buying Iranian and Russian oil, and there's pretty much bipartisan consensus on that.
And they're lobbying against which regulations that would stop them?
>Have you thought of blocking countries that permit malicious activity to cross international borders? Have you thought of blocking their IP addresses?
The financial system is far more centralized than the internet and at least theoretically has KYC, but US sanctions against enemy states, terrorist groups, and drug gangs are as airtight as a sieve. What makes you so sure that IP blocking countries will have any effect, when anyone can buy a no-log VPN for $5/month?
> What makes you so sure that IP blocking countries will have any effect
because it did work in the EU as one example
(that is, if complemented with other things I would have to look up. E.g. a lot of phone fraud is illegal in the country it comes from too, which opens up many possibilities for cross country cooperations (or pressure) to shut them down you)
Mainly you have to
- not thinking in absolutes, rarely can a problem be perfectly 100% be removed, but that doesn't matter making something much better is already a huge step forward.
- identifying likely path to improve things, and then trying it
- if it fails, give it a proper fact based analysis so that future tries can learn from it instead of just saying "see can't be solved"
But what I see a lot is:
- solutions having shown to cause improvements aren't tried "because they aren't airtight/perfect"
- no proper analysis is done, instead of looking what works people look what "feels like it could work"
- a single solutions is very half assed/incompletely tried and after it predictably fails people argue "see nothing can be done so let's not even try" instead of actually analyzing why it failed
> I think that is mostly because the perpetrators are often in a different country than victims.
So, your comment here is moving the goalpost:
> What makes you so sure that IP blocking countries will have any effect, when anyone can buy a no-log VPN for $5/month?
If it's malicious activity behind VPNs in foreign countries, then see previous comment about blocking foreign countries. Block foreign countries at the interconnect until they enact and enforce laws which address the malicious activity.
If it's malicious activity behind VPNs in your own country then you need only convince your law enforcement to enforce existing computer crime laws. Renting a server for $5/mo requires payment and payment provides a name & address to prosecute. All you need is to demonstrate that the malicious activity originated from the rented IP address and during the rental period.
There's no point in implementing measures that would be trivially bypassed but cause great economic and societal harm in the process (ie. creating some sort of KYC regime for the internet, or causing millions to be cut off from the internet). China, arguably one of the most draconian states out there, and the home of pig butchering scams can barely keep a lid on it. Countries like the US that emphasize civil liberties and free trade don't stand a chance.
>If it's malicious activity behind VPNs in your own country then you need only convince your law enforcement to enforce existing computer crime laws. Renting a server for $5/mo requires payment and payment provides a name & address to prosecute.
You can pay for no-log VPNs using crypto or anonymous gift cards. Apple, Google, and others even have 2-hop VPNs that theoretically make it impossible for the provider to log connections even if they wanted to. Not to mention, there are many countries, including the US where you can get prepaid SIMs without presenting any sort of ID and pay with cash. Even if you were some how able to enforce an airtight KYC regime for the internet (doubtful, given how well that works for the financial system), you still have to contend with compromised routers/IOT devices and shady apps that act as proxies for bad guys.
As I mentioned in my previous comment, China has tried "something" and came up empty handed. It makes little sense to follow in their footsteps just so some snarky internet commenters can't invoke "we've tried nothing and we're all out of ideas".
On the one hand it makes spam more difficult on the other hand it makes breaking into someones most personal accounts way more simple, just have to convince the phone carrier customer support and then you get into the Apple account and all their other passwords.
Usually a bit less dangerous to give away though, most of my friends and coworkers have my personal id, because it also doubles as a bank account number
Not that it matters on the context of giving away information
Most people wouldn't but I do ocasionally see some posted online, it should never change, there's a second number that's usually used to validate further, and that one gets changed every time you renew you ID Document
On the operation side of things,
requiring phone number greatly reduce throwaway accounts and spam. You can't kill all spam, but it is down to a manageable level.
Yes, some legitimate user can't sign up. Depends on what business you are in, and how much budget you put into spam/abuse prevention, this may or may not make sense.
That’s unfortunately the best you can get without a personal identification number. G is doing their best to establish your identity in the context, that actively tries to prevent them from doing so. Solving contradictory requirements will lead to nonsensical situations
Just the other day I was trying to create a new Google account, and was surprised by how much PII it was asking from me. I have a handful of Google accounts, the newest one created I think almost of a decade ago? I don't remember I needed any PII to create them, no phone number, no credit card, etc.
Google has been insisting for years that they need my date of birth "to comply with the law" (which law is not specified). Never mind that my account is more than twenty years old, and I've attached plenty of credit cards and devices and addresses to that account. I'm able to skip the nag screen, but I do worry that Google are going to get in big trouble one of these days and it'll be all my fault.
Not one for defending corporations, but most places have some variation of "No people under X age should be on the internet unsupervised", and that one usually isn't satisfied with "It's an old account"
How seriously is this enforced varies, Twitch insta bans you for saying things to the effect of "I'm twelve years old"
I by chance registered several new Google accounts lately. It was a few months ago so things might have changed.
You don't need a credit card to register a Google account.
As for the phone number, IIRC you do need to provide one during the registration but that number isn't automatically associated with your account, it's there more to prevent spamming I think. Also you can re-use the same number (to certain degree, at least; I have 4 accounts registered with the same number).
Please note that I'm not saying this is ideal, but compared to some other "major" services, Google is actually on the easier side for registering an account.
I had something a little similar happen when I listed my Airbnb apartment on Google Maps.
In their infinite wisdom, Maps decided it'd be best to merge my listing with the listing for the building it's in - but also gave me admin rights over the entire building's listing.
Support refused to fathom that I don't want to have any degree of Maps authority over something that does not belong to me (though I could have definitely used this to my advantage for increasing bookings), and their instructions to unsplit/remove myself never worked.
I had a similar experience but I wanted it that way. The listing for my residential society (comprising of 30+ buildings) was being hijacked by Real Estate brokers and internet service providers. I went on a discord server where Google employees were known to hang out and informally help people - they gave me ownership of the listing. This has allowed me to reject updates various businesses in the area try to push every few months.
Google maps hijacking has become a huge issue in my country where scammers update the contact details of local businesses without their knowledge and then scam unsuspecting people calling to place orders or book a stay. The vast majority of business owners don't even know they can / should take ownership of their maps listing.
I found it via the Google sub-reddit. There appears to have been some kind of internal clampdown, I just checked and the Google Discord server has been renamed to The Tech Collective (https://discord.gg/techcollective). No idea if employees at Google are still a part of it.
Over here in Belgium telcos will reuse mobile telephone numbers if the client leaves without transfering the number to a new service.
This results in people getting a new mobile subscription with a number that can not be used to create a new Google account (this number has been used too many times), or e.g. get the Whatsapp account from the previous owner (as you recover the account by a text to the number)
Since the advent of cell phones and free long distance, people tend to keep a single number for longer, but there used to be a trope about getting wrong number calls for someone who had died and had his number recycled.
This really sucks. Why is it so important to know someone's legal name, anyway? If their content is problematic, delete it. If it's not, let them use a pseudonym.
What is the appetite for self-hosting streams? I've worked at a variety of ISP gigs and really don't think the bandwidth cost is that crazy of a blocker. But would any streamers ever WANT to self-host something? I feel like people would love to throw off the shackles of YouTube and Twitch, but are probably less enthused about not having their channel advertised to the platform's users. Things like maintaining your own Stripe account also sucks.
(My angle is charging for software to do this, not making another hosted service. Just don't think there is actually a market. Complaining on Reddit when the bureaucracy of Twitch/YouTube stymies you seems to be 100% effective. But will it always be?)
This really sucks. Why is it so important to know someone's legal name, anyway?
They have to know his legal name, because they are paying him. His core issue is around monetization, caused by the personal info screw up. The "Know Your Customer" laws are a nightmare and are the root of a lot of this kind of horrible bureaucracy.
Do know your customer laws apply to Alphabet? I thought that was for banks. I assume Alphabet needs the info for tax purposes though due to needing to report payments and issue 1099s.
Any sufficiently large company ends up being pretty much everything. Google is almost certainly a money transmission service (among other things) given that Google Pay exists, and they probably run YouTube payouts through the same legal infrastructure.
Well you wouldn't want Youtube to pay e.g. terrorists (or other sanctioned entities) for their videos, so wouldn't it make sense for them to try and get a name then run a sanctions check on the name?
> I feel like people would love to throw off the shackles of YouTube and Twitch, but are probably less enthused about not having their channel advertised to the platform's users. Things like maintaining your own Stripe account also sucks.
I get the impression that's basically it. You've got to go where the audience is. Even Hololive who are big enough to have their own platform haven't attempted to do this. Bureaucracy aside, youtube is also pretty reliable at global scale.
- discoverability is non existing, e.g. being somtimes on the frontpage of twitch does make a difference in how much you earn (through highly varying depending on how niche your content is), similar raids or even the neglected "viewers which watch this stream also watch" corner do help.
- Platform switching cost, a lot of users don't want to use other platforms then what they are already using. Most streamers have discovered that switching platforms will not carry over most users.
- Cross Platform cost, toady a ton of people want things in a app.
- payment systems, paying on twitch for a sub is one thing, but one some random website .. eh. Same but worst for bits, supper chats. With YT/Twitch people have their payment system potentially already setup. So it's just one click. On your website they don't and and might not want to.
- net neutrality not being a thing everywhere cost, i.e. you don't have to pay for bandwidth only once, but many times, including in places you don't even know you have to with consequences being subtle like some viewers streams always struggling etc. Which effectively will cost you viewers and with that money.
- live cross encoding cost, is also easy to underestimate
- software maintenance cost, especially if you aren't a system admin/software engineer this is huge
- reliability cost, if your stream is down to often it will make people leave
because if their content isn't just problematic but criminal "just" deleting it isn't enough
if you "just delete" it and don't allow any effective way for suing the people which uploaded it then it's just a matter of time until you will get sued and held responsible for it
For paying out money it is likely a legal requirement, it sounds like it is advertising revenue this person is cut off from. Google's methods are idiotic here, especially since they seem perfectly willing to share other proof of identity.
My latest protip when the normal procedure isn’t going anywhere is to send your complaint to a big org’s legal department, whether it’s of legal nature or not.
You can at least be assured the letter reader will be literate.
And might even get good support for wherever it ends up because it will be forwarded from the legal department.
This was a bank. Basically an extension of patio11’s advice to contact shareholder relations.
With the software giants, you get the best results by sending your complaint to Hacker News. Your issue will actually be noticed by someone who can help
Not at google, but someone took a plane ride to ask about a $20 billing error in person at a company I worked at. We definitely don't do in person customer support, and the flight must have been more than the billing error, so front desk gently encouraged him to fly back home and make sure someone responded to his ticket.
I sincerely hope (and assume) “make” was a type for “made” there. That the front desk staffer, not the aggrieved customer, “made” somebody respond to the customer’s original ticket.
This looks like something out of the 1937 book How to Win Friends and Influence People and ends with "they prospered together forever and customer would later find the mistake from his side".
Yes but they can also very well say "sorry, we're not tech support, bye" and stand there looking at you. This is exceptionally easy to do if there are 5 people a day coming in for that reason.
You act like an organization is a single person. The person saying "Sorry, I can't help you" when you visit Google headquarters is not the one ruining your income.
It made me disconcertingly furious on behalf of that customer to read your message, which, however you meant it, echoed in my mind as "you have no hope, don't show up in person, don't do anything except accept that BigCo screwed you, the world is unfair and you lost hahahahaha".
We might wish for every customer to muster infinite patience no matter how poorly treated, but when a company behaves as unreasonably as described in this story about YouTube, it's not solely the fault of the customer finally losing their shit when "front desk" turns into "front line".
"Hire armed guards to protect the company from its own customers" is a wonderfully apt summary of the modern tech approach to customer service.
If a company doesn't have a real human helpdesk for dispute resolution, fronting onto the people who have to man a desk to direct visitors to the right meeting room, or handle incoming calls to corporate offices, is just wrong.
I'm a customer of google. I pay them money. I would never, EVER recommend that people front into the Mountain View, or any other google office worldwide to discuss their issues. Never.
If the company makes the person manning the front desk the only human customers can get in touch with, that's on the company, not customers with a critical issue who just needs a person to understand and rectify the company's mistake.
It's not wrong to talk to the people at the front desk about their company's bullshit practices. I don't have to be a customer, and neither do you have to be an employee. Dealing with people who need help dealing with your company is not going to fucking kill you.
I find it highly unlikely that someone politely asked for help having an issue resolved and it gave the receptionist PTSD and required armed security. I expect you're instead speaking about a situation where someone showed up and acted in a violent/threatening manner, which the post you are replying to did not endorse, which should not be used to justify keeping upstanding people from trying to get support.
No part of Mountain View is set up to handle the queue of customers of Google seeking restitution. Other major corporates have this problem too. You don't fix the problem with your gas account overcharging by going to the Exxon head office.
Google is a bit of a shit company when it comes to customer service, but suggesting you can front into their space to get it addressed is really not ok.
The problem is the lack of a real service you really can approach. Not, that they wind up needing rent-a-cop in the lobby.
If people casually recommend simply visiting the campus of Apple, Meta, Google to get customer disputes settled, then its a low bar prediction it's going to get bad.
Saying "bit of a shit" about company who practically destroyed 20 years of someone data,by blocking account against all facts customer and police provided it not "a bit". This is pure evil.
https://www.businessinsider.com/google-reported-dad-police-p...
> Immediately after completing the verification, I received an email notifying me that Google had overwritten all my personal information. It turns out that because my mom is the one paying the phone bill, they automatically "verified" the name on my account to be hers
How is Google or YT able to determine the subscriber behind a phone number? Caller ID lookup?
That's a service most (all?) post-paid phone numbers provide in the US. It's one of the reasons FB won't (or didn't used to) let you create an account on a lot of the lower-cost cell providers.
Twilio's verification API for instance has this[1] but only for US targets. Though the person in the OP is from the UK. I wonder how many other countries' carriers have non-business caller name lookups.
The other aspect would be if Google were able to cross-reference address book contacts that were obtained from permissions from their apps/services to check what name is most commonly associated with that number.
Is this just caller id? The system supports it but many end users choose not to pay to access it, or don't know how to configure it. Remember it generally is totally unverified.
I ended up being on a bunch of conference calls during COVID, and from what I recall, there was a roughly (it varied significantly between calls) even split between:
* caller ID shows the correct name (but maybe misspelled, though misspellings were more common when the host tried to add/correct information from one of the other types)
* caller ID shows the name of a spouse/parent/sibling (one notable example: husband and wife both joined the call separately, both with the husband's name, but one including the middle initial)
* caller ID shows the name of somebody vaguely involved with the actual person for some reason
* caller ID just shows something generic, like a brand or "wireless caller"
* caller ID fails so just a number
Maybe 1% of users used the app and so didn't have an associated phone number, just a username/email. At some point I was surprised to discover that video calls were in fact supported.
No, the information is associated with the payer of an account. I'm not sure the underlying data source (probably Experian and friends?), but there are a number of services providing that sort of phone/identify "verification". It's orthogonal to caller ID.
He said the form he was filling up asked for the name and address of the billed phone number. So he provided google with the info and google automatically changed everything to what he has provided without any other proof.
Yes. It was called a city directory and salespeople would frequently own them. My dad’s also had listings of every street, showing the people living at each address.
Fortunately they were able to reach the only reliable Google support desk: The HN front page. Getting this resolved via Google's official channels is about very unlikely, but now their issue has reached the eyes of people who actually can help
It's 2025, and the split-brain world of Google vs YouTube vs AdSense accounts has still not been solved, and is only getting worse. It seems you need to be an expert in how Google backend is structured to get anything done on YouTube. To my understanding:
Google account: everyone knows what it is, your personal account. Unless you have GSuite, then nobody knows what it's meant to be and let you do.
YouTube account (channel): there is now a many-to-many relation between Google accounts and YouTube accounts, but they otherwise function pretty much like pre-Google+ YouTube accounts. You can even change the primary Google account of a YouTube account, that requires clicking a button and waiting for a week. Then there is this brand vs non-brand distinction, where you can convert from non-brand to brand, but not the other way around, and some stuff used to work only with one of these types. And I think nowadays there is some way to make a Google account without a (named) YouTube channel, if you're just a viewer that doesn't even comment or create playlists, but there is not much reason to do that.
AdSense account: A billing account, once again with many-to-many mapping to Google accounts, and also many-to-many [0] mapping to AdSense projects ("sites"). Requires unique billing details, and apparently unique address as well [1], but otherwise shouldn't do much.
So in the linked situation, I think editing Google account login info changed the AdSense account details, which is definitely unexpected. YouTube account was probably not the problem here, I suspect the author would have had same issue if they were selling ads on a website instead of YouTube channel, though of course you have to use different AdSense UI if you sell ads on Youtube vs on the web, which probably further complicates things.
Anyway, since it hit the frontpage of ~~Google's only working support channel~~ HackerNews, it will soon be solved (for that single creator only, probably).
The only good solutions to this mess seem to be to either make YouTube account a standalone thing (cutting AdSense from the picture, and using Google accounts only for authentication), or to decouple all the accounts and make links between them more configurable / clear. Anything in-between, and we get (waves hands) this.
But both of these solutions would also make it too clear where to cut if/when the Google antitrust process comes, which doesn't make me think it will happen anytime soon.
This is the only correct answer, and luckily the person who started the Reddit thread has picked up on it too. The only problem is that it’s not going to be quick, but there aren’t any other solutions.
I'm not sure if there have been any rulings on this so I don't know what lawyers say about this but based on a layperson's reading of the GDPR, I would expect that the company can not simply unilaterally delete the user's data in response to a request to have their data corrected as the user retains ownership of their data (the terms of service may grant a license for specific purposes but any clauses that would waive your basic rights would be unenforceable and void).
I know that companies (especially in the US) tend to stuff everything they can think of in the ToS or EULA but generally European courts seem to hold the opinion that they're not allowed to contain "surprising" clauses and it's generally not possible to waive your rights (e.g. you can't waive your copyright but you can grant a license functionally equivalent to putting a work in the public domain in the US). I suspect UK courts may still rule similarly with regard to data ownership.
I just cannot believe sometimes how broken YouTube's support system is. And the irony of YouTube treating their automated mistake as irreversible while expecting creators to just deal with it is maddening
I'm surprised they got the phone account owner's details. Maybe what really happened is that his mum previously used the same number for something on Google before giving the phone to him, so YouTube thinks he's her. Still inexcusable since people can and do give their phone to somebody else like this.
Another reason to never give companies your phone number is because as soon as you do simswappers will be able to take over your account-- seems once a company knows a phone number they will simply be unable to resist "recovering" your account for someone who can receive SMSes at it.
here's my redirector `https?://www\.reddit\.com(?!/(?:(?:media|gallery|settings)\b|r/\w+/s/))([/#?].*)?` regex that fixes `/s/` links as well as many others
I vaguely remember once browsing the depths of Verizon settings pages and found something under privacy section, and immediately switched it to ‘Do not agree’.
I don’t think I had any issues because of it, but it’s really infuriating that the default is of course “Agree to give my data to everyone for all purposes”.
Setting name was:
> With your authorization, Verizon provides certain account, device, and profile data related to your Verizon account to third parties for the purpose of helping companies you do business with verify your identity and help protect you against identity theft and account takeover.
AIUI the VTuber scene is very YouTube-centric compared to most other streaming subcultures, so it's easier said than done in this case. If they're doing this professionally (or trying to) then they need to be where the audience is.
There are two almost distinct VTuber cultures. One is Twitch-based, livestream-oriented, and sees vtubing as an extension of individual livestreaming. Another is YouTube-based, balances livestreaming with VODs and recorded videos (particularly music videos), and sees vtubing as an idol-unit-style group activity.
I think it may actually depend on the region, Japanese VTubers seem to primarily stream on YouTube but international VTubers lean more towards Twitch. Maybe OP could jump ship in that case.
Is it possible that being a VTuber isn't a sustainable profession, then?
If only one company exists that can pay people to perform your role, and that company capriciously locked random employees out of all systems over a misunderstanding, and it's seemingly impossible to start up a competitor or find any other way to get paid doing it... maybe find another job?
It most certainly is. In most cases, it is much easier to find a job while you have a job than it is to find a job when you don't have a job. The action isn't "quit preemptively", the action is finding another job now, instead of making some other investment you would With your time today.
Why should someone give up pre-emptively on the thing they want to do simply because of a risk of corporate bullshit? You're just saying "get a real job", the classic dismissal of creatives everywhere.
I miss the days of discovering random sites that had their own content. I remember discovering the warez scene and using IRC to snatch up the latest discography or film. I think I discovered new films and music just by browsing what was served up.
It’s a shame torrenting never became mainstream for legitimate content. Commenting and community engagement can be distributed or federated like Lemmy or mastodon and “primary content” to be distributed/streamed via P2P.
Successful content creators can ultimately pay for VPS to help distribute/seed. And upstarts can share their content on their residential connection.
>I remember discovering the warez scene and using IRC to snatch up the latest discography or film. I think I discovered new films and music just by browsing what was served up.
In terms of discoverability their websites were better than the streamers of today - and we're going back 20+ years here. There's a strong argument to be made that price is only a small part in why people opt for piracy. The UI/UX is better, the support is better, even the situation around privacy is better provided you're going somewhere legit.
Agreed but sadly for something like Youtube it's basically impossible at this stage.
I've long replaced Mail, Maps, Calendar, Photos, Drive, etc with better alternatives from Apple and Microsoft.
> I've long replaced Mail, Maps, Calendar, Photos, Drive, etc with better alternatives from Apple and Microsoft.
Honestly it takes quite some cognitive dissonance to say that Apple's or Microsoft's products are better than Google's.
I've had multiple Microsoft accounts locked out. None of them were originally with Microsoft; they were with companies that were later bought out by Microsoft and then migrated to a Microsoft account. Goodbye Skype, Halo, Minecraft, etc. I won't ever use Office or an Xbox at this point.
And as far as Apple's concerned... well they talk the talk but their declining quality control demonstrates they don't really walk the walk. It doesn't take a genius to see where they're headed in another 10 years.
A while ago I wanted to use Visual Studio and it required a Microsoft account.
I decided I wanted to use Visual Studio enough that it was worth creating a Microsoft account for that purpose.
Then, I never did anything with the account other than use Visual Studio.
At some point, a message popped up in Visual Studio saying "the pattern of behavior for your account looks fraudulent, so we're disabling it". Visual Studio still worked fine.
I'm not sure what they were hoping would happen. They forced me to create an account I didn't want and had no use for, and then they shut it down for fraud when I didn't use it. OK?
> I'm not sure what they were hoping would happen. They forced me to create an account I didn't want and had no use for, and then they shut it down for fraud when I didn't use it. OK?
If that's all it was, then I'd just create throwaway accounts all day long.
But the writing is on the wall. Microsoft wants to associate the software you write with a Microsoft account. It builds "trust" and "legitimacy" when they can "verify" that the software being deployed into the Microsoft store (or elsewhere) was created with a specific developer with an associated Microsoft account. Data mine your git repository and associate your commit metadata (eg; name, email, etc) with other products just as they do already on GitHub. Give you extra benefits (free hosting! remove advertisements! gain extra visibility to recruiters!) if you write software that's popular, and especially if it's only available on Windows; or penalize you (you don't "qualify" for free hosting; it costs $ to remove advertisements from your app; your app has fewer enablements; your LinkedIn profile is less-visible to recruiters; etc) if you write software for other platforms (Linux, macOS, iOS, etc)...
I guess said much simpler: you see the Embrace part by Microsoft's actions. I see the Extend and Extinguish part being enabled by those actions.
In my experience, it's always been possible to use Visual Studio Community without a Microsoft account. It might recommend that you do, but you don't have to. I've been using it this way for years.
That is indeed a serious suggestion, and an absolutely correct one.
Transparency is a dependency of trust. Neither Google, Apple, nor Microsoft are transparent about the software they offer, the data that software collects, or how they use the data collected. They are in fact quite opaque about all of those things. The only assurance of privacy they offer is their word.
Apple does have the occasional third-party review of cryptography and whatnot.
Apple also have an actual, single phone support number in multiple languages and countries that you can use as a paying customer. Day and night with Google.
If I showed you that you were wrong, would you change your mind?
Usually when you ask this, people just tell you again why they're right. That means they aren't really open to changing their mind. If I can prove you're wrong, will you change your mind?
I'd absolutely change my mind if proven wrong. If any of those companies publish the source code of all the software running on their devices and servers (and can prove that said source code corresponds to what's actually deployed), then that'd be an excellent start.
"Neither Google, Apple, nor Microsoft are transparent about the software they offer, the data that software collects, or how they use the data collected."
Apple is very different than the other two here. Do you actually believe otherwise or are your goalposts just... set as to be useless?
Apple is not different from either of those two in any of those senses. No source code = no transparency. If I am incorrect about that - and Apple does openly publish all of the code that collects and interacts with their customers' data - then I would be overjoyed to be proven wrong.
That's a major component of what transparency entails, and that's what's a dependency of trust. No source code = no transparency, no transparency = no trust. Simple.
I'm at least trying to have a good-faith conversation. If you ain't interested in the same, then surely there are better things for you to do than to waste both of our time, no?
And while that's not an unreasonable rebuttal, my first argument (in agreement with yours) is that Google does not sell their users' information, and neither does Apple.
Being up in arms about the lack of privacy from Google is fair, and something I agree with. But Apple doesn't offer dramatically more privacy from Apple that I'm aware of. Both allow, but discourage, free accounts, and run ad networks (that they don't sell user information on)
I'm not even arguing there's no difference, just that there's less than everyone likes to pretend
As a person, not from UK can someone explain how could Google / YT obtain information about name/surname based solely on phone number. Isn't that GDPR infringement right there ? If my son were to use my phone anywhere, there is no consent on my part to share my personal information with the service provider.
Sadly in their business your revenue stream is either locked to YouTube or to Twitch. There aren't viable alternative services ATM and even if you set up i.e. patreon or some sort of stream tipping service, most viewers won't use it.
It sounds like someone at Google (not necessarily a programmer) needs to read "Falsehoods Programmers Believe About Phone Numbers:"
> 4. A phone number uniquely identifies an individual
What a bureaucratic nightmare.
reply