> A few days ago, I was prompted to verify my phone number by Google. Immediately after completing the verification, I received an email notifying me that Google had overwritten all my personal information. It turns out that because my mom is the one paying the phone bill, they automatically "verified" the name on my account to be hers and updated everything on my account without my consent.
It sounds like someone at Google (not necessarily a programmer) needs to read "Falsehoods Programmers Believe About Phone Numbers:"
> 4. A phone number uniquely identifies an individual
- Projects under the `google` GitHub organization is from Google itself (Google for some reason force projects from Google employees to be umbrellaed under their own organization for some reason, even if it's a personal project)
- Google follows their own rules (applies to any "Big Tech" company)
- Google actually cares about correcting mistakes unless they hit the news/social media
- YouTube and Google tries to make the experience for you, the consumer (on YouTube: consumer = creators + viewers), as good as they can
They are institutionally incapable of fixing it. Companies like Google are too big for that.
Individual workers and even entire teams don't matter. They are just another cog in a massive machine. Customer service representatives are forced to follow a script, and they are technically unable to deviate from it. After all, if there's an override button, it just takes one of your tens of thousands of minimum-wage workers to go rogue to end up with a massive compromise.
To fix it you need your manager's manager's manager to file a change request, which will be put on an endless backlog to be potentially looked at by two dozen teams a few years from now. And if it's not a frequently-occurring issue, it's not worth the effort. Google isn't going to fix it because as an organization they aren't even aware you exist. You are collateral damage, and they are totally fine with that.
The only way around this is to shortcut the entire process. Post on HN and hope some manager high enough in the policy/tech chain can be bothered to personally agenda the issue.
> It sounds like someone at Google (not necessarily a programmer) needs to read "Falsehoods Programmers Believe About Phone Numbers:"
>> 4. A phone number uniquely identifies an individual
But that has nothing to do with this. The idea here is that whoever is paying the phone bill is the same person who uses the phone. Nobody believes that.
I have an Indian colleague whose dad was in some kind of coma for few months after an accident. He had a real crazy time keeping the house running. His dad's number was attached to all kinds of bills - electricity, gas, milk, water, internet, cable, newspapers etc. Most of the services would send a verification sms to his dad's phone for any kind of interaction. No one knew the password. And it turned into a major nightmare. It wasn't just a question of paying the bills. Lot of these services had to be shutdown or have settings changed temporarily. And each one had a different set of documents/processes required to prove he was a relative.
It is related. The belief that a phone number maps to a single person, the one paying the the phone bill, is a form of belief that a phone number uniquely identifies an individual. The reality is that the number identifies two individuals: the mom paying the bill and the user of the phone.
The rationale of that falsehood¹ addresses that point:
>> It wasn't even that long ago that mobile phones didn't exist, and it was common for an entire household to share one fixed-line telephone number. In some parts of the world, this is still true, and relatives (or even friends) share a single phone number. Many phone services (especially for businesses) allow multiple inbound calls to or outbound calls from the same phone number.
I have some very bad news for you how ID works in countries that don't have national ID systems: companies use all sorts of awful hacks instead.
The UK treats "utility bills" as proof of address. Yes, these are trivially forgeable and often incorrect. Yes, it's a big pain that you don't exist if you're not paying bills.
Lots of us have had to implement changes we've disagreed with or pushed back on, but this one looks so obviously wrong, it's particularly mind boggling.
I'm almost inclined to think maybe the process/tech isn't designed to do this and there's a bug, or somebody tasked with a manual verification made an outright mistake, or something else went off the rails. Any number of this could have gone wrong.
Then I think of the number of sites and services that have started asking for phone numbers, as if they believe doing it over and over will somehow change the nature of telephony--it would probably be a mistake for me to give Google or any of these other companies the benefit of the doubt.
We should stop normalizing giving phone numbers out to companies. If I don't want you to call me, why would I give you my phone number. And on the other side of that coin, why do you want my phone number if you're not planning to call me? It's not an identifier. Just don't do it.
Same with social security numbers. You don't get it unless I expect you to send me a tax-related form at tax time.
And physical addresses while we are at it. If you are shipping me something you need my address, but the fact that this became a mandatory part of authenticating credit card purchases is so invasive and provides practicaly no real security.
Depending on jurisdictions, it may not be about security, but just a regulatory requirement. I need to confirm any transaction made in the bank's app on my phone, so I feel my card is sufficiently secure in that sense. However, businesses here are required to collect my billing information for transactions that do not happen in person and unfortunately address is defined to be a part of that.
That said, I fully agree with you. I see little reason that buying, for example, a video game online needs my billing information more than walking into a store and buying it there, possibly with the same card.
This just reminded me of a quote: "If cash were invented today, it would be illegal." I forget who (first) said it, but it rings true.
> but the fact that this became a mandatory part of authenticating credit card purchases is so invasive and provides practicaly no real security
This is insurance against fraud where the card number is stolen and goods are ordered to a location other than the cardholder address. Which the merchant doesn't want to be liable for. So most places will only ship high value goods (sometimes any goods) to the cardholder address.
The real security is now "enhanced verification", i.e. some sort of second factor and/or password in addition to the card. But this is much more annoying to use.
Every time I sign up for something that requires a phone number it says I already have an account because the previous user of the number signed up. I guess I should take over their Venmo/etc and hope a bank account is still linked.
On the one hand it makes spam more difficult on the other hand it makes breaking into someones most personal accounts way more simple, just have to convince the phone carrier customer support and then you get into the Apple account and all their other passwords.
On the operation side of things,
requiring phone number greatly reduce throwaway accounts and spam. You can't kill all spam, but it is down to a manageable level.
Yes, some legitimate user can't sign up. Depends on what business you are in, and how much budget you put into spam/abuse prevention, this may or may not make sense.
That’s unfortunately the best you can get without a personal identification number. G is doing their best to establish your identity in the context, that actively tries to prevent them from doing so. Solving contradictory requirements will lead to nonsensical situations
Just the other day I was trying to create a new Google account, and was surprised by how much PII it was asking from me. I have a handful of Google accounts, the newest one created I think almost of a decade ago? I don't remember I needed any PII to create them, no phone number, no credit card, etc.
I had something a little similar happen when I listed my Airbnb apartment on Google Maps.
In their infinite wisdom, Maps decided it'd be best to merge my listing with the listing for the building it's in - but also gave me admin rights over the entire building's listing.
Support refused to fathom that I don't want to have any degree of Maps authority over something that does not belong to me (though I could have definitely used this to my advantage for increasing bookings), and their instructions to unsplit/remove myself never worked.
I had a similar experience but I wanted it that way. The listing for my residential society (comprising of 30+ buildings) was being hijacked by Real Estate brokers and internet service providers. I went on a discord server where Google employees were known to hang out and informally help people - they gave me ownership of the listing. This has allowed me to reject updates various businesses in the area try to push every few months.
Google maps hijacking has become a huge issue in my country where scammers update the contact details of local businesses without their knowledge and then scam unsuspecting people calling to place orders or book a stay. The vast majority of business owners don't even know they can / should take ownership of their maps listing.
Over here in Belgium telcos will reuse mobile telephone numbers if the client leaves without transfering the number to a new service.
This results in people getting a new mobile subscription with a number that can not be used to create a new Google account (this number has been used too many times), or e.g. get the Whatsapp account from the previous owner (as you recover the account by a text to the number)
Since the advent of cell phones and free long distance, people tend to keep a single number for longer, but there used to be a trope about getting wrong number calls for someone who had died and had his number recycled.
This really sucks. Why is it so important to know someone's legal name, anyway? If their content is problematic, delete it. If it's not, let them use a pseudonym.
What is the appetite for self-hosting streams? I've worked at a variety of ISP gigs and really don't think the bandwidth cost is that crazy of a blocker. But would any streamers ever WANT to self-host something? I feel like people would love to throw off the shackles of YouTube and Twitch, but are probably less enthused about not having their channel advertised to the platform's users. Things like maintaining your own Stripe account also sucks.
(My angle is charging for software to do this, not making another hosted service. Just don't think there is actually a market. Complaining on Reddit when the bureaucracy of Twitch/YouTube stymies you seems to be 100% effective. But will it always be?)
This really sucks. Why is it so important to know someone's legal name, anyway?
They have to know his legal name, because they are paying him. His core issue is around monetization, caused by the personal info screw up. The "Know Your Customer" laws are a nightmare and are the root of a lot of this kind of horrible bureaucracy.
Do know your customer laws apply to Alphabet? I thought that was for banks. I assume Alphabet needs the info for tax purposes though due to needing to report payments and issue 1099s.
> I feel like people would love to throw off the shackles of YouTube and Twitch, but are probably less enthused about not having their channel advertised to the platform's users. Things like maintaining your own Stripe account also sucks.
I get the impression that's basically it. You've got to go where the audience is. Even Hololive who are big enough to have their own platform haven't attempted to do this. Bureaucracy aside, youtube is also pretty reliable at global scale.
- discoverability is non existing, e.g. being somtimes on the frontpage of twitch does make a difference in how much you earn (through highly varying depending on how niche your content is), similar raids or even the neglected "viewers which watch this stream also watch" corner do help.
- Platform switching cost, a lot of users don't want to use other platforms then what they are already using. Most streamers have discovered that switching platforms will not carry over most users.
- Cross Platform cost, toady a ton of people want things in a app.
- payment systems, paying on twitch for a sub is one thing, but one some random website .. eh. Same but worst for bits, supper chats. With YT/Twitch people have their payment system potentially already setup. So it's just one click. On your website they don't and and might not want to.
- net neutrality not being a thing everywhere cost, i.e. you don't have to pay for bandwidth only once, but many times, including in places you don't even know you have to with consequences being subtle like some viewers streams always struggling etc. Which effectively will cost you viewers and with that money.
- live cross encoding cost, is also easy to underestimate
- software maintenance cost, especially if you aren't a system admin/software engineer this is huge
- reliability cost, if your stream is down to often it will make people leave
because if their content isn't just problematic but criminal "just" deleting it isn't enough
if you "just delete" it and don't allow any effective way for suing the people which uploaded it then it's just a matter of time until you will get sued and held responsible for it
For paying out money it is likely a legal requirement, it sounds like it is advertising revenue this person is cut off from. Google's methods are idiotic here, especially since they seem perfectly willing to share other proof of identity.
My latest protip when the normal procedure isn’t going anywhere is to send your complaint to a big org’s legal department, whether it’s of legal nature or not.
You can at least be assured the letter reader will be literate.
And might even get good support for wherever it ends up because it will be forwarded from the legal department.
This was a bank. Basically an extension of patio11’s advice to contact shareholder relations.
With the software giants, you get the best results by sending your complaint to Hacker News. Your issue will actually be noticed by someone who can help
Not at google, but someone took a plane ride to ask about a $20 billing error in person at a company I worked at. We definitely don't do in person customer support, and the flight must have been more than the billing error, so front desk gently encouraged him to fly back home and make sure someone responded to his ticket.
I sincerely hope (and assume) “make” was a type for “made” there. That the front desk staffer, not the aggrieved customer, “made” somebody respond to the customer’s original ticket.
This looks like something out of the 1937 book How to Win Friends and Influence People and ends with "they prospered together forever and customer would later find the mistake from his side".
It made me disconcertingly furious on behalf of that customer to read your message, which, however you meant it, echoed in my mind as "you have no hope, don't show up in person, don't do anything except accept that BigCo screwed you, the world is unfair and you lost hahahahaha".
We might wish for every customer to muster infinite patience no matter how poorly treated, but when a company behaves as unreasonably as described in this story about YouTube, it's not solely the fault of the customer finally losing their shit when "front desk" turns into "front line".
"Hire armed guards to protect the company from its own customers" is a wonderfully apt summary of the modern tech approach to customer service.
I find it highly unlikely that someone politely asked for help having an issue resolved and it gave the receptionist PTSD and required armed security. I expect you're instead speaking about a situation where someone showed up and acted in a violent/threatening manner, which the post you are replying to did not endorse, which should not be used to justify keeping upstanding people from trying to get support.
> Immediately after completing the verification, I received an email notifying me that Google had overwritten all my personal information. It turns out that because my mom is the one paying the phone bill, they automatically "verified" the name on my account to be hers
How is Google or YT able to determine the subscriber behind a phone number? Caller ID lookup?
That's a service most (all?) post-paid phone numbers provide in the US. It's one of the reasons FB won't (or didn't used to) let you create an account on a lot of the lower-cost cell providers.
Twilio's verification API for instance has this[1] but only for US targets. Though the person in the OP is from the UK. I wonder how many other countries' carriers have non-business caller name lookups.
The other aspect would be if Google were able to cross-reference address book contacts that were obtained from permissions from their apps/services to check what name is most commonly associated with that number.
Is this just caller id? The system supports it but many end users choose not to pay to access it, or don't know how to configure it. Remember it generally is totally unverified.
I ended up being on a bunch of conference calls during COVID, and from what I recall, there was a roughly (it varied significantly between calls) even split between:
* caller ID shows the correct name (but maybe misspelled, though misspellings were more common when the host tried to add/correct information from one of the other types)
* caller ID shows the name of a spouse/parent/sibling (one notable example: husband and wife both joined the call separately, both with the husband's name, but one including the middle initial)
* caller ID shows the name of somebody vaguely involved with the actual person for some reason
* caller ID just shows something generic, like a brand or "wireless caller"
* caller ID fails so just a number
Maybe 1% of users used the app and so didn't have an associated phone number, just a username/email. At some point I was surprised to discover that video calls were in fact supported.
He said the form he was filling up asked for the name and address of the billed phone number. So he provided google with the info and google automatically changed everything to what he has provided without any other proof.
Readit News
It sounds like someone at Google (not necessarily a programmer) needs to read "Falsehoods Programmers Believe About Phone Numbers:"
> 4. A phone number uniquely identifies an individual
What a bureaucratic nightmare.
https://github.com/google/libphonenumber/blob/master/FALSEHO...
- Projects under the `google` GitHub organization is from Google itself (Google for some reason force projects from Google employees to be umbrellaed under their own organization for some reason, even if it's a personal project)
- Google follows their own rules (applies to any "Big Tech" company)
- Google actually cares about correcting mistakes unless they hit the news/social media
- YouTube and Google tries to make the experience for you, the consumer (on YouTube: consumer = creators + viewers), as good as they can
2040: 4 hour ago your body separated from your phone, drink a verification can
Dead Comment
Dead Comment
Maybe the process isn't that great after all.
Individual workers and even entire teams don't matter. They are just another cog in a massive machine. Customer service representatives are forced to follow a script, and they are technically unable to deviate from it. After all, if there's an override button, it just takes one of your tens of thousands of minimum-wage workers to go rogue to end up with a massive compromise.
To fix it you need your manager's manager's manager to file a change request, which will be put on an endless backlog to be potentially looked at by two dozen teams a few years from now. And if it's not a frequently-occurring issue, it's not worth the effort. Google isn't going to fix it because as an organization they aren't even aware you exist. You are collateral damage, and they are totally fine with that.
The only way around this is to shortcut the entire process. Post on HN and hope some manager high enough in the policy/tech chain can be bothered to personally agenda the issue.
>
> > 4. A phone number uniquely identifies an individual
The whiteboard algorithmic interview didn’t prepare nor test for this.
>> 4. A phone number uniquely identifies an individual
But that has nothing to do with this. The idea here is that whoever is paying the phone bill is the same person who uses the phone. Nobody believes that.
>> It wasn't even that long ago that mobile phones didn't exist, and it was common for an entire household to share one fixed-line telephone number. In some parts of the world, this is still true, and relatives (or even friends) share a single phone number. Many phone services (especially for businesses) allow multiple inbound calls to or outbound calls from the same phone number.
----
¹ https://github.com/google/libphonenumber/blob/master/FALSEHO...
The UK treats "utility bills" as proof of address. Yes, these are trivially forgeable and often incorrect. Yes, it's a big pain that you don't exist if you're not paying bills.
Your manager / PM: "Make this change, it's how Google is doing things now."
Yet it's so obviously wrong, but if you push back.. not good for you.
I'm almost inclined to think maybe the process/tech isn't designed to do this and there's a bug, or somebody tasked with a manual verification made an outright mistake, or something else went off the rails. Any number of this could have gone wrong.
Then I think of the number of sites and services that have started asking for phone numbers, as if they believe doing it over and over will somehow change the nature of telephony--it would probably be a mistake for me to give Google or any of these other companies the benefit of the doubt.
Same with social security numbers. You don't get it unless I expect you to send me a tax-related form at tax time.
That said, I fully agree with you. I see little reason that buying, for example, a video game online needs my billing information more than walking into a store and buying it there, possibly with the same card.
This just reminded me of a quote: "If cash were invented today, it would be illegal." I forget who (first) said it, but it rings true.
This is insurance against fraud where the card number is stolen and goods are ordered to a location other than the cardholder address. Which the merchant doesn't want to be liable for. So most places will only ship high value goods (sometimes any goods) to the cardholder address.
The real security is now "enhanced verification", i.e. some sort of second factor and/or password in addition to the card. But this is much more annoying to use.
pjc is correct, this does provide real security; i.e. I cannot steal your card details and use them to order valuable goods sent to my address.
yes, but it's surprisingly cheap (if you now where to ask for it and your operation is large enough)
could have changed a bit after FTC started pushing a bit more against robocalls and for caller verification idk. a year ago??
Deleted Comment
In most other cases i just type some random numbers or use a number generator. SSN is a weird concept that thankfully doesn’t exist in my country.
But yea unless this is a very important service you get 0 of my real data.
I am pretty sure you have something similar in your country.
Yes, some legitimate user can't sign up. Depends on what business you are in, and how much budget you put into spam/abuse prevention, this may or may not make sense.
Not like there's any chance of that happening in the DOGE era, of course.
What happened in these 10 years?
In their infinite wisdom, Maps decided it'd be best to merge my listing with the listing for the building it's in - but also gave me admin rights over the entire building's listing.
Support refused to fathom that I don't want to have any degree of Maps authority over something that does not belong to me (though I could have definitely used this to my advantage for increasing bookings), and their instructions to unsplit/remove myself never worked.
Google maps hijacking has become a huge issue in my country where scammers update the contact details of local businesses without their knowledge and then scam unsuspecting people calling to place orders or book a stay. The vast majority of business owners don't even know they can / should take ownership of their maps listing.
Ummm, got any more details on where I can find that server?
I only managed to get it fixed because I happened to know someone who worked at Google.
I would never trust Google with anything even vaguely important. If something goes wrong, it will be wrong forever.
This results in people getting a new mobile subscription with a number that can not be used to create a new Google account (this number has been used too many times), or e.g. get the Whatsapp account from the previous owner (as you recover the account by a text to the number)
Since the advent of cell phones and free long distance, people tend to keep a single number for longer, but there used to be a trope about getting wrong number calls for someone who had died and had his number recycled.
What is the appetite for self-hosting streams? I've worked at a variety of ISP gigs and really don't think the bandwidth cost is that crazy of a blocker. But would any streamers ever WANT to self-host something? I feel like people would love to throw off the shackles of YouTube and Twitch, but are probably less enthused about not having their channel advertised to the platform's users. Things like maintaining your own Stripe account also sucks.
(My angle is charging for software to do this, not making another hosted service. Just don't think there is actually a market. Complaining on Reddit when the bureaucracy of Twitch/YouTube stymies you seems to be 100% effective. But will it always be?)
They have to know his legal name, because they are paying him. His core issue is around monetization, caused by the personal info screw up. The "Know Your Customer" laws are a nightmare and are the root of a lot of this kind of horrible bureaucracy.
I get the impression that's basically it. You've got to go where the audience is. Even Hololive who are big enough to have their own platform haven't attempted to do this. Bureaucracy aside, youtube is also pretty reliable at global scale.
Problems are:
- discoverability is non existing, e.g. being somtimes on the frontpage of twitch does make a difference in how much you earn (through highly varying depending on how niche your content is), similar raids or even the neglected "viewers which watch this stream also watch" corner do help.
- Platform switching cost, a lot of users don't want to use other platforms then what they are already using. Most streamers have discovered that switching platforms will not carry over most users.
- Cross Platform cost, toady a ton of people want things in a app.
- payment systems, paying on twitch for a sub is one thing, but one some random website .. eh. Same but worst for bits, supper chats. With YT/Twitch people have their payment system potentially already setup. So it's just one click. On your website they don't and and might not want to.
- net neutrality not being a thing everywhere cost, i.e. you don't have to pay for bandwidth only once, but many times, including in places you don't even know you have to with consequences being subtle like some viewers streams always struggling etc. Which effectively will cost you viewers and with that money.
- live cross encoding cost, is also easy to underestimate
- software maintenance cost, especially if you aren't a system admin/software engineer this is huge
- reliability cost, if your stream is down to often it will make people leave
if you "just delete" it and don't allow any effective way for suing the people which uploaded it then it's just a matter of time until you will get sued and held responsible for it
You can at least be assured the letter reader will be literate.
And might even get good support for wherever it ends up because it will be forwarded from the legal department.
This was a bank. Basically an extension of patio11’s advice to contact shareholder relations.
Don't do this.
We might wish for every customer to muster infinite patience no matter how poorly treated, but when a company behaves as unreasonably as described in this story about YouTube, it's not solely the fault of the customer finally losing their shit when "front desk" turns into "front line".
"Hire armed guards to protect the company from its own customers" is a wonderfully apt summary of the modern tech approach to customer service.
How is Google or YT able to determine the subscriber behind a phone number? Caller ID lookup?
The other aspect would be if Google were able to cross-reference address book contacts that were obtained from permissions from their apps/services to check what name is most commonly associated with that number.
[1] https://www.twilio.com/docs/lookup/v2-api/caller-name
I ended up being on a bunch of conference calls during COVID, and from what I recall, there was a roughly (it varied significantly between calls) even split between:
* caller ID shows the correct name (but maybe misspelled, though misspellings were more common when the host tried to add/correct information from one of the other types)
* caller ID shows the name of a spouse/parent/sibling (one notable example: husband and wife both joined the call separately, both with the husband's name, but one including the middle initial)
* caller ID shows the name of somebody vaguely involved with the actual person for some reason
* caller ID just shows something generic, like a brand or "wireless caller"
* caller ID fails so just a number
Maybe 1% of users used the app and so didn't have an associated phone number, just a username/email. At some point I was surprised to discover that video calls were in fact supported.