I do agree that adding some kind of backup option is probably a good idea. For many people, losing their email account would mean being locked out of basically all their online accounts (or, in case the account gets compromised, it would mean that all other online accounts would now be compromised too). The majority of people do not use password managers or 2FA, and I’ve made the experience that many people simply cannot be convinced to make online security a priority.
While I’m also a FOSS and online privacy advocate and use tons of self hosted services for that reason, having some way to regain access to their Google account is almost certainly worth the extra data point that Google gets access to. Especially since the likelihood of them already knowing about your phone number is basically 100% if you are logged in on an Android device.
You dont even need google to access your emails for that. You dont even need to be a google user at all, unfortunately.
I think the phone number is easily found by google, by all their users synching their contact list… If you’re google and you have 100 people Synching John B. Smith with number 123 in Region A of the world, you’re pretty confident that that the person and the phone number are linked.
I used to work in support for a phone manufacturer. I spent more hours than I’d like to know helping people navigate Google account recovery because their only computing device was their phone which they just got replaced under warranty and they don’t remember their Google password. The lucky ones had set a recovery phone number and/or email, the unlucky ones were simply at the mercy of the ivory tower that is Google
deleted by creator
I do agree that adding some kind of backup option is probably a good idea. For many people, losing their email account would mean being locked out of basically all their online accounts (or, in case the account gets compromised, it would mean that all other online accounts would now be compromised too). The majority of people do not use password managers or 2FA, and I’ve made the experience that many people simply cannot be convinced to make online security a priority. While I’m also a FOSS and online privacy advocate and use tons of self hosted services for that reason, having some way to regain access to their Google account is almost certainly worth the extra data point that Google gets access to. Especially since the likelihood of them already knowing about your phone number is basically 100% if you are logged in on an Android device.
You dont even need google to access your emails for that. You dont even need to be a google user at all, unfortunately.
I think the phone number is easily found by google, by all their users synching their contact list… If you’re google and you have 100 people Synching John B. Smith with number 123 in Region A of the world, you’re pretty confident that that the person and the phone number are linked.
I used to work in support for a phone manufacturer. I spent more hours than I’d like to know helping people navigate Google account recovery because their only computing device was their phone which they just got replaced under warranty and they don’t remember their Google password. The lucky ones had set a recovery phone number and/or email, the unlucky ones were simply at the mercy of the ivory tower that is Google