Google: Haven't provided your phone number? It'd be a shame if something happened to your email...
Gmail prompt to provide phone number sounds like a threat
Dumb take. All it's warning you is that without those, you won't have a way to recover your account it you lose your password or if it's hacked and someone changes it.
Yeah, I'm all for bashing companies regarding privacy and whatnot, but this is just informing/warning you about account security.
It's facetious though. They don't need phone numbers to verify you, they can just use TOTP codes which can be used by anybody. Ask yourself why they insist on you giving them your phone to enable TOTP, when there's no relation between the two. They want phone numbers because lots of people stick with one number all their life so it's an excellent means of identifying them.
People here don't realize how dumb the average user can be. I've helped countless people attempt to recover their accounts to which they forgot the password to because they were logged in on their computer and just went to it, and were shocked once they let the cookie expire.
Backup security questions? "Oh, I put random garbage there, there's no way I remember".
I've known people that end up with a new email more often than they end up with a new phone number for that exact reason. Or worse, they also got a new phone number without thinking about their 2FA SMS and lose a whole bunch of accounts.
With social engineering attacks all over the place, more and more companies just won't help you in the name of security.
Those users absolutely need to be nudged towards adding backup account recovery info.
Yeah, probably, but I've noticed lots of sites use security as an excuse to get your phone number. For my work account Google forced me to enable 2FA for security reasons, but wouldn't allow the authenticator, only my phone number, until they had it. Then I was allowed to switch to the authenticator. That was not a setting my employer could change, either, they tried for half an hour.
Phone numbers are used to congregate the your data that's collected on different sites to one profile. I'm pretty sure that is the main reason Google and others are pushing you so hard to give it up.
Phone numbers are an attack vector. Especially for 2FA.
Wait until they hear about this thing called a phone book.
[This comment has been deleted by an automated system]
Actually I had to let go of an email because Google wouldn’t let me login without giving my number or alternative email
You dont even need google to access your emails for that. You dont even need to be a google user at all, unfortunately.
I think the phone number is easily found by google, by all their users synching their contact list... If you're google and you have 100 people Synching John B. Smith with number 123 in Region A of the world, you're pretty confident that that the person and the phone number are linked.
I do agree that adding some kind of backup option is probably a good idea. For many people, losing their email account would mean being locked out of basically all their online accounts (or, in case the account gets compromised, it would mean that all other online accounts would now be compromised too). The majority of people do not use password managers or 2FA, and I've made the experience that many people simply cannot be convinced to make online security a priority. While I'm also a FOSS and online privacy advocate and use tons of self hosted services for that reason, having some way to regain access to their Google account is almost certainly worth the extra data point that Google gets access to. Especially since the likelihood of them already knowing about your phone number is basically 100% if you are logged in on an Android device.
I used to work in support for a phone manufacturer. I spent more hours than I'd like to know helping people navigate Google account recovery because their only computing device was their phone which they just got replaced under warranty and they don't remember their Google password. The lucky ones had set a recovery phone number and/or email, the unlucky ones were simply at the mercy of the ivory tower that is Google
Then add a recovery email address for your recovery address
Google can close your email account down at any time for any stupid reason they like and their nonexistant support will leave you standing in the rain without access to years of mails. Switch to a paid mailer with actual support ASAP
I once paid for Lavabit email and it was then raided by the NSA/CIA/FBI (Snowden case) and they shut everything down. I lost access to my account and to a 3rd party account that had a considerable amount of money pending withdrawal. I was never able to get the money. Lesson learnt: paying for your email won't save you.
Can confirm.
Google locked me out of my account for not giving them my phone number. Even though I used the correct password. Even though I verified myself through the recovery email, which has been the same for ages. Even though I wasn't using a VPN or connecting from a public network. Even though there was no reason to think my account or credentials were compromised.
They are, in fact, extorting phone numbers from people.
Thankfully, I don't depend on my google account for anything, but I'm still stuck receiving spam forwarded by gmail, because I can't log in to turn off forwarding. (I'll probably have to filter it out at some point.) I honestly hope they just delete my account after some months without a phone number.
If you can't login they will definitely delete the account sooner or later.
They've been sending out notices recently talking about changes to their account inactivity policy saying just that.
[This comment has been deleted by an automated system]
This has nothing to do with compromise,
Clearly.
they just don’t want to deal with this many bot accounts.
Whatever excuse they might have doesn't change the fact that they are extorting phone numbers from people.
So Google will not let me log in to my account unless I provide them my phone number? But at the same time they require a regular log in (at least once a year or every two years), so your account doesn’t get deleted?
I have an old Gmail account, I don’t use anymore, but it’s tied to my name, so I wouldn’t want someone else to use it at some point. I thinks there’s one email client that regularly connects to that account. I hope that will be sufficient to preserve it, but I would not feel comfortable giving them my phone number, when I have no other links to Google services (this may be different, if you use an Android phone anyway).
2 years and it'll be deleted.
I still have a Gmail account but I'm trying better solutions... Maybe my own hosted system. Whether I pay google or a hosting company with open source software is the same money, the latter means privacy
Get your own domain and use migadu.com. The starter plan is $20/year.
For extra privacy get a domain in .de, .be, .fr, or .nl, their registries protect owner data automatically.
If you're also looking for a registrar check out INWX.
You could lose access to your X years of Gmail history with 2FA enabled if you lose your phone.
I wonder if it works in an Android VM. The shittier thing they've done is requiring a non-prepaid number for Overwatch 2, locking out people who can't afford anything else... And some regions as well.
Creating a new Google account isn't even possible without a phone number anymore. I had a new account which I didn't use in a while and it decided I need some old phone number to confirm my log in. There's no way to log in, recover or delete the account. There's no way I'm putting my daily account to that risk by giving them whatever phone number I have now
Have you people never heard of a phone book? Phone numbers aren't sensitive information. If they want to scrape your phone number they can legally and trivially do so through public data sources. Google does plenty of sketchy things around privacy, but this isn't one of them, it's just about security.
Is your mobile phone number in the phone book? Mine isn't. I guess you could use a landline number to prevent giving out information that isn't publicly available, but I'd wager most people using these sites these days use their mobile phones. Also even my landline isn't listed in the phone book.
I still have a landline which I use specifically for entering into websites.
At one point I thought it was a really clever thing to do, but now I'm not sure what I'm accomplishing with that, if anything.
I mostly agree, however setting your phone number includes the verification process. With that, Google knows for near certain that this is indeed your number.
Man I haven't even seen a phone book in at least 10 years. Do they actually still exist?
Ransomware is getting smarter by the day!
Users are getting dumber by the day!! Half the comments in privacy imply users don't know what they are talking about and need to see a therapist
No it doesn't. It means that your email is encrypted and they don't have a way to unlock it. If you don't add recovery info or print out your unlock codes, you will lose access. Just like it says.
2FA is more secure.
Is it really encrypted?
I'm guessing it's only for the account recovery to reset your password which should be hashed.
Is it really encrypted?
Of course not, Google has full access to your e-mails and uses it the whole time.
BuT cOrPoRaTiOnS tRaCk YoUr LoCaTiOn If yOu GiVe ThEm YouR nUmBeR
Like they'd need your phone number to do that when you probably already have a smartphone with Facebook installed
when you probably already have a smartphone with
that was vaguely implied by "smarphone"
Some of us don't install proprietary software..
i was pointing at lay-user of smartphones that don't want to give facebook or google their phone number while they are already spied on by countless companies with Google and Meta among them,
same people probably have pasted some appropriate clause on their facebook
At this point I would say stay away from all Google services.
I even moved away from Gmail. It’s very liberating.
For all valid reasons for moving away from Google services, this just ISN'T one, as other comments already pointed out.
I agree. But just wanted to say that plenty of email service providers do not require a phone number.
Using authenticator for 2FA is also better than SMS.
I'm slowly moving over to Proton and with the integration of SimpleLogin I'm starting to finally feel in control of my inbox.
I have been slowly de-googling my life. I bought a domain, and have my email hosted on no-ip.com for like $15 a year now. Has been working great for the past 8 months. I have switched all my important login accounts to those accounts. I'm still keeping the spammy store logins and such on Google. The only thing worrying me about loosing with my Google account are all my app purchases going back back to the day it existed.
Pirate them
I hate how reliant I've become on my Gmail. My banking, all my accounts, my job, etc.
I think email should be regulated, because of how much of the modern world relies on them and you can get fucked over and locked out super easy, and trying to change the email on some services isn't just hard, it's impossible
Regulation is slow, full of drama, scales poorly, & can result in a legal thicket that teams of lawyers can navigate better than the individuals it's intended to advocate for. Decriminalizing interoperability is faster & can handle most of the small/simple cases, freeing up our community/legislative resources to focus on the most important regulatory needs.
Didn't help me when my account got locked. Had 2fa and all the info they wanted and never got the account back. Fuck google.
Thanks for reminding me to backup my emails locally and forward my gmail to proton, Good guy google.
Your proton account is susceptible to the same problem if your password gets compromised and you don't have a backup access method registered.
Use an authenticator app. No need for phone number.
Using someone else's computer for receiving your mail... That's quite cringe !
thank you for the reminder. I keep needing to do this.
This isn't actually about your phone number.
I got the same message because I do have my phone listed in there, but don't have a recovery email address listed.
With all do respect friend, I'm assuming most of us here that really care about privacy ditched Gmail very early in our privacy journey. I think virtually every policy Google enforces, including phone validation has some element of data collection in mind. We can debate whether providing the phone number is an information grab or a security measure, but I'm fairly certain it's both to some degree. If one cares enough about privacy to post in this community please start looking for a privacy respecting email provider, then start abandoning Google services like the plague at a pace you can tolerate. Don't move too fast on your journey, the inconvenience is rough, but liberating your digital life is priceless one step at a time.