Great letter. Wanna bet it was completely ignored? Glad to see it here. Maybe it won't be ignored.
Librarians rock. There's even a show about them[0], Starring Number One.
I can't access the gMail account I set up, because I made a mistake, when setting the password, and did not save the one I used.
It will not allow me to access the account I set up.
After a while, I just gave up. I am satisfied that someone can't use my gMail address to impersonate me (because even I can't get it). I have plenty of other eMail accounts.
"""
STOP EMAILING ME AND CALLING THE LIBRARY ABOUT THIS
This was shared without my permission. This was not supposed to be public. It was meant to be shared internally to Google. It was not an open letter. It went directly to the security team and we had a conversation about it and it’s over. This is from well over a year ago and we no longer are having this issue as often as before due to various improvements.
Please delete this from HN. You are essentially DDOS’ing my work email and the library branch phone number making it very difficult for us to perform our duties as civil servants today.
I do not know how this made it onto HN. Someone must have leaked it. If they need to work that out internally then I’m leaving this here for their reference. But I do not want news reporters or random HN readers contacting me or the Free Library over this.
"""
Seems like it was not ignored and was already resolved.
> we no longer are having this issue as often as before due to various improvements.
Doesn't sound like it was completely resolved. In fact, it sounds like Google may have treated it as a "squeaky wheel," and only that library is getting better help.
In any case, I think that HN (@dang) should honor her request; regardless of its resolution.
I would suggest that the letter is great, and should be made more available, sans the identifying information.
I'd suggest someone try and get her permission to host an anonymized version of the page, on a different server that could handle the lurve.
So does 1Password. However, the generator can be run standalone (not connected with an entry). In that case, the password is not saved, because there's no entry to save it to.
It does not offer to automatically create an entry, until after the login, so it's still quite possible to "fall through the cracks," which is what happened here.
This comment is sort of funny, because the author says that Google is being responsive but is upset at the army of HN commenters (plus the guy who posted this originally.)
The letter was subsequently updated to say that the situation has improved and in fact the author is currently looking to get less attention (apparently it was posted to HN without their knowledge and now their work email is getting a ton of non-helpful noise from hackernews commenters). So it would probably be better to not tweet about this.
It's important to understand that Google is, as an organizational body, psychopathic in nature. (Many corporations are, but Google especially, through well-indoctrinated concepts like being solely data-driven and putting scale first, combined with a belief that Google hires the best people and hence is already doing the best possible thing.)
Google does not care. You cannot make Google care. Employees who care get fired, or burn out trying to make the company care, and inevitably quit. Google is Google, and the only thing that's going to make it change is regulation.
This is an extremely bleak perspective. Individuals care, but most are powerless to make a difference if they don't work in the area of concern. It's often a knowledge sharing game of making sure the right people hear about it which can be hard. They are intentionally shielded from direct feedback to keep them focused, but that is a double edged sword. I honestly believe the reason viral stories get resolved is because the information gets to the right people, not because of a desire to avoid bad PR. Google is a collection of largely independent tiny organizations.
Information/signal propagation (along with costs incurred by remedial activity) are the most important damn topic in our society today.
Almost every problem out there at some level is an info prop problem, and in cases where it isn't the signal getting lost, it's the remediatory activity being judged as too expensive, and thereby getting the process routed to /dev/null
It’s indicative of structural limitation and is not necessarily any reflection on the innate humanity or lack thereof of participants in Google.
Google has designed itself to be psychopathic from a human frame of reference because it is more streamlined (profitable) to be psychopathic. It is a product of its environment.
About a decade ago, a broken iPhone caused me to experience how bad Google's MFA reset process was — there were multiple _years_ where the “hard landing” form triggered a flow which sent an email to an internal mailbox which didn't exist! — and while I was able to use printed backup codes after I returned home the experience left me concerned enough that I went to one of their identity group's public meetings here in DC.
One of the things which I was struck by was how unseriously they appeared to view their role in modern life. People were generally very casual about the need and were especially uninterested in anything which required them to work with outside parties.
My suggestion was that they consider a protocol where trusted civic authorities could be allowed to confirm someone's identity, which sounds like it would be useful for this case: let the person initiate a mediated reset flow where someone like a librarian, police officer, etc. could authenticate in their official capacity and check a box saying that they've confirmed the photo ID for the person standing in front of them. Most of the benefits from MFA are preventing things like phishing attacks which are also stymied by limiting it to people in your geographic area, although you might want to disable this for high-risk people enrolled in Google's Advanced Protection Program.
They'll need to be resistant to threats and bribes, so it will be difficult to have these on-site at the library.
I think we've overlooked an option. Note that the article's objection to FIDO keys was financial, not UX. This sort of confirms the hunch I got when first playing with them: "hey, the key metaphor is so strong and intuitive that these might be even better than passwords for people with low tech literacy." I held off on saying anything until their compatibility actually lived up to the hype, which IIRC only happened in 2020 (all major browsers, all major platforms, by default), but it did happen.
As for the financial barrier, yeah, it's wild that these are still $30/ea on Amazon. Can they be bought cheap in bulk? Or does the market need some aggressive new entrants? In any case, they are "near practical" and the shove needed to make them "very practical" is probably 100x smaller than, say, creating a Central Bureau of A12N.
It is not uncommon for unhoused people to lose all their possessions, so even if purchasing multiple hardware security keys wasn't a huge financial hurdle, the recovery model I use (Yubikey on my keychain, two in my safe, mail one to my parents) falls apart for those on the margins of society. If email is an essential service in modern society, recovering access to it from some first principle of identity is essential. I don't have an easy answer for how to do that, but I also don't have a trillion dollar market cap.
That's true, we still need a good last-ditch fallback. FIDO could still save a lot of people from the hard login screen, the phone number gotcha, and the need to become literate in information-keys. Last-ditch fallback becomes a lot more viable at any given expenditure level if it doesn't have to serve as the primary authentication mechanism for half of the library's elders.
The CEO of Fastmail, a company which deals directly with the ID problem as an email provider with customer service, has made some insightful comments on this:
> They'll need to be resistant to threats and bribes, so it will be difficult to have these on-site at the library.
That's why I mentioned things like APP: some people do have a threat model where that's realistic but it's a much smaller number than the people who are inconvenienced by being locked out so it seems like it'd be a net-win for most people to be able to get unlocked easily. There are also ways to mitigate some of that risk like having notifications for all actions with an easy way to report unapproved requests, geographic restrictions, enforced MFA for the civil servant (“tap your FIDO token to approve this request”), rate-limiting, etc. which are all bread-and-butter tasks for one of the major tech companies.
The other thing I think is relevant here is the degree to which things fall back on civic authorities anyway — e.g. Facebook's process where they require scans of your government ID or the various ways you can report a deceased relative. It seems to me like it'd be better to embrace that and work better together rather than pretending there isn't already a fairly large trust relationship.
How about: the library gets a few Yubikeys and offers to let people register their accounts with them as backup? So, if they get into trouble they can ask the library to unlock their account for them?
This essentially grants the librarian what they think they should be able to do.
But the next step would be to figure out how to reduce the risk that this system can be abused.
I think something like this could work iff the accounts were required to be set up by said civic authorities with confirmable paperwork. Otherwise, librarians are stuck awkwardly trying to decide if 'John Doe' really owns the email account 'ILoveButts64@gmail.com'.
I also doubt this will ever happen since it would require more $$$ for things that are not profit generating and supports a population that is useless from the tech companies' POV.
Or now that I think about it… for 2FA in particular, what about enrolling a software FIDO token with an extension on every library computer that can be triggered by a librarian from their desk? Doesn’t require hardware for each patron, only applies to accounts that have been enrolled at the library. Feels like it could work.
I think it would be fine for the library to have/be the 2ND FACTOR and the user would still need their password. Being at a physical location seems like a reasonable 2FA (more reasonable than a phone in these cases).
Could the library buy a few FIDO tokens, hot glue them into the backs of the computers, users add them as 2fa to their accounts and now the computer being wiped between users is no longer an obstacle?
- Users would only be able to use the exact same computer each time. If it’s out of order, too bad
- Users wouldn’t have unique tokens between each other, so there’s a risk of other library patrons shoulder surfing and then logging in with the same token after you
And given that a lot of the staff working those desks aren't librarians + are working part time, it's also great incentive for bad actors to get jobs in libraries specifically to start stealing that data.
That seems like a movie plot threat: who’s going to go to library school, pass a background check (government job, access to children), and actually do a job which isn’t easy and doesn’t pay anywhere near enough just in the hopes that someone will walk in the door with enough money to be worth scamming in a manner which is both obvious and easily traced to them?
I can see some value in it for scammers, hackers, and businesses that pray on the poor. (For example the 'buy now, pay later' Aaron's Rent-A-Center type businesses).
If this were discovered the library as their employer would necessarily have sufficient personal information to prosecute them. That’s a lot more risk than your typical online scammer has.
Agreed — I was thinking something along the lines of allowing you to register a government ID on your account so the process would be something like the librarian starting an assisted reset process, confirming that the ID you present matches what's on file, etc. and people with strong privacy concerns could choose to take the risk of not doing that.
It’s an absolutely catastrophic experience, that they clearly don’t take seriously.
Regulation solves this. I hate to say that, as so much of tech regulation is a ham-fisted disaster that misunderstands the problem and creates even bigger ones, but this is really a very serious problem that can ruin lives, and regulators really should step in here.
I’ve known a couple of people who have been through this experience, and one in particular who not only couldn’t get back in to their account - but had no way of knowing if someone else was able to get in to the account later. They’ll never know. It will never be possible to know. The kicker is that they could never have their data deleted due to the same problem. And no amount of help or time spent with chat support ever changed anything.
We already have that structure. It's called "court". And if you think it's not working well, I would agree with you. But neither will the other bureaucracy you are proposing, because neither really care about any of low income people who can't even pay for the phone service.
But let's put aside the efficacy of said institution, and presume it's working very well. They got call from some Joe. He claims that certain email address belongs to him, but can't prove it. Forgot password, no access to phone. What this customer service of yours going to do? Let's imagine they can order Google to give the guy access to account. Is that a right thing to do? What if that email belongs to a journalist or a whistleblower and you just gave access to it to a Russian intelligence? Remember, benefits are one thing, but it's not the only thing for which email is used.
And if it really comes down to this, why is Google under obligation to provide emails for government use? Government can provide email access to everyone who needs it. If they require email in order to access benefits, well go ahead and set up necessary infrastructure. Why Google had to do it? Google provides service on as-is basis. If that service level is unacceptable for government use, well newsflash: it's not the only provider.
If you have an Android phone, your e-mail is on Gmail. It doesn't need to be, but it is, because you didn't know that when you were funnelled into the e-mail when you set up the account and oops now that you're locked out ten years later it's too late to make a choice.
That's why I proposed linking to existing services: Google doesn't want to open an office in Podunk, but they could very plausibly setup a way to allow agencies like DMVs, libraries, maybe the VA or post office, notaries, etc. to use some kind of “I attest that person X showed me photo ID matching the information on account Y” web app. This could be really useful paired with things like senior centers whose residents are far more likely to need help.
Not necessarily. The margin is really high on Google services even though they are free.
I don’t know Google well enough to know what they would need to do to offer non-shitty service. Maybe they show more ads.
I also think they could automate good service if they wanted to, but it’s not a priority and they aren’t required. I used financial services before and after CFPB and I don’t remember price increases on my bank accounts. So perhaps something similar would apply here.
I write software at a fintech, and the CFPB regulations are super important for protecting the customer. They also give important guidance on how the customer needs to be taken care of, which is important for a company that wants to do the right thing but doesn't have expertise in customer service.
I really don’t understand how regulation makes it better? you can simply write down codes if you want a way of recovering a gmail account. Most users don’t do this because they’re not educated and they don’t understand opsec. If a government agency had the power to recover any account, it would be abused by corrupt government officials.
Remember scale when thinking of potential solutions here! it’s not just the US that would be affected by this as well. The reality is that google does a better job at identity any than US government institution (ssn, drivers license). How many people have their identity stolen versus having their 2fa protected gmail account stolen?
As far as support, how would it be better if support gave you access to an email account if you complained enough? please consider the abuse side before you suggest a solution.
Backup codes wouldn’t help here, and the person I was referring to had their 2FA to hand.
Forgetting a password is unrecoverable on gmail - they even had recovery options on the account (secondary email and phone), but the recovery form never asked for that information so it could never be used (it insisted on the previous password). As no member of staff has access to prompt the system to offer a different one of the specified recovery options, the account is permanently frozen to this user (but not potentially to an attacker in the future, assuming that other information could be obtained somehow).
Helping the elderly is hard, but Google’s system is horrifically dangerous to people in ways even Google aren’t aware of.
This was an elderly gentleman, not well versed in computers, but all the savviness in the world couldn’t have helped him. He was forced to just walk away and hope for the best. Holiday snaps, photos of grandkids, personal files - all permanently retained by Google but locked out of his reach forever.
Library op-sec is pretty weak IME. Mine accepted seeing an email of a utility bill on my phone. Which is probably fine for just checking out books.
I still love libraries and the services they provide. But wouldn't want them to be an arbiter of identity any more than a faceless, human hostile corporation.
I wonder if that's deliberate. My bank also accepted an email utility bill but they said they only ask for the utility bill to prove that you didn't make a careless mistake when entering your address.
> Mine accepted seeing an email of a utility bill on my phone. Which is probably fine for just checking out books.
I mean, I just got my `REAL ID` from California, and they accepted printed utility bills as proof of address for me. I could have easily modified the name and/or address on them before printing.
The other proof of identity I used was my birth certificate... that I was able to just order online with the only information required from me was my social security number and answering a few questions that would not be that hard to find out about someone.
Proving identity in a way that works for everyone while not allowing anyone to fake it is practically impossible.
It's supposed to be easy to get a library card! The threat of an out-of-towner getting a local library card is nothing like a stranger getting access to your inbox.
So we have come full circle: starting from a call for help from a librarian seeing lots of people unable to access their accounts because of 2FA, we have proposed various methods of avoiding that, and then concluded that it's better if 100 people are locked out of their own accounts rather than letting one unauthorized person access an account that isn't theirs? I guess that's Google's position as well, because if they let someone unauthorized log in they might be liable, whereas if they lock 100 people out they can say it's their fault...
No, I'm saying those situations aren't comparable. We should not conclude librarians will be poor stewards of MFA reset powers just because they are lax in giving out library cards.
In EU (Italy) there is eIDAS (SPID) that could allow this. It is essentially a national SSO.
Today it requires almost always a Android/iOS phone AFAIK, but it could easily be massaged to solve this problem.
The system is set up so that your account is owned by the state, and you can register with documents to providers; then after certification they run the actual SSO process.
A library provider could set up a computer that automatically passes the SSO login for your national account after certificating your identity.
Honestly this feels a bit too open to social engineering attacks, but probably there is a good middle ground.
I agree with your suggestion. I think Post Offices, DMVs, and large reputable retailers (Walmart, Target, Cellular Phone companies, etc.) could verify our identities for a small fee and help us reset our social accounts when needed. I arrived at the same conclusion and wrote a blog post about it a few years ago:
Well, good old Yahoo Mail does that. Time and time again it tries to convince me to set up 2FA (for an account I use rarely), and time and time again I say "No" - and that's it! The library patrons would probably be very happy with that...
I distinctly remember lynching from HN security crowd when SIM cards were being unlocked and moved to new people from "trusted companies" like Verizon and AT&T.
HN demanded for such security holes to be disabled and prevented - what changed since then?
What changes is that there are different needs from different segments of the world, and we have reached a problem (authentication in general) that is truly impossible to solve with our current toolset.
For me, the larger threat is that someone impersonates me and takes everything I have. If I lost my email, it would be a nightmare but I could work around significant portions of the system. For my cousin, the larger threat is losing her email, as she has no significant assets to steal but could run into every problem in the email.
There are likely people in the middle as well, and other threat vectors. (For example: caregivers committing fraud, dementia, state actors, and 20 other we could brainstorm pretty quickly.) Perhaps the right answer is that we need 20 different services that can segment. Perhaps the problem is that some sectors aren't profitable: maybe we need a grant for emails for poor people with a circle of trust.
I don't have answers. Maybe we need a collection of people to think deeply about this problem.
What changed is that we're starting to learn about the breadth of needs by people with different lives and opportunity sets, and feel at least a desire to talk through potential solutions for a subset of people who opt into it.
If the worst thing that people could commit in this discussion is hypocrisy, I'm sure they're willing to step over that line.
Walmart may be a reputable retailer, but it is utterly disreputable in being a reliable arbiter of identity. It doesn't train its employees well, its employees are often not the brightest bolts an the box, and those that are often don't give a shit.
As for post offices, they aren't eligible because half the government is actively trying to kill them.
Why would Google want to do this? Current 2FA suits its role perfectly: it prevents a large scale leak, one that would result in bad PR. There is no incentive for Google to care for individual users.
The government is slowly figuring out digital ID and will show up to regulate it.
Identity is too critical a business for services companies like Google to walk away from. It’s stupid, because once the camel gets it’s nose in the tent, it will cost them more.
a protocol where trusted civic authorities could be allowed to confirm someone's identity
This is already a solved problem, and without getting the government involved.
There are plenty of identification confirmation companies out there. If you've ever requested your credit report, or applied for a new apartment online, you've probably interacted with one.
Oh, but that's an expense. It might costs pennies per user! Google doesn't do expenses. It would rather spend money on rooms full of toys and gourmet catering than on helping people use its own products.
A credit report on John Doe doesn't prove that I'm John Doe, it only tells you whether or not John Doe is likely to pay his bills on time.
This thread, in general, is a great example of engineer hubris. It looks at a complicated problem, and all the top discussion sub-threads are highly up-voted non-solutions to it.
That doesn't show that you're that person, however, only that you've learned some trivia about them — often details which are visible on Facebook, pilferable from their mail, or known to no longer trustwothy family members & friends. My hope would be that we could find a way to reliably fall back on a government ID check since, for example, an abusive ex who knows all of those details doesn't look like their target.
In this situation, maybe one thing that could help is if the library holds on to the backup codes for patrons. So they can sort of act as a quasi trusted authority. In fact if these people can't even log in without backup codes, they can just keep their password in their wallet.
Of course, yubikeys also work very well in this situation. So the library could sell a yubikey and keep backup codes on file for in case the yubikey is lost.
Or since you can store so many identities on an individual yubikey, just give the librarians one.
- Library is a Group Administrator for patrons' Google accounts.
- Library offers its own email services to patrons.
- Library holds recovery codes (perferably under some sort of escrow).
All of these put burden on the library, of course. Though there's already a substantial burden.
There's also the issue of itenerant / mobile patrons who may only be using a library on a temporary basis or operate between several locations. How much this is a use pattern I've no idea.
The USPS offering email services might be yet another option. Points of presence in every ZIP code, often several.
Given other ongoing challenges (housing is now a full-blown crisis), the problem of mobile / indigent / precarious indivudal will only grow.
The pattern is also likely to be repeated in other global regions.
It sounds nice. if everyone plays nice. Slip some underpaid gov worker a 50 and suddenly you are someone else. There would need to be abuse provisions put in place. Then a whole org around that too. Not saying it can not be done, but it looks like to me is Google has a poor customer service issue, even if not true. Roping our govs into doing googles customer service seems odd.
It's a real concern, but how is this different from the current ink & paper scenario? I know people who use county notaries to keep important documents and we, as a society, have apparently deemed that an acceptable risk. Is the distinction the potential scope and scale of digital theft?
Perhaps the solution is for libraries or local authorities to setup their own email providers. An email address “for life” with your library card, with the necessary support and in-person reset verification that their patrons need. I’m not suggesting this would be an easy or inexpensive undertaking, but maybe that’s just the next step in service evolution for a public information service like a library group.
i absolutely think this is the next step. we're at a point now where it's becoming obvious to even a layperson that we really are lacking a lot of agency over our lives, which has been given over to big tech companies to arbitrate. i also think it could be a way away from the monopoly of facebook over our social lives, to have e.g. library servers which run a local instance of mastodon, for local people, to be connected to the actual community they're in. the only way to reverse suppression of small email providers is to make it more common for people to /use/ small email providers - which happens if it's more common for email addresses to be administered by someone you actually, physically know. for that to be the trust relationship with the system administrator, rather than blindly accepting every new privacy policy just because it feels like there's no other option. the more i research this topic, the more this feels like the only sustainable way out of the dystopian hellhole described in her letter.
I'll extend off of your great commentary and suggest that the letter/small correspondence delivery portion of the USPS (not the parcel/package delivery segment) should be collaborating with U.S. libraries to establish more digital infrastructure for citizens; especially those who lack what others might consider the digital basics. This could include free/low cost email, local instances of ActivityPub servers, matrix (or other secure, but open source equivalent) chat services, etc. I understand this would open up many issues, and not an easy fix...but if more and more things are truly becoming more digitized, then government (and government-adjacent) services should not just evolve, but also help the citizenry evolve to take advantage of said services. At that point, i can imagine a scenario where if such a free/low cost email service were available, the likes of google and microsoft could not block digital correspondence since there would be at least some regulatory framework/policy in place to avoid such issues. Again, none of this is easy, but i feel the path forward can still leverage gov. entities - like libraris and USPS - that have greatly helped citizens in the past throughout our history.
This isn't necessarily a "from a small provider" but rather "administered by the library."
It could be any email service that allows the librarian-administer to reset the password for an account. If I mess up my exchange email, the helpdesk can verify my identity and reset my password.
I suspect that most going down this approach would find it easier to use a large hosting service that they provision and administer (along with allowing password resets) than to try to have an underfunded library IT staff stand up an arbitrarily large email service and manage all parts of it.
They (libraries) could even set it up using Google Workspace, or any other email service provider like FastMail, Outlook, etc. Maybe companies could add a super inexpensive plan for public service providers like libraries to enable this sort of account for which librarians could do password resets, unlocks, etc. Maybe charge for the # of administrators only?
I fully sympathize with the librarian's concerns, but there's this:
"Many government welfare forms, housing applications, and jobs applications these days require the use of the internet exclusively with no option to fill things out in person."
Why is this? Really, this does not seem like a problem Google caused, but rather a problem caused by the government when they made it mandatory to have internet access to get the benefits they should get. Would they have made it mandatory to call them on the phone, back when phone access was not yet universal? If they had, would AT&T have been at fault?
The government caused this problem.
I'm all in favor of finding a non-government solution (charity sponsored by HN people to get people Yubikey or equivalent, maybe). But this is not really a problem caused by Google, and if these people were having their benefits scammed away from them because their email accounts were hacked, people would be excoriating them for not instituting 2FA.
but what would Google do, how is it possible to fix? What's the point of having 2FA using the phone if you can bypass it by clicking "i don't have my phone"?
The "I don't have my phone" button only showing options that require a phone is a Catch-22 nightmare. They should remove that workflow, which is effectively just mocking the user, and instead emphasize recovery codes much more. These are free and would solve many of the problems in this letter, if only people knew and were heavily pushed to print them beforehand.
Yeah. Because I'm a nerd and basically understand how MFA works and how I should prepare for the day my MFA device goes kaput, I saved my backup codes.
For most people, that's too hard. The elderly, marginally educated people being served by the library or in other contexts just don't understand how things work to the degree that they might appreciate backup codes or their importance. They just don't get it. Backup codes are like this noise in the way of account signup.
Ever tried to get friends and family to start using PGP? A password manager?
The technical solutions that are practical already exist, as you've pointed out; and the technical solutions that seem like they're lacking (enrolling a new device without MFA-ing in) are lacking for a reason--they're security holes. You can't say "this email account is super important and access to it unlocks important things in someone's life" and also "account recovery must be as easy as claiming you lost your phone, and you don't have to know any pre-shared or pre-generated secret".
I also don't know what the solution is. Trusted intermediaries (librarians? social workers? police? social security office people?) introduce all kinds of other attack vectors. Elsewhere folks are pointing out that the mistake was probably to rely on email for all of this super important messaging and your account recovery workflow for every system other than email, but that's a society-wide problem that you probably couldn't have controlled in the first place and definitely can't now.
The best you can probably do is aggressively prompt people to prepare for account recovery prospectively, maybe by identifying a trusted intermediary and/or verifying that they have backup codes.
When i lost my phone and was locked out of 2fa, most services required a picture of me, with my ID, my face and a letter showing the date all in the same picture.
They would use photo ID the same way everyone else does. Compare the photo on the ID to the picture the person provides; which is why it needs todays date in the photo.
All that proves is that there is a person who matches the photo on their ID? It doesn’t prove it is the account owner unless the ID and personal information is stored with google ahead of time. And now you have people upset about google asking people for id to sign up, like their children for a school account and other people like me upset that my account was phished. I don’t think they even have my real birthday on my account, at least I don’t remember being required to share it.
well what every other service relying on OTP or YubiKey for 2FA (not that SMS bullcrap) has ever did: recovery codes you write down somewhere. it can even be as simple as writing them down on the library card carried in the wallet.
One of the issues they mention is that that a person needed paystubs to send in to the government as documentation for their subsidized housing. Even if the government has nice paper options as a backup (around here they usually do, at least) the person will still need to get into their email. Google didn't create the problem, but unfortunately an eMail address has become a centralized point of communication for lots of things.
We probably need some sort of state-sponsored digital inbox for these kinds of documents. The thing that makes Google useful -- that it is a "reasonably" secure location to stash documents -- also makes it really easy to get locked out. There are recovery options, but it isn't obvious how a system could be secure while still allowing recovery for a user who elects to not set any recovery options up.
Perhaps the government could do a better job (at least they have things like social security cards and birth certificates, and have been dealing with the last resort case where these aren't available for longer than any of us have been alive). They also aren't constrained by things like a need to make a profit, and they don't even really need us to be able to communicate out from this inbox, it could be just a one-way channel for the reception of documents, which would avoid some annoying issues ala people using their gmails to harass others.
I agree - this is a really bad situation for people, and I'm glad that she's publicizing the issue, but it might be that a free email service from a corporation isn't ever going to serve as a robust enough way to provide essential government services to people. In a perfect (ly funded) world, people might be better served by email accounts from the post office, or even the library.
The HN community caused this problem. I precisely remember about 10 years ago on HN I'd see obnoxious articles with thousands of upvotes hyping crap like "we disrupted the goverment" and "we saved a lot of paper by providing a webshit interface to government institutes" and "we replaced non-working COBOL crap with new JS crap it's so much better". And of course they followed suit with "security best practices" such as having a hidden security policy (that an attacker can easily find out) and "advanced risk model", which is something 99% of websites get wrong despite that they all regurgitate the standard "we have a complex risk model, you do not know what you're talking about". What we have now is absolutely, literally what my expected outcome was for this movement, at the time, 10 years ago.
It isn't just government forms, it is also private companies, employers, landlords, and even out-of-touch charities that are run by people who are used to having 24/7 access to reliable internet.
Google is still a huge part of the problem for requiring all kinds of acrobatics to log into their service which you are forced to use due to the fact that it's one of the only free email providers, the fact that email is pointlessly required to use most websites, and the fact that a huge amount of websites only allow gmail and a few other hosts (yes, there are also other stupid websites that go the other way around and block gmail, yahoo, etc). Government is at fault for not using their billions of dollars to create a simple _modern_ protocol to transfer information. Using web for banking or tax purposes should be illegal just as it would be to use a kids toy radio in the military.
> a huge amount of websites only allow gmail and a few other hosts
Is that actually true? I’ve never seen a single site that didn’t allow me to log in with a ‘regular’ email address, even if they pushed Log in with Google first
> Really, this does not seem like a problem Google caused,
The problem is 2FA. 2FA causes people to get locked out of their accounts. Google mail requires 2FA, the government does not. If Google turns off 2FA requirement, the problem in the letter goes away. But they won't.
Google is the cause of the problem, and can easily solve it.
Google didn't introduce 2FA for no reason. While Google does lots of things for reasons I don't like, 2FA was most definitely introduced for valid reasons, which could easily result in a problem as bad (or worse) than the one the librarian is discussing.
The IRS recently had a problem with people using their online access tools to get other people's refund. Insufficient security on authentication can easily be as bad or worse than 2FA.
I've been saying for a while now that the big tech companies have a strong desire to embed themselves into all our lives, and become a central part of our lives: but the all seem to forget that "with great power comes great responsibility" and none of them want to provide the level of support required to prevent people losing everything important in their life due to a stupid technical problem.
It's well overdue time they realised that if you want to be the sole way people communicate with each other, pay their bills, communicate with the government, and hold cherished memories, that they have a strong responsibility to provide a very strong level of support to prevent people from losing their entire online identity - and thus their entire offline identity as well.
Its interesting how wrong they are when dealing with the daily lives of the lower class or people who don't have a big voice. There's no ROI in helping an elderly person maintain their dignity nor cancelling a couple of Native American accounts because their names don't seem correct to them.
What really bugs me is that the employees of the Google seem to have their own political agenda, but none of that includes the people the company is actually ill serving. I guess that's just not cool or edgy. Its the company they work for that has become a tyrant.
PSA: If you are low-income, or you know low income people who do not have internet at home, you should check out ACP, the Affordable Connectivity Program[0].
It is a federal program that provides up to $30/month, paid directly to your ISP so that they can take that amount off your bill. I work for an ISP[1] that offers a $30/month, 200Mbps plan which is free when using ACP (we don't even take your credit card). Most ISPs now have an ACP section of their web site if you search for it.
Having worked extensively on implementing this program at my company, I have seen exactly what this librarian is talking about. The people who need programs like ACP are also disproportionately people who have low tech literacy, and often poor literacy/education in general, and the existing systems don't work for them. I wrote about that recently in another thread[2].
When a customer is locked out of their ACP account, luckily the ACP support line is able to reset their password over the phone. But it's not always an easy process. Often, we need to have multiple, in-person meetings with these customers in order to get pictures of their ID, and often ACP will not do anything to an account unless the customer is physically on the phone or in person with us asking them to.
If our customers could always get access to their Gmail, it wouldn't be nearly as big of an issue. They could reset their password the way you'd expect. But as the article is pointing out, if you're locked out of your Gmail there is absolutely no way in.
It's really striking just how much work it is to be poor. Google needs to fix this, and remove one more barrier to people who need to use email with government services.
This is one of those situations that make it incredibly clear that even Google, with all its resources, never considers the use case or life experience of anyone besides a wealthy Bay Area tech worker when designing their products. I can't help but wonder how this blind spot got so big - and why they still don't address things like this even with all the user testing & A/B trials they do for ruthless optimization. Is it just because usability has no correlation with profit, and so the feedback loop is broken?
This blind spot got so big because the vast majority of wealthy Bay Area tech workers have never been poor or homeless. It is difficult for those that have never lived in poverty to understand the struggles that it brings. Just look at his thread, see how many people fail to comprehend that if someone is using the library computers they aren't going to be able to afford a $25 key-chain verifier.
Yes. The overwhelming majority of people that I worked with in SV had never been poor, never been homeless, never worked a fast food or customer facing retail job, and never lacked support from family or some kind of extended network.
They were accustomed to lightning fast internet on Macbooks and constant technological churn. Unfortunately for these exceptional people, poverty is logic resistant and nearly impossible to understand second-hand.
There's a strong right-wing libertarian element among tech workers, particularly the near-retirement-age ones and the ones fresh out of school. Their logic is that poor people are poor because they didn't stay in school or were lazy or stupid, and thus aren't deserving of services and support.
The tech scene's obsession with meritocracy is an extension of this.
> It is difficult for those that have never lived in poverty to understand the struggles that it brings.
I think this is giving too big of a pass to wealthy people. If wealthy people put in the effort, it isn't hard to understand the struggles that living in poverty bring. I think a better way of putting it is "It is very easy for those that have never lived in poverty to not consider the struggles that it brings". There is no difficulty in understanding, it is just easier to not every try to understand, so many wealthy people don't. It is a choice, though.
So how does your company handle these cases while defending against social engineering attacks to steal all private data?
The security wisdom I've always seen was to use 2FA and prevent other attempts at authentication, but if Google is evil for doing this security... what's the answer?
I get the impression Apple stores handle this reasonably well (though you lose data after a last-ditch password reset if and only if that data is unavailable to law enforcement warrants).
Anyway, I think the the common case is that most data is recoverable with an ID or whatever they require. FWIW, searching HN for: “locked out of icloud” doesn’t produce much.
The silent majority of us in the tech world knew (and know) that 2fa is a mess, will always be a mess, but for whatever reason the security-obsessed people have taken over the industry in the last few years and here we are, elderly people actually:
> losing their welfare benefits, their housing, and struggle to find work.
because of technical decisions centered on security.
I'm not sure what would be the best way forward, for the moment I'm in the "less tech is the best" camp, especially when it comes to interactions between citizens and the State, probably that tendency will only grow.
More like “incompetent, self-proclaimed security experts.” The three pillars of security are availability, integrity and confidentiality. Google’s auth flow aggressively face plants on the first requirement.
The best solution I can think of that doesn't compromise security is hardware keys. GMail has very good FIDO support. The keys are easier to use than TOTP and vastly more secure than SMS. They do not depend on any phone or phone service, and there is no transferring necessary at any time.
The librarian would just need to get the person logged in successfully one time, get the key attached to the person's account, and get the key onto the person's physical keychain. The librarian would also print out the backup codes, laminate them, and put them in the person's wallet. Once that's done, this particular library patron should have few authentication issues going forward. Assuming lots of repeat clientele, the auth night mare will largely end once everyone is setup.
Yeah, the key and codes might get lost, broken, or stolen, but that's the best you can do. If the person lost their actual keys and wallet, they've got bigger problems.
The question really is who is going to pay for these keys? They're a lot cheaper than phones at least, but not cheap enough.
> If the person lost their actual keys and wallet, they've got bigger problems
Do they? Typically for those sorts of things you have recovery options. Your landlord will be able to get you a new key, your bank can issue you a new card.
Looking through my wallet, the only thing that would have a significant hurdle to replacing it is my Egyptian residence permit (I'd have to travel to Egypt to re-issue it). The only significant "loss" would be my current monthly public transport ticket, but if I can produce some kind of payment proof and am willing to argue with metro staff I might even be able to get that replaced.
Point being, there is a lot of recourse for offline things, but if you get into this situation with a tech company - there is none. I have a lost 10+ year old Gmail account and I could not regain access to it through any means even while working as an SRE at Google.
Reading this comment, I thought Yubikeys, which aren't /expensive/, but aren't cheap either. I was pleased to see they have a key targeted at this specific use case now - the Security Key Series [0]. At $25, that is not too bad a price, and something I'd buy for the members of my family without much hesitation.
The hangup with this, which I think the librarian in question will feel, is what happens when someone loses their key? How can I set up a trust relationship that my local librarian can reset my grandma's Yubikey, but a bad actor can't? And, $25 isn't so bad once, but if we have to replace it every month, that's less fun. Maybe that's just agreeing with you and lamenting the state of things, but maybe someone will read this and think $25 isn't so bad and write a grant to pilot this program.
I wouldn't feel confident assuming that the homeless can feel secure in retaining their yubikeys from theft. The optimal solution would probably be some sort of multisig solution where a trusted party like a librarian and maybe a person's parole/benefits/welfare/etc officer hold on to keys.
I believe you can set up multiple keys. In this manner, a librarian could keep a "master key."
This compromises security somewhat, since the library houses one of the second factors, but IMO it's preferable to total account lockout (and still superior to SMS verification).
if you’re using someone else’s computer, or a computer at a library, you have no security. TLS isn’t enough to be certain they haven’t intercepted the connection, installed their own root certs, or whatever else. I can’t think of any method to securely use someone else’s computer and connection unless you bring a live boot Linux USB or something, which I doubt applies to the intended audience here.
Sure, having a physical key makes it easy for a non-technical librarian to steal someone’s identity, but perhaps having some kind of yubikey safe deposit box would be an appropriate compromise.
Also consider that the yubikey is only the 2nd factor, the user still needs to enter the password. Obviously password resets are possible but might be a bit more of tip off to the user.
Hardware keys work well in place of a phone, and are in some ways significantly more secure depending on how U2F is implemented.
Some of the problem remains: If the user forgets their password the second factor won’t help them, and that includes the backup keys.
I’ve read the letter, and I see the massive problem, but I don’t think it’s been fully solved yet.
Q: “How do we remotely authenticate a single user, in a way that cannot be forged, without relying on their memory?”
There are solutions to every part of that sentence, but I do not know of one that solves it entirely.
They could write their password down, but then they’re exposing themselves to the obvious risk of it being stolen. You could trust the librarian in a 2-of-3 system, but this seems very easy to abuse by the library staff.
Genuinely not sure of how this is solved.
A cryptographically-strong biometric key store at the library (e.g. finger-print or face scanner) that will only authenticate a physically present user and release a FIDO signature that could then be used in a multisig authentication?
Ctrl + F => "bio" and this comment was the only result out of 100+. Surprising!
I think biometrics sounds like the best solution. YubiKeys will get lost/damaged/stolen and then you're back to square one. With biometrics you shift the burden of paying for and managing hardware onto the library and individual users don't need to be responsible for anything.
Of course this doesn't solve the issue of the user who is already locked out, but librarians could at least proactively enroll users who have access to their account in order to prevent the issue from happening in the future.
> STOP EMAILING ME AND CALLING THE LIBRARY ABOUT THIS
> This was shared without my permission. This was not supposed to be public. It was meant to be shared internally to Google. It was not an open letter. It went directly to the security team and we had a conversation about it and it’s over. This is from well over a year ago and we no longer are having this issue as often as before due to various improvements.
> Please delete this from HN. You are essentially DDOS’ing my work email and the library branch phone number making it very difficult for us to perform our duties as civil servants today.
> I do not know how this made it onto HN. Someone must have leaked it. If they need to work that out internally then I’m leaving this here for their reference. But I do not want news reporters or random HN readers contacting me or the Free Library over this.
When Uber and Lyft became popular and you still needed a smartphone and mobile connection to use it, it basically became a way to keep poor people segregated in transportation. If you couldn't afford a smartphone, or a data plan, or only sporadically, you were relegated to the public transportation options which are slowly defunded as Lyft and Uber lobby governments to become the "more affordable" alternative to public transit. As a result, 'hacks' (illegal taxis) are widely used in many cities because you don't need a smartphone or data plan and they are cheaper, yet are more dangerous.
Mega-corporations that design for "the 80% of users" implicitly make life harder for vulnerable and poor people. It's time for us to not only hold Government accountable to treat people well, we have to hold Corporations accountable to the same standards (at minimum).
(as an aside: I love the Free Library of Philadelphia. they get out in the city and meet all kinds of people, help them get access, always generous with their time and friendly. they are a vital service to the community and I hope Google listens to them)
> When Uber and Lyft became popular and you still needed a smartphone and mobile connection to use it, it basically became a way to keep poor people segregated in transportation.
Uber and Lyft were a massive, widely praised improvement specifically for poor people because for the first time ever, poor people got access to a taxi service that was not bigoted against them. Before Uber, bigoted taxi drivers routinely refused to pick up passengers with the wrong skin color and refused to drive to poor, outlying neighborhoods. Uber and Lyft did away with that nonsense. Doesn't matter what you look like or what you are wearing or where you live, if you can get a phone, you get a ride.
It's much worse than that. I signed up for Lyft, and then one day I was told that my card on file wasn't sufficient or I'd done something that had triggered some system, and I needed a second card on file.
I emailed lyft support asking why this was. Never got a response.
It doesn't seem to have occurred to a bunch of silicon valley techbros that lots of people only have one credit card, or only one card they're comfortable using (using a debit card for credit card transactions is a huge risk due to more direct access to money and lower fraud protections.)
My town now as "app-only" parking spots. (Maybe there's some fine print on the sign about another way to pay, but it's not clear from 10 feet away if so).
Shelly Rosen is a hero, and should be recognized as one. It is not very often I get to read business requirements that are so clearly defined. Kudos. This letter should be obligatory reading in schools.
I'd like to see another letter drafted to other librarians recommending specific competing email providers that people who are MFA-challenged should use for anything important.
The letter has now been updated today, please read:
STOP EMAILING ME AND CALLING THE LIBRARY ABOUT THIS
This was shared without my permission. This was not supposed to be public. It was meant to be shared internally to Google. It was not an open letter. It went directly to the security team and we had a conversation about it and it’s over. This is from well over a year ago and we no longer are having this issue as often as before due to various improvements.
Please delete this from HN. You are essentially DDOS’ing my work email and the library branch phone number making it very difficult for us to perform our duties as civil servants today.
I do not know how this made it onto HN. Someone must have leaked it. If they need to work that out internally then I’m leaving this here for their reference. But I do not want news reporters or random HN readers contacting me or the Free Library over this.
If you want to learn more about patron privacy and support librarians advocating for patron privacy and against big tech please check out https://libraryfreedom.org/ which is a wonderful organization I am a part of that does work like this. I still firmly believe in and stand by everything that I wrote. But this particular action was not meant to be a public letter and it’s interfering with my ability to do other work. You’re welcome to read this, now redacted, letter, just please stop emailing me and sharing it around.
On one hand, you have the perspective of this and other librarians where users are locked out of their accounts by Google in a (debatable) measure to secure them.
On the other hand, you have the perspective of computer repair people who routinely field calls and service computers due to the elderly (mostly, but also everyone, including tech literate folks) getting scammed, account takeovers, downloading malware, and worse!
So maybe the solution here is not to *force everyone and their literal grandma* to be using these machines for all of their business??
Why not allow the owner of a Google account to delegate a trusted third party who can handle MFA/otherwise approve logins on their behalf. I kind of do this already by setting the recovery emails for family members (especially aged parents) Google accounts to those that I control, but to my knowledge it is not possible to do the same for the mobile number used to secure the account.
This way, at least as I imagine the authors scenario, the library's regulars could delegate them as the trusted third party, problem solved.
Oh yes, and also what they write -- add an on/off setting for "Be less anal about logins from unrecognized devices".
So the biggest problem is that every optional feature you offer up does not help when someone walks into the library already locked out. The vast majority of society will never be aware of available options and features for their Google account, so it's only the default behavior that matters. Most people locked out of their account could've set up some sort of way to get in (like backup codes), if hindsight was 20/20 and they knew a lot about Google accounts.
You could add a feature like this, and maybe it helps one out of every hundred people who try to log in at this library, and that's optimistic at best.
> So the biggest problem is that every optional feature you offer up does not help when someone walks into the library already locked out. The vast majority of society will never be aware of available options and features for their Google account, so it's only the default behavior that matters.
Fair enough. I live in the EU, we all have state-issued ID cards and no cultural problem with using them, so presenting those via some channel to Google would work here, but I can't imagine it working in the states.
Or how about if google sees you log into a computer associated with a library IP address more than once it offers to help you set this up. With some sort of special dialog that specifically targets people in this situation. And it periodically reminds you to confirm you still have these recovery codes saved somewhere and if you don’t helps you create new ones. I know this isn’t google scale but it’s a nice feel good story that google could trot out at I/O
At what point is it reasonable to start assuming basic security/computer literacy on the part of the public (to the point where, if you screw up, it is your fault for screwing up and not the computer/companies fault for not telling you something)?
This is an open question. We are not there yet, but at the same time I don't think it's tenable in the long term to be in the state of assuming the user can't be trusted to know what 2FA is.
So, my grandmother knows drastically less about computers than she used to. She actually previously used email with regularity, and has since forgotten about even the existence of the email account she had for fifteen years. Unless we have a cure for memory loss in seniors, new less computer literate people will be occurring every day.
So the answer is, unfortunately, never. There will always be people who are not computer literate, and if we want basic services to be available via the Internet, as many government services now are, we have to include systems that include these people.
You can't just discard the poor because they aren't computer literate.
The problem is that "friendly" systems designed for the computer illiterate tends to be obstructive and unproductive for the vast majority of everybody else and that holds just as much in a real-life office as it does on a computer screen.
The term of computer illiteracy is useful in more than one way, and that is literacy. We don't structure our societies (including basic government services) around people who cannot read, instead, we we structure them around the understanding that the average citizen can read, and treat regular illiteracy as a problem to be solved, and in the first world where computer literacy is even a problem that can exist, it mostly has.
All the anger toward Google misses the larger point – this isn’t only Google's problem. If I get locked out of my Apple account, or my Amazon account, or my <insert online service here> account, how do I prove that I am me? A password? I’m glad your memory is much better than mine, because I'm terrible at remembering 1000 passwords that aren’t trivially cracked. Use a password manager? Oh yeah! I do, thanks. On my computer and phone along with... my 2FAs.
What I need is a way to get into my personal accounts when I find myself naked and alone on the street (don’t judge, you don’t know how I got there). And the only way to do that is to be able to physically present myself at some place and have them verify my identity, allowing me access to my digital life again – and hopefully let me to call my wife to being me some clothes.
Basic identity verification is the type of function that everyone will need at some point as a common public service. The kind I would expect a government to provide.
The specific anger towards Google comes from the fact that they're an overwhelmingly popular email provider, and email is what a lot of paperless processes (including account resets) assume the existence of. If you get locked out of Amazon, or Facebook, or Instagram, or TikTok, or Reddit, or Twitter, or Netflix, you won't lose the ability to receive welfare benefits, or tax information, or rent / utility bills, or statements from your bank, or whatever. Everyone takes for granted that you have an email address that you can receive statements at, and that you'll use email as the central hub of communication, and sometimes the communication is legally mandated.
Also, it's considered sufficient for all those non-google tech services to just use your email address to get you back into their system. Netflix can send you an email. Facebook can send you an email. Twitter can send you an email. Netflix can send one, too. Gmail can't send you an email to authenticate you. You can never use email to get access to email. Using a Gmail account to try to unlock a Gmail account is an absurdity, like Baron Munchausen pulling himself out of a swamp by his own hair. You can use a cell phone to unlock email, but cell phone service will always cost money, and phones can be lost, broken, stolen, or sold for emergency funds. No library anywhere provides access to phones that make texts, and even if they did it wouldn't work because they'd be shared by people which would make them unsuitable for identification.
That's the reason for the focus. Fixing Gmail sort of "does the heavy lifting" for all the other services that need to get you to prove that you're you.
You're absolutely right - everyone has offloaded the 'identity verification problem' to your email provider. Because doing it well is an intrinsically hard/expensive problem.
Replace 'government should provide a digital identity service' with 'government should provide an email service', and we're back at the same place. You still needs a way to prove that you are you - with legal protection and recourse.
This letter points out the increasingly obvious - that our online identities have become too important to be left to the customer support whims of one or two corporations. The idea that an innocent algorithmic mistake in a microservice running somewhere deep in Google's cloud could lock me out of my life is not the future we want.
> You still needs a way to prove that you are you - with legal protection and recourse.
You actually have something that you can use- your reputation. It is difficult to fake your likeness, even moreso to people who actually know you. A combination of past preshared secrets (memories) alongside your likeness is enough to get people who DO have ID to vouch for your identity- family, your landlord, your neighbor, your lawyer, your employer, past schoolteacher, anyone who can reasonably be expected to recognize you and have had some experiences with you, can discern whether or not you are who you say you are.
From there you could have access to your theoretical USPS or Library email, add an additional PGP key to publicly-funded keyservers, and generally use the power of this vouch to escalate from there.
Even if you make an extreme edge-case argument, saying that someone has some extreme amnesia and finds themselves far away from their home, the government could just let you generate a completely new identity for a small fee, so that you aren't left high and dry without one.
It's not just that. Yahoo is a very popular free email provider as well, and since it doesn't require MFA, it avoids a whole category of these account lockout issues. So the anger is that Google has required this feature but has not identified sufficient flows for recovery, and in particular does not offer any kind of "catch-all" escalation where you can explain your situation to someone who can individually do something about it.
Gmail is locked up tight. I like it that way. People who need _really_ security like it that way. I'm confident that I will not lose my email account to a social engineering scam. It's much safer than my phone number.
Not everybody needs this level of security. In fact, as the article and most responses demonstrate, the high security is not desirable for a large number of people.
Honestly, this sounds like the space for some kind of "non-profit startup" -- email services for the at-risk population. Of course part of the solution is non-tech, but there needs to be some real service involved. Interesting.
This is well meaning and shows an unfortunate side of 2f-auth, but she seems to think that google is in the business of helping people. They are in the business of selling ads. True their search engine has greatly helped a lot of people, as has gmail.
But they are in the business of selling ads, and they are not selling enough ads to people who both a) cannot continuously afford a phone number b) are unable to afford an internet connection at home to be worth dealing with the complaints, manual verification and prevent fraud.
Google is in the business of making money. You make very little money from poor people, and you lose money if they cost even more to service.
This does not mean that it doesn't suck for the homeless lady, but this is reality.
I suspect that this is yet another situation where public libraries are going to have to step up to the plate and provide services to fill in the gap. In this case, it would be email services to patrons.
The Googles of the world exist because they provide inexpensive services through automation and at scale. They are poorly positioned to provide services that cannot be automated at scale. Chances are that any attempt to do so would likely bankrupt them even though we are talking about extremely wealthy corporations. (Keep in mind that we only hear of a fraction of the complaints about Google. Few people have the reach or ability to have their voices heard.)
On the other hand, libraries are already embedded in the community. They already have personnel who can better understand and respond to situations that Google would regard as edge cases. They are also much smaller organizations that have less bureaucracy to deal with and a mission that aligns with the needs of the community.
I am not saying that they have to provide the actual email servers. They could contract that out, perhaps even to Google (though I suspect they would try to find another organization). They would be managing the email accounts themselves, including authentication and recovery.
It looks like it is possible to use totp for your backup second factor, which would let the libraries store the secrets on paper and require ID for a password reset:
Google only recently made MFA mandatory, so most of these impacted users didn't really opt into MFA, they just didn't opt-out by closing their Google account. Likely the first time they realized they might need a backup option would be when they were locked out at the library and it was too late.
It is so incredibly heartless on Google's part to spring this on unsuspecting users, without any sort of customer service support. Most people having their accounts suddenly bricked aren't the type that can raise a twitter mob loud enough to actually get on the company's radar.
Google did provide some advance warning that was coming.
Also, accounts without MFA were also also causing harm. Some vulnerable populations also didn't realize how easily a non-MFA'ed account could be taken over remotely due to a weak password. And then due to "password reset" functionality, a Gmail account takeover can pivot to cause greater harm.
This is a classically difficult problem: improving security often reduces convenience. The trade-off Google chose to mandate for all users was not the best for users without stable phone access.
> This elderly woman, looked to be in her 70s, might lose the roof over her head, due to being unable to log into her Google account, because she lost her old phone and with it, her phone number.
I think the real issue is outside of Google's reach. You shouldn't have to lose the roof over your head just because you don't have access to your emails. Sure, it sucks that Google doesn't care if these people lose their access to Gmail. But I don't see how Google has a greater responsibility than the state/government in this.
We don't want to address the real issue that a democratic government of 350 million people is slow and ineffective, so we demand that private industry make up for the failings of our government.
I dont think it is unreasonable for the 22 trillion dollar a year, 250 year old institution of the US government to solve the problem of why it is denying welfare to its own citizens.
Or maybe the US government monopoly should be broken up into smaller governments to foster a spirit of competition in the marketplace if it can't meet the needs of its customers.
>Or maybe the US government monopoly should be broken up into smaller governments
You mean state/local governments? Federalism? It's how the country started by as each decade passes we willingly cede more and more and more control to the horror of a central government our founders were set on avoiding.
It's been nice to see some recent trends back towards states rights and downsizing the federal government - I hope for all of our sake the movement picks up steam.
I agree that social services should be administered in a way that helps people succeed instead of constructing barriers to benefits...
But is your position really that losing access to your email isn't a big deal with real-world consequences? Forget government services, nearly everything you do online requires access to an email address.
Another solution to this problem would be competition. If there were a workable alternative to Gmail that had account recovery mechanisms better suited for this population than the librarian could simply recommend that for their patrons.
Can anyone suggest what a good alternative to Gmail would be for this population?
Maybe a Government-supplied email address that is only accessible from libraries?
I would hope that libraries would have fixed IP addresses, so surely that could be factored into the authentication process? Some FIDO keys used to be able to be bought for as little as $5 (https://wiert.me/category/power-user/security/u2f-fido-secur...) so it shouldn't be beyond the budget of any self-respecting town/county/state?
Hotmail once deleted all my emails because I hadn't logged in through the web interface for 30 days, instead used another client. Then one day I got a weird message and logged into the web interface to find all my emails from more than a decade gone.
This is what happens when private for-profit companies through monopoly become public infrastructure with no oversight and no obligations but turning a profit.
It does seem like the library's (and really, anyone who helps the aged with their accounts) first order of business for those that have access to their email should be to get them setup with a secondary account at a different service.
I'm aware of a number of problems though - this is a lot of cognitive load to add to someone who just barely understands how to get to the mail in the first place. And obviously it doesn't help someone who is already locked out and seeking assistance getting back in. It opens another (likely less secure intentionally) way of phishing the seniors. And there is not really a good way to transfer all of your email history from one account to another that I'm aware of.
So while I believe the best "market solution" would be for folks to use some sort of alternative, I'm not sure it's a realistic ask. So Google needs to take this seriously and realize how devastating this can be. It's not "just a free email address" to many people, it's their lifeline to everything.
Heck, even myself as a tech savvy person worries about getting locked out of my Google account given I use an Android phone and have 2FA setup through that device for a large number of services, including my password manager. Note to self, get on that physical version of the digital black book that provides physical copies of anything needed to get back into accounts (2FA codes, backup codes, etc.)
This has been an issue for years. (I've worked in libraries, including public ones, on and off since 2004).
It's not just a GOOG problem. In fact, Yahoo makes me want to show up and yell at some business people: They lock people out of their accounts and then CHARGE THEM TO CALL IN and fix it. Another general issue is how much of this population uses/sticks with old products: There is a large number of Yahoo, AOL, and Hotmail addresses still being used, as well as old ISP mailboxes.
Agreed on Yahoo and ISP emails being awful, but Microsoft migrated all the hotmail users over to Outlook years ago. At this point, there is only a cosmetic difference between a hotmail.com email and a outlook.com email. I'm normally not a big Microsoft fan, but that was one change they handled reasonably well.
Oh yeah, it was just an example of how this population stays with familiar products far beyond their usual lifespan. So they often want support for products and services that are old or unsupported. And why changes really screw them over: A lot of these people just have GMail accounts from when they were easier to use.
MS did well on this one, I agree. (And I also hate MS but credit where credit is due.)
1. When creating a Google account, you can choose that the account will be owned by a specified library (or other institution). This can also be done for already created accounts.
2. When that account is then locked out due to missing 2FA, the library holds the backup codes and can be provided upon identification.
This is similar to how Google accounts can be managed by a company that you are employed at.
If the US government created its own SSO system and mandated that all government website used it as primary while allowing third parties to use it too this could become a solved problem. It would be a credential that could be accessed via existing paper based systems. Places like Google allowing it as a sign in method would actually solve this case. Sadly I think the tech world in general is so allergic to losing privacy that even something optional like this would get lobbied out of existence just by tech companies alone.
login.gov exists. It's not mandated, nor does it currently allow non-government users(last I checked), but otherwise it generally solves the technical problems fine.
You can sign-in as a non-government user (though they also have CAC support for federal govt users). There's built-in document/identity proofing as well but there are some extra requirements to get that enabled on an application.
You do need to be working with the government to integrate with Login.gov though (but it's just OIDC on the backend)
I don't particularly love gmail and I'm personally trying to switch to fastmail over time, however I am on google's side this time around.
There are reasonable approaches that can address this librarian's concern. Backup codes, backing up the MFA seed. She talks about patrons having cell service shutoff, but that doesn't affect google authenticator. There are good reasons why google went to an MFA only model and yes there are some downsides, but they're not unmanageable.
This is not really Google's "fault". (trust me I'm not a fan of their cavalier attitudes to beta services and lack of customer support)
They are working "in the future" where every human has access to the virtual world by "right". You cannot cut off someone's gas or phone without huge regulatory hurdles. And we will
see something similar for access to internet
We just aren't there. And that's the problem.
And this conversation should not be about "google should reduce its security" it should be about how do we regulate ISPs and google and facebook and Email providers so that they are on par with the gas company?
Is access to http a basic utility? Access to an email inbox?
In short Internet access is a necessity for access to civil society, and now we work out who pays for it.
it's going to be a fun decade
I think at some point we will move to something like a drivers license for the Internet - a government backed assertion that you are person X. A photo ID, a hash of that .png and meta data against a key pair (ie the key pair assigned to the person behind the desk at the DVLA)
I am guessing this is what a bunch of companies offering the "photo of you and your id" services are waiting for.
Which to me implies it should never be a proprietary solution - anyone know of a FOSS version of this out there? Anyone want to start one ?
Is it even possible to use a google account without a phone number? Google (and about everyone else) demands them for tracking. I've steadfastly avoided giving out my number for most trivial things but it's becoming harder and harder. The recent dark pattern is to setup your account and then claim there was suspicious activity on first login so they need to verify your (brand new) account by having you enter a (completely new) phone number. Microsoft recently extorted it out of me by forcing me to convert my mojang account to a Microsoft account and then pulling the verification stunt. Twitter, facebook, etc all do this.
Another annoyance is if you enter a landline number most of these things just assume it's a cell and then ask you for the verification code that they just sent into the ether.
My mother is 70 years old and recently had a stroke. Every week we're dealing with password issues which are mostly Google related. The good news is I've been able to switch most of her stuff over to Apple based tools and that's helped significantly, but getting over the hump of new technology was a pretty big hurdle, and costly to me in terms of time and money. My mom is in the same situation, and I shudder to think how she would navigate this without help from her family. Not everyone is as fortunate as my mom is, but what this librarian is describing really touched a nerve because I know if it's happening to my mom, a former Sun Microsystems employee, I know it can happen to anyone.
The best part for me is "try to" rather than the much more common and nonsensical "try and" that I see all the time. I think I would pay for a Chrome extension to automatically replace all occurrences of "try and" with "try to."
It takes a librarian...
Also, thanks for changing Google for the better, and helping those who need help the most!
If a large percentage of computer users who use the library exclusively have ID, the library could purchase a MF device or cheap android phone running an MFA app and use the same device for every user or many users: show your ID, librarian verifies that you're registered, and then come over and log you in with key + username (user still enters password).
Would it be possible for some nefarious person to grab these keys? Yes, but essentially you're reducing the MFA back down to SFA, a cost I think likely worth it for this group.
I'm not sure what an ideal solution might look like. Do you have a thought on that?
OTOH this library use case is a specific kind of outlier: I imagine this issue occurs in most/all libraries; it's a situation where changing the level of security is worth the tradeoff; it doesn't affect the security of anyone else; it's relatively inexpensive.
I don't consider this a "blame the victim" solution to the problem. I see it as an accommodation for people with specific but special needs.
"It must be possible to [...] contact customer support"
I'll stop you right there. While I feel for the folks affected by this, they're not customers. And there ain't no such thing as a free lunch.
Broadband access and an email inbox aren't human rights in the US - even if they should be, we're just not there yet. And Google has no business incentive to provide customer support to the freeloaders.
I think it's crappy that there's no recourse too. But like it or not, users assent to this when they sign up. The solution here is education - people need to be told outright that they have significantly reduced chances of recourse when they're using somebody's service for free.
Society seems to have abetted the notion that all citizens will have Gmail accounts, down to the issue of Chromebooks in elementary schools. What exactly are we teaching people by dropping them off inside these gardens to bang on the walls?
It goes further than Google or Gmail. We need processes that make actual sense. "But the government forms I need to fill out are online-only!" First mistake. Whoever signed off on that in government should be fired immediately.
This isn't a Google problem, despite how easy it may seem to blame the faceless boogeyman. It's an education problem, a process problem, and a common-sense problem.
“The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man.”
Rich and poor, young and old, have this in common. I know many college educated and affluent people that can't manage passwords or multi-factor authentication. Oh and don't ask them to save recovery codes because they will put them in highly insecure places... and then forget where they put them.
One thing that the library could do is store the cookies of their patrons, and restore those next time they use a library computer. This would avoid the most common case of the problem. I suspect this is the only feasible solution; Google is certianly never going to bother with these people.
This would be a massive security risk, holding that information on the machines, or even in a central location (as roaming profiles which not even MS recommend anymore).
@dang why is this still up and on the front page (you can at least suppress the story to the second page..)? It's clear the document was shared without her permission and she's being harassed by HN and press:
> STOP EMAILING ME AND CALLING THE LIBRARY ABOUT THIS
> This was shared without my permission. This was not supposed to be public. It was meant to be shared internally to Google. It was not an open letter. It went directly to the security team and we had a conversation about it and it’s over. This is from well over a year ago and we no longer are having this issue as often as before due to various improvements.
> Please delete this from HN. You are essentially DDOS’ing my work email and the library branch phone number making it very difficult for us to perform our duties as civil servants today.
> @dang why is this still up and on the front page (you can at least suppress the story to the second page..)? It's clear the document was shared without her permission and she's being harassed by HN and press:
That was added well after the document was posted to Hacker News, so I don't think this is a fair question. Also, I'm sure dang has a life outside of Hacker News, so I don't think it's reasonable to expect everything to be acted upon immediately.
Well, this is a tricky situation. At what point did Google agree to become the world's free email provider? We have to decide where their social obligation outranks their share holder obligation.
And by "we," I include everyone from users, technology providers, and especially governments that require email addresses to get basic services, everyone.
A modest proposal. Can one YubiKey serve several email accounts? Ask patrons to sign up for a library card. Register each library card with one key, such that one key can serve many patrons. Help them enroll with multi-factor authentication. Whenever they need it, simply request the token from the librarian desk.
(Put the token on a giant brick or yardstick, so that it never leaves the library. Sort of like how they do at gas station bathrooms.)
i suspect that basic digital identity and messaging services will eventually be operated by governments. similar to how many major urban transportation systems were adopted and then glued together to provide subsidized public services.
>> There simply must be a way to change how Google handles two-factor authentication which does not constantly lock out poor people who use the public library to access their email. It must be possible to make it so we do not constantly reach these dead-ends where Google tells patrons to endlessly loop through “I don’t have my phone” and “Try another way” until their account becomes locked permanently due to too many failed attempts.
Why is Google making it hard for the poor to access their email in these times?
it’s not like google just launched today. They have the data of these users, who use internet from public libraries.
Great letter. Sorry about the unwanted publicity :/
Lots of people seem to want Google to be forced to provide customer service. It's an interesting idea, but I'd imagine it would be the end of free Gmail which may just force the very same people who can't afford permanent phones to switch to an even sketchier, unregulated free email service. Either that or the government would have to somehow provide free email, and I think there's actually a strong argument to be made there if an email address is required for welfare / parole / other government processes.
> Please delete this from HN. You are essentially DDOS’ing my work email and the library branch phone number making it very difficult for us to perform our duties as civil servants today.
Why is the US so far behind the rest of the world when it comes to technology? State IDs/Driving Licenses already exist. These should have chips on them that could be used for authentication.
The main reason we don't want a ubiquitous national ID is that once it's there, everything will require it, which means everything you do will be tracked. Which is okay until the government decides to go psycho and attack some section of the population. Right now, literally every red state would love to get their hands on logs filled with IDs of people who have anything to do with abortion (a Texas bill makes it illegal to even drive someone to an abortion) so they can put them all in jail (abortion doctors get 99 years). In the past it was the gay rights movement, civil rights movement, the satanic panic, the communist panic, rounding up all asians into concentration camps during ww2, etc. We can expect more of this, and a ubiquitous ID makes it much easier for the government to execute these plans.
I'd be more sympathetic to this argument if all that info weren't a couple subpoenas or search-warrants away at most—in fact, the government can often just pay for access to these things, usually with the implicit threat that if access isn't granted at a reasonable rate, the business may find itself in some trouble. Like, if we banned private parties from collecting tons of info about us, then maybe that concern would have some merit, but we don't, so it doesn't.
Point is, they don't need a national ID to pin you to some cell phone records that place you at location X at time Y, to get your CC usage data, to find out pretty much anything they like, to connect that to a license plate, to snag toll and other photo records of the vehicle from various sources, et c., and the only reason there are any restrictions whatsoever on that ability isn't because we don't have a national ID, but because we're not yet living under a tyranny. Difficulty IDing people isn't the limiting factor.
The public-private hybrid ID we have now is terrible and also carries all the same risks under tyranny as a national ID, which is at least not-terrible.
It's not like having a national ID would mean all the spying-data companies collect on us would automatically be shared with the government—more than it already is, anyway. It'd be the same as now, except with fewer ID-related problems for people.
Yes, the government can trace people right now, if people are not protecting their identity. Because there is no ubiquitous ID, it is still possible for you to protect your identity in almost every part of society. But that possibility will rapidly disappear when a ubiquitous ID arrives.
The difference between rounding up people or not is often just whether it is logistically feasible. Right now, even if they collect every kind of data from every business, it would be a nightmare to attempt to collate it all, because it comes in so many sources with so many differing fields that may be out of date or inaccurate or wrong and would have to be normalized etc etc etc. Impractical to do on a very large scale. Except when there's a single identifier they could look for, which would completely solve the problem for them, and make it easy to round people up.
Companies that sell data to the government without the consent of the public is a huge problem we need to deal with, for obvious constitutional reasons (4th amendment).
I used to feel the same. But in reality, we prove our identity daily - every credit card transaction, banking, electronic tolling, bill payment, health care visit, tax payment, legal proceeding, employment opportunity, voter registration …
What protects us from invasive search is not lack of a uniformly accessible system for identification - its due process. And if the government chooses to compel you against your will and without due process - whether or not you have a laminated ID in your pocket will be irrelevant.
Most of those are optional. You can use cash, you don't need a bank account, nor electronic tolling, or bill payment, emergency room visits are free and there's free clinics. Other various things like legal proceedings, voter reg, and taxes are not things that are "tracked", that's just basic citizenship requirements.
A national ID would make the few cases where you need to hide your identity (like you're a 10 year old girl who was raped and needs an abortion, or the doctor that needs to perform it - https://www.seattletimes.com/nation-world/10-year-old-rape-v...) much harder. Until our government decides not to be so fucking crazy, we need to push back on its ability to unjustly track and then punish its citizens.
This can be solved unilaterally by the library system, with no extra
action by google. I would furthermore argue that it should be solved
by the library, rather than by google, as the library has the ability
to solve this problem more completely.
As a brief introduction, the goal of computer security is generally to
make a computer as secure as a door lock. A door lock can be easily
broken into, but to do so requires that a person show up to the door
in person, and to take some illegal action. A computer, if secured
naively, is much less secure than that: if I gain access to the
password, I can hack a computer from anywhere in the world.
Furthermore, since I have the password, it isn't even clear that I am
breaking any rules.
The library system can solve the problem described in the letter while
maintaining door-lock level security in the following way: they would
give to every library system user a library card, associated with
their person. This card would be used to log in to library computers.
Certain information would be preserved between logins, namely the
browser cookies. Thus, the user would remain logged in to their google
account as long as they had access to their library card. If they lost
the card, or forget the password, the library would be able to reset
the password, or issue a new card, as long as the user could prove
they were the owner of the card to the satisfaction of the library
employee.
Google, being an internet company, cannot reasonably issue cards to
all their users, but libraries regularly do so. For the same reason,
Google has difficulty verifying the identity of their users, which
libraries can do easily. Google is structured as a profit seeking
corporation, and would need to justify charitable behaviour to
shareholders. Libraries are well known to exist to provide services
for free to their users, and can easily alter their operations to do
so differently. Most importantly, libraries already provision physical
access to computers. The most important element of our door-lock
security model is that a person must appear in person in order to get
around our security. The library is the organization operating the
physical terminals, and so the library alone can provide this
essential element of our security model.
Would it be possible for libraries to provide email addresses through their own mail servers? Certainly Google has an enormous number of issues, but I can't see them weighing in favor of the elderly and less fortunate over the high profile users whose accounts are constantly targeted. I also have doubts that any bypass solution would succeed due to necessarily requiring users to both know their existence and properly set them up; not everyone has technical competence nor the experience to know for which resources to seek.
It's not like most people will know they might lose everything if they sign up with google. Most rightfully expect that google, like most other companies, has customer service. By the time they realize, they're too late
We need to start seriously spreading the word that Google cannot be trusted to hold anything important to you
I'm pretty sure this isn't a Gmail-only issue. This letter could have been written to any other email provider, but it just so happens to be Gmail due to popularity.
Email is an inherently insecure service. Security professionals had been clamoring for default 2fa, E2EE, etc. due to various breaches, leaks, and security issues that have occurred over the years. Remedying the aforementioned security issues necessitates certain practices to be phased out and the people who relied upon them to be caught up to speed or left behind.
Even owning a phone, I really hate phone-based 2FA. What happens if I lose my phone? I've lived in foreign countries for almost my entire adult life, and no phone number is permanent. When I move, I need a new phone.
My Indian friends tell me it's much worse there. All of their government services are tied to a specific phone number that they must keep forever. So all of the ex-pats living here still pay for their Indian phone number back home so that they can still interact with the government when they need to.
"Please delete this from HN. You are essentially DDOS’ing my work email and the library branch phone number making it very difficult for us to perform our duties as civil servants today."
I got locked out of various MFA sites when I got a new device and had to redownload my Authenticator app it wasn’t linking to the accounts anymore and I could not get in. It became a chicken and the egg problem. Eventually going through support channels for each site I was locked out of I was able to get back in but it was a giant headache.
I vaguely remember someone posting about a hypothetical scenario where their house burnt down and they lost all their physical devices and couldn’t get into anything etc.
Google, we know a river of $$ flows from G-Mail - do you not feel any need to create a useable account recovery mechanism, all it would need is a few drops from that river?
Rich and poor (young and old) have this in common. Most people I work with are college educated and utterly fail when it comes to managing passwords or multi-factor auth.
I lost my phone just this week, and in setting up another device, I noticed that I was able to authenticate using the Google app in yet another (signed-in) device that was not connected to the internet, a la 2FA authenticator code apps. I'm not sure how recent this authentication mode was introduced, or if it's available only in select situations, but it would have completely resolved the librarian's complaint.
I had a gmail lockout scare recently for my custom domain.
And I deeply want to change providers. google is currently both my e-mail provider and my domain registrar.
The only thing holding me back is I have a custom domain, I'm not specialized in the web, and it's not super intuitive how to set up my hosting with one company, name registration with another, and e-mail with a third. All for the same custom domain.
@dang could you explain why this post is getting down ranked so hard? It's been 6 hours and I could only find this post by using the search function. We have a ~800 point post from 2 days ago and it's still on the second page
Edit: it's either back on the frontpage now or I missed it somehow
Edit 2: Looks like the doc was updated and it was posted without consent. I think we should delete the post now.
Have you read it? The author would like this post not to be shared. The situation has improved and they are getting more disruption than help from public attention at this point.
The only solution to this is that state authorities learn how this is a systemic problam and start to reject email addresses from operators like Gmail for all their services (and all email operators that do not have a real support and where one's identity is not actively checked and can not be proven and taked back via a real support line).
Weird to blame Google for the government's refusal to provide basic services like telephony to its residents. Why doesn't the library provide a SIM with every library card, and store it at the front desk?
Or, you know, an email account with its own security policies? I got my first ever Unix shell account from a library.
> There doesn’t seem to be any warning given that if they fail too many times they may permanently lose access to their account.
That can't actually be a thing, because it would allow a malicious person to lock out anyone's account if they just know their gmail address. Not even Google could be that stupid.
The library customers can install app called "Google Authenticator" provided they own a smartphone. It works without network connectivity.
Just use the app to scan QR code when creating a Gmail account. Or do it anytime later. Then never use network connectivity to generate the 6-digit 2FA code.
I am reminded of this every time I support an elderly person. Us techies are just not equipped to deal with the needs of everyday people. I used to get upset with them due to their lack of competence, but now I just feel embarrassed at how Kafkaesque all of this just is.
We need a Federal Dept of SSO. There is one (1) foolproof way to tell someone is who they say they are, and it involves opening and staffing a real brick-and-mortar office in every town in America. No tech company will ever do that, and the government already has.
You should not use gMail to access federal/state resources, but "state mail". Like DigiD in Netherlands, DataBox in Czech Republic. Both are state ran, associated with your identity. Lost password can be unlocked by going physically to office.
Since HN is an entrepreneurial group, this feels like a business opportunity. Probably not a Y-combinator unicorn darling, mind you. Figure out how to help libraries help their patrons get secure reliable access to email and other internet services.
This letter earned an upvote. GMail was created to make email better. Ignorance of a significant, life-changing problem with it's availability can not be acceptable. Any Fortune top 10 with billions in their pockets must do better.
In addition to the folks mentioned, I'm no longer able to log into google accounts due them insisting on having a telephone number. Which I won't be giving. Wouldn't be surprised if they already knew it somehow. :-D
I feel like fingerprint/iris/retinal scanners would be a reasonable stop-gap here if only there was some way to deploy them cheaply. Does anyone know if such add-ons exist that might be made compatible with a 2FA system?
No. This suggestion is, I'm sorry, utterly ridiculous. Even if it were possible---which it isn't due to the fact that many patrons have their emails long before they come to the library---but it would amount to get another public subsidy of a private mega corporation in the way of free tech support and data storage. Not to mention the security concerns, though to be honest I think that's secondary in the face of losing access to housing and benefits.
Outlook.com as it's the simplest to use. Their immediate concern is their livelihood so they need a free email account and not have to think about anything else including its lifetime.
The Silicon Valley model is establish a monopoly, then offer zero support. Treat fellow humans with zero empathy. Ranchers treat their cattle better if they’re in distress.
This isn’t a terribly helpful comment, but it’s a great reason not to use gmail. I wonder what the market size would be for “silver mail”, a service for the old.
How do they get away with not having a support number. Even Amazon has humans you can eventually talk to as you go through the customer service interface
Many people pay well over $100/yr to Amazon they expect a certain amount of support. Google by contrast doesn’t have nearly as many paying customers, and thus doesn’t feel the need to support them.
The author is 100% not wrong, but the problem is that, unfortunately, it is entirely possible that Google cannot have an authentication system that is correct for use by the elderly in a shared-machine environment while being correct for everyone else at the same time.
There are options to fix this, but they're social, not technical. To get there, let's start with the technical side of why the author's proposed fix won't work.
Google has no idea who anyone is. The only way they can know is the authentication process. And that process is under perpetual, high-investment attack by basically everyone because Google is a valuable target. Everyone from script kiddies to state actors have tried every method to not only compromise individual accounts but to build frameworks for systemic compromise, because when you focus on a single target you can invest the resources to, for example, set up a server that mimics the Google login page or a phone bot that sounds like it's making calls from Google Security. Our author bemoans the lack of a back-channel to recover one's account, but that back-channel is (a) perpetually overloaded with requests to access accounts (b) one of the major vectors for attempting to steal an account, because the back-channel is just one more interface on the systematically-attacked system.
(Source: I know someone who used to be in the loop on the back-channel. Scammers would call crying about kidnapped children who were going to die in a couple of hours unless they could get into a GMail account to get an address in a ransom note. Google had to train their phone crew to understand that probability was heavily skewed in the direction that if they capitulated, they were, within a statistically-negligible margin of error, never saving a kid and they were always letting an abusive significant other into their former partner's account so they could ransack it for passwords and vulnerable 1FA access codes and fuck up someone's life. Truly sick, heartbreaking stuff).
So that's the system under attack. How to address the problem that the elderly and impoverished can't afford to keep up with Google's security measures?
There are a couple of options here. In the short run, the cheapest is "Don't use Google." Use an email provider under less persistent threat, and one small enough to offer high-touch technical support. This is one of those situations where free may be the enemy of "cheap but affordable," and to bridge the gap someone could even start fundraising to pay for accounts on a service like that. There may even be meat on the bones of someone being a non-profit high-touch email provider of that sort, who can secure a person's account by having them log in from a specific, privileged machine within sight of an operator who knows them personally. Go back to the old days of how the DARPANET was actually secured by "every node is locked behind a door."
Another option is that a service libraries could provide (at possibly great expense to themselves, but options on the table) would be to serve as a credentials broker for their users. Have the library keep track of the 2FA side of things. Risky and adds expense to the library, but for this userbase that local service is the missing piece of the puzzle. Unfortunately, this isn't something Google is set up to provide; they're too centralized, they aren't actually in the communities where the need lies.
> Another option is that a service libraries could provide (at possibly great expense to themselves, but options on the table) would be to serve as a credentials broker for their users. Have the library keep track of the 2FA side of things. Risky and adds expense to the library, but for this userbase that local service is the missing piece of the puzzle. Unfortunately, this isn't something Google is set up to provide; they're too centralized, they aren't actually in the communities where the need lies.
This. I wrote as much in an earlier comment. Why not allow the option to delegate a trusted third party to manage $ACCOUNT MFA flow? I'd use it (and kind of already do, via the recovery email addresses) for managing my aged parents accounts.
This seems like not that hard in terms of implementation and UX. What is the risk/expense from the libraries PoV you are alluding to?
If the library is holding even a piece of users' credentials, they become liable for either intentional or unintentional harm. On the unintentional side: their 2FA back-stop solution could be compromised or stolen by a third-party because they failed to secure it (they'll be a smaller target... Crooks will get very little from stealing access to a small population of older folks over what they'd get for, say, finding a reliable way to compromise any Gmail user's access... But they'll be a target). On the intentional side: they now have to move the bar on vetting whoever staffs the project from "trusted enough to be a librarian" to "trusted enough to be a keeper of passwords or reset emails..." Which, TBH, may be a lateral move, since librarians know what books we read. ;)
But the insider attack situation here is nasty... A corrupt individual in the loop could trivially trigger a password-reset attempt, use the fact they have control over the user's 2FA (or recovery email) to steal the user's credentials, act on behalf of the user for a bit (reroute benefits to some other address?), and then just wait for the user to discover their password is locked out and kindly help them correct it.
Or perhaps someone can setup an email system primarily for the benefit of public library users. Run it as a non-profit / low-profit and provide basic support, do not require 2-factor authorization. Basically the way email was for many in the late 1990s, when they got email through their schools or universities, or perhaps through AOL or Compuserve.
> Basically the way email was for many in the late 1990s
Keeping in mind that the reason 2FA came along was that we learned the hard way that passwords are not sufficient to secure an account accessible on the public Internet. Too many effective side-channel attacks (both phishing the user and exploiting human psychological vulnerability, i.e. pulling passwords from another site and discovering that the same account and password works elsewhere).
... but such a system could allow for the account recovery solution to be "Go to the library and talk to a human being there, who can hit the account reset button." Libraries offer the advantage of having an already geographically-distributed-and-local staff by virtue of the non-digital service they provide.
That's right! What better form of 2-factor authorization than giving someone a human to talk to and show some form of ID (if needed) for someone to reset access to a system? Of course there needs to be trust for the public library employee, but that one person could have more rigorous forms of 2FA than the average public library user. Google isn't the company to offer this sort of thing, so I am hopeful there could be some alternative. However, encouraging random library users to sign up for a non-Gmail (non-Hotmail / non-Outlook / non-Yahoo) email system is the primary challenge.
As of your comment, the letter says that they're being essentially DDOS'ed over an issue that was resolved a long time ago and to very specifically NOT ask them anything; posting this link isn't moral and I think you should edit it out.
None of this is related to technology and the best Google could do is expend resources on education.
For tech illiterate, maybe the least bad option is that their security is that they won't lose their wallet. I think this is one of those situations where security has to take a back seat to usability.
1. Create a passphrase with this method: https://xkcd.com/936/
2. Write down your passphrase.
3. Write down recovery codes, and keep them in your wallet.
Also: Tips to make sure you never lose your wallet.
Well for a start, not set you into a loop telling you to use your phone to log-in if you've lost your phone.
I mean, even a paid-for, ad hoc ticketing system (e.g. if you need a reset on your account, pay $10 and create a ticket; no need to have an enterprise subscription in advance) would be better than what we have currently.
But financial institutions solve for this all the time when people forget their online banking details or their phone breaks for 2FA. It probably costs them a far amount in customer services support, but they suck it up as the cost of doing business (probably because they legally have to). Whereas Google just foregoes it entirely.
Allow users to link accounts to widely accepted forms of government ID. Maybe a state ID, whatever the common ID is amongst that community.
If a user has chosen to link their account to a real ID in this way, they must be able to regain access to their account regardless of password/2FA blah blah by presenting a valid ID.
Banks and lots of institutions have processes to do this. The librarian is right, "how" is not an issue because verifying identity is _not_ an unsolved problem lol.
I think the main issue with that approach is that they could verify that the person in question is Mary Jane born 1/1/1970 in Texas, but there's no simple way to verify that mj1970@gmail.com belongs to Mary Jane born 1/1/1970 in Texas.
You would need to verify your real-world identity before losing your account which people would really hate if mandatory and nobody would bother with if optional.
Google can ask questions like what credit card providers do. They can ask questions about some of their emails, if the verified person can answer them, then they probably are the owner.
setup an alternative identity system - even state wide one. phone 2fa is extremely poor identification system - it's convenient, but that's pretty much it.
Google employs the smartest minds on the planet and also have full insight on how Google works and what tools they have, so it shouldn't be hard for them to come up with a viable solution I believe.
The problem is almost impossible to solve. When a person has forgotten their password, lost their device and doesn't have 2fa recovery codes in hand or a recovery account set up, there is no way verify the identity of the user. Real-world identity is not linked with the account, since many goverments don't provide an online identity service (and even if they did, the people in question probably wouldn't have digital IDs either). Moreover, any manual processing is prohibitively expensive and vulnerable to social engineering attacks.
I think it is a good question that isn't well answered by "they are smart so just figure it out".
Credential stuffing is a big problem. It is a really big problem for email accounts, which often are all you need to reset a password for other critical accounts. 2FA, even SMS-based 2FA observably reduces the rate of account theft. 2FA also fundamentally requires access to some extra thing that you posses, often a computing device. So it also adds friction and can lock people out (as can losing passwords). I think in part because 2FA appeared later, we seem to be okay with people getting locked out of accounts if they lose their password but not okay with people getting locked out of accounts because they cannot access their second factor.
Library computers are also untrusted devices. They are also not the only untrusted devices that people want to use to login to their accounts.
As for solutions.
Printable access codes are supported in gmail. This is a pain to do over and over but does permit 2FA without any additional computing device. You can let people disable 2FA (which is possible), though you can expect another letter pointing at the suffering this causes and arguing the opposite.
You could enroll the library in a "Bob uses this library to authenticate, don't ask for 2FA here" mechanism that does not use cookies but I'm not sure what this would actually be given that the library is deliberately resetting state on the machine after each session. Perhaps there is some acceptable state that the library could keep around? A solution in this vein requires coordination between email providers and libraries but is maybe the most promising approach. Or you could do something like a family account that permits the librarian's account to tell gmail to temporarily permit 2FA-less logins for a particular account/device pair.
You could recognize that 2FA most protects against stuffing and not let people choose their own passwords to guarantee uniqueness, but I suspect you'll get an equal number of people who fail to remember their long password of random characters and get locked out, leading to a similar letter complaining that Google is harming people who need memorable passwords.
HackerNews is a collection of brightest minds of software engineering who all know better than incompetent Googlers. So asking for how the brightest and bestest of HN engineers handle these security cases is educational for everyone.
It's indeed proving very educational and insightful so far. Several of us are convinced that Yubikeys will solve all their problems, which makes it evident that we have not read the letter. A majority of us are bashing on Google for other reasons.
I'll print out all the comments and forward them on to the Free Library. The next time a patron gets stuck, the librarian can read one of our comments out to them.
Yeah but we can't expect them to be able to handle a problem that ( checks notes ) many other kinds of business have been solving since the earliest days of commerce.
I was a gmail user since gmail was in private beta 18 years ago. I never had a phone number associated with it. And yet two or three years ago when I tried to log in Google decided to just... not let me do that, because fuck you, and started extorting me to give it a phone number. If I don't give it a valid phone number it won't let me access my email. But I can't really do that because, you see, I don't actually own a phone number.
So now I'm essentially locked out of my almost two decades old email account, for no good reason whatsoever except the fact that Google is a bully. Fortunately I've long since migrated to another email address on my own domain as my main address, so it doesn't really matter.
Do not depend on any Google-provided service. They don't care about you, and they will screw you over sooner or later. You're just a number to them. Most importantly, pay for any critical service you need (like email). Do not wait until it's too late. Do it NOW.
It's not just Google, many corporations are starting to make "assumptions" about their customers, and these assumptions totally exclude entire groups of people.
A great example I use is there are a ton of restaurants and fast food places around me. I used to walk to get lunch every day but eventually had to stop, these places realized most customers went through the drive through so they closed the lobby. Now even though this place is a 5 minute walk from me, it's no longer accessable if I'm not in a car.
Same thing with my TV and Router, both of which required an app to just setup. The TV required an internet connection to "activate" and I realized that if some family saved up and bought this TV but didn't have an smartphone or internet connection, well they just bought a $500 brick.
And that's why authentication standards like FIDO scare me. To me it almost seems that the standard was written by a bunch of out of touch tech bros thinking to themselves: "Well of course EVERYONE has a phone these days"
> A great example I use is there are a ton of restaurants and fast food places around me. I used to walk to get lunch every day but eventually had to stop, these places realized most customers went through the drive through so they closed the lobby. Now even though this place is a 5 minute walk from me, it's no longer accessable if I'm not in a car.
I think this may have to do COVID and then staffing shortages creating a necessity rather than a active business decision. It would be ridiculous but couldn't you walk through the drive through? (I probably wouldn't do it either but I can't really think of a reason you couldn't)
I think this may have to do COVID and then staffing shortages creating a necessity rather than a active business decision.
There's a Starbucks near me that was built as drive-through only. Where there should be a lobby, it's just blacked-out glass and a door for the employees to enter through. Makes the whole strip mall look really scary, especially since vagrants sleep in the doorway.
I assume it's for commuters, which means all Starbucks contributes to the neighborhood is traffic and crime. Thanks, Starbucks!
It would be ridiculous but couldn't you walk through the drive through?
I used to do this all the time when I was a kid, but more and more places won't serve walk-ups at drive throughs. They claim it's for safety, hygiene, insurance, or whatever the excuse-du-jour is. They just close the window and ignore you.
I've been turned away more often than not by restaurants (of a variety of brands) for attempting to walk/bicycle through the drive-through. I have no idea if it's corporate policy, franchise policy, or incapable exception handling by staff, but the de facto result is that no, you can't reliably go through a drive-through without a motor vehicle (I assume they allow motorcycles, despite that I can't see at all what the functional difference between a motorcycle and a bicycle is from the perspective of a restaurant drive-through).
A lot of places won't let you do that for safety/liability reasons. And it's not a completely nonsensical concern, there are often multiple blind corners, people driving way too fast for conditions and only looking for other vehicles.
I walk through drive-throughs regularly. I don't even get particularly odd looks like I'd initially expected. These include both fast food and bank/ATMs (or a teller at the other end).
Walking through a drive-thru probably becomes an insurance and liability risk; and depending on local laws, it might be seen as a pedestrian entering traffic.
> The TV required an internet connection to "activate"
I’m a huge fan of shoving crap like that back in the box, and returning it DOA. The soulless bastards that built it don’t know if I’m computer literate or not.
> Same thing with my TV and Router, both of which required an app to just setup
Off the top of my head, both Xfinity and Google Home have this problem and it aggravates me to no end. I can reset my gateway from my PC but for some reason, *need* to use my phone to manage Xfinity or any of my Nest routers
This is a great point. My wife and I were attracted to the Google Pixel lineup because they advertised unlimited original quality photo storage through Google Photos. Well they reduced that to just unlimited "high quality" a year or so ago, and I broke my 3A a few months ago. Silly me forgets that newer Google Pixels don't have unlimited photo storage at all, I buy a 5A, and all photos/videos get uploaded to Google Photos and count against my quota. Even though Google technically isn't in the wrong here, I've always felt like I got a rug pull.
Librarian has updated the document to say this issue was resolved and overblown:
STOP EMAILING ME AND CALLING THE LIBRARY ABOUT THIS
This was shared without my permission. This was not supposed to be public. It was meant to be shared internally to Google. It was not an open letter. It went directly to the security team and we had a conversation about it and it’s over. This is from well over a year ago and we no longer are having this issue as often as before due to various improvements.
Please delete this from HN. You are essentially DDOS’ing my work email and the library branch phone number making it very difficult for us to perform our duties as civil servants today.
I do not know how this made it onto HN. Someone must have leaked it. If they need to work that out internally then I’m leaving this here for their reference. But I do not want news reporters or random HN readers contacting me or the Free Library over this.
> More than all the antitrust regulations being thrown at Google, I'd like to see regulators force Google to provide users customer support.
I would recommend a $5/month email service. It would be nice if free Gmail gave even more free stuff, but only a paid for service can really expect paid support staff.
Having said that, this seems like a terrible idea from a security perspective. There may well be no way to design a service that is resistant to social engineering and lets you unlock your account via a phone call.
*While the social engineering concern is a valid one, I suspect that Google's original reasons for not providing support were not opsec related.
Google's 2FA system combined with their lack of support terrifies me as a security-literate user. Here's one example: I was traveling and signed into Google from a new location. Google prompted me to verify myself via two-factor auth, and the only method they allowed me to verify by was by opening up the Google app on my iPhone and by confirming the provided number. I tapped "try another way", and gone was the option to verify via authenticator app.
I'm lucky that I had my phone on hand but I was dumbstruck. What if I lost my phone? I'd be screwed, locked out of my account with no way to fix it, even after following the best security practice of enabling 2FA via authenticator app, because Google took it upon themselves to say "screw your choice of security, open our app on the phone" (also, thereby coercing me to link my two devices to my ip address/location for analytics/targeting reasons, I'm guessing).
I could have done everything right and still gotten locked out of my account.
Google does nothing, nothing!, without it being an attempt to track you. And the golden of tracking, is your real id and real location.
Even if the initial push for 2fa was security, by dev#1, you can be positive dev#2, 3, 4, xxx, 100 came running, and thought "tracking".
Google owes everything it is, to being the sleaziest, sneakiest, slymiest company they can be.
If the internet is an information highway, google is a van, stopping, and asking your kids if they want candy.
Were google a business in your physical neighborhood, tracking people as they do, they'd end up with a molotov cocktail through their window. No one would abide such behaviour, but the average Joe has no idea, and cannot understand, and thus, does no object.
Google is doing to our society, what the new settlers to North America did to Native Americans. Offer them beads, and plets, in exchange for riches, using our own ignorance against us.
Google is a primay example of the "slippery slope". They were given an inch, and they took us out back, and beat us with a 2×4.
If you trust your business to google, you're nuts.
And to the comment I replied to, yes, it is all for tracking.
Edit: yes OK I admit I don't like Google, just to ensure my bias is clear.
> Google Workspace Standard Support—Standard Support is included with your Google Workspace license. It provides support with a 4-hour service-level objective (SLO) for P1 cases. If you're interested in faster response times and additional Support services, Enhanced or Premium Support might be a better fit for your business.
A good question is what does P1 case means. Locked out of email or "sorry Google, I just wanted to say your global email network is down, when it's gonna be up?"
only a paid for service can really expect paid support staff.
Why?
You make it sound like Google is a pauper, doling out free e-mail accounts and not making any money off of it.
Just because it's not billing your credit card doesn't mean you're not paying for GMail. You just pay for it indirectly through advertising.
If only a paid service can expect paid support, then how does Google make hundreds of billions of dollars every quarter? If GMail wasn't making any money, it would have been shut down years ago.
Even at Google's scale, they cannot afford to provide high-touch tech support for 1.5 billion users. The fact Gmail is possible is partially due to their ability to scale low-touch tech support for free by supplementing the cost from other sources and, sometimes, just providing best-effort support.
(Remember, the cost isn't "How do we field calls from a fraction of our 1.5 billion users," it's "How do we tell whether that phone call is an actual user, or just an attacker treating our phone service as yet another attack vector?")
Keep in mind that all three of these companies provide support primarily to customers who have paid them. If you are on the phone with Apple about being locked out of an account, you have likely spent at least several hundred dollars buying their devices.
Apple has a full order of magnitude fewer iPhone users than Gmail accounts. I'm pretty sure, unless I have misunderstood, that acquiring an iCloud email account requires ownership of a physical Apple device... If you're suggesting we should back-stop this problem of marginalized users losing access to Gmail by subsidizing the homeless or elderly to own iPhones, I don't think it will work.
Amazon is similarly an order of magnitude fewer users than Gmail accounts (and tends to address this issue by pushing the hard-to-address auth problems onto the seller... There are known exploits for just pushing exorbitant costs onto the seller via buyer fraud). Amazon has a couple hundred million customers... Gmail is in the billions.
I am, perhaps, just simply old enough to remember when not everyone could have a Gmail account. Low touch customer service that works 99 plus percent of the time was necessary to open the floodgates for free. I have never seen a practical explanation of how to scale providing the service otherwise. There's room for improvement, but (a) every simplification of authentication must be balanced against how it can be abused to steal accounts, and (b) I cannot conceive of a solution that would rival high touch customer service, and that scales to the billions. If one exists, I look forward to being extremely pleasantly surprised (having myself been on the receiving end of losing my phone while away from home for an important event: yes, it really sucks, Google's trust model is they trust you zero without some corroboration if all you show up with is the password). But I've watched them hammer at the problem long enough to suspect it's uncrackable at the billions-scale.
That's a pretty [citation needed] assertion. Again, we're talking a risk surface stretched across 1.5 billion users. There are few architectures of that scale in existence today; we're talking Chinese government, every-bank-on-Earth numbers.
I'd be interested to see a workable solution but, to-date, I never have.
I remember being *stunned* in a positive way by Google's out of the box thinking back when they *invented* "self-service" account management, aka "no phone support provided". I thought that it was a brilliant move and that this little search company was really going places.
I hope I might be forgiven for failing to anticipate the consequences for our least affluent sisters and brothers.
I am now of the opinion (for many, many reasons) that human-interactive customer support is a mandatory cost of doing business when your business is materially important in the lives of the customers (both paying and not paying customers).
That Gmail is "materially important" is well established already, yes?
There are legal requirements of banks carrying enough PII on a person to reliably unwind an auth attack (and also to send the cops after them if they are the ones who commit fraud).
This would be one solution. But it would require Google to hold significantly more PII, explicitly, on every Gmail user than they do right now (and make the process of opening a Gmail account take a bit of time, like it does at a bank). This is one of the better suggestions I've heard, though it would threaten the integrity of the existing 1.5 billion accounts unless Google grandfathered them into a "low-identification" status.
You're missing the point. When a poor tech illiterate person signs up for an email account, they probably don't consider if they will someday need phone support to recover an account. They will choose a free account over an account that costs $5/month that they don't have. And that assumes that they even know about the paid email services. For a lot of tech illiterate people email and gmail are synonymous.
Ironically I just wrote[0] about my experience moving from Google to Zoho and, despite the slightly sub-par experience with Zoho, I'm happier now because there are actual human beings at Zoho that I can talk to when I run into a problem. I pay $1.25/mo for peace of mind.
Haha, google doesn't provide good customer service for able bodied, so they provide the equal service for disabled.
Big tech needs a reckoning from consumer protection. Oh wait, those laws and the government agency were gutted. Nevermind.
Being a relatively new parent, the lack of consumer protection regulation in things like kids apps, youtube ads, and similar is APPALLING. I recall from my youth TV programming was highly regulated, arguably a bit too much, but at least the advertising industry had to stay within bounds.
App and youtube ads are the wild west, especially freemium games using any and all addictive mechanisms to extract money from kids and their parents.
Aside from that, big tech can't have it both ways. They can't be major providers of "cyberspace" services and provide no means for customer service or protection from their security automated services locking out someone. Why this isn't subject to large civil penalties, massive class action lawsuits, and even criminal violation of federal law is beyond me.
Terms of Service can't cover all of those, but then again, I haven't read them so...
Online services are steadily gaining importance equal to things like banking. Can you imagine a bank locking you out of your accounts and providing no means to get YOUR MONEY? Well, replace money with information. Why can't you get access to YOUR INFORMATION?
I understand the ToS providing the rights to analyze and use YOUR INFORMATION as part of the service, but we need federal legislation equal to the EU laws that I think do a better (but from what I can tell incomplete) job of delimiting the rights you have to YOUR INFORMATION.
Actually one simple act would bring US tech to its knees. Just changing terms of incorporation retroactively so that a percentage of individual share holders must vote in board elections not by proxy.
What we are seeing is a symptom of the system of corporation government that is unbalanced by design wrought in hell.
This comment does raise a serious concern. The primary reason why cell phone numbers are bad for 2FA is sim swapping, which can only occur because there is a customer support rep who can fall for it. Email is largely immune to that right now because customer support generally cannot let you into an account you locked yourself out of.
This isn't to say that this is an unsolvable problem, it's not, but it's definitely worth talking about.
I'd like to see the Post Office (in the US) get involved.
Post offices are geographically ubiquitous, already deal with identity verification, and already have to maintain the trustworthiness of their workforce.
I'd like to see a system where (a) an account [whether GMail, Facebook, Schwab or Bob's Online Pet Food Mart] can be tied to a real-world identity and (b) when you lose access, you can go to the local post office to verify your identity and get a one-time recovery token for a given account.
If the US weren't pathologically schizophrenic about actually providing service to citizens, the post office would
(a) still be a government agency, not a wholly-owned subsidiary,
(b) already provide email via government servers and clients in kiosks at the post office (and the personnel to staff the service and handle high-touch troubleshooting) instead of relying on private corporations and organizations to be the sole providers of what has become a necessary service, and
(c) provide basic banking services, knee-capping the payday lending and check-cashing industries.
Google already has the ability to generate one time use recovery codes, at least for gmail accounts -- not sure if it is generally integrated into their Authenticator app. You could generate some recovery codes and put them in a safe deposit box or something I guess.
This sort of solution (and your post office idea) can be, but they don't satisfy the last resort customer service role, for people who haven't set these kinds of recovery options up.
This IS the reply Shelley Rosen needs to see, understand and impart to her patrons. It does not cost anything, it is secure and it works.
I feel 2FA is a class libraries should be teaching. I am off to my local library to volunteer as a resource for that specific purpose. Anybody going to join me at their local library?
I was going to make the recovery code comment myself, but instead I did a search to see if anyone else had done so.
Kudos. If would vote this comment to the top of the discussion if I only could. IMO it should be (part of) a PSA.
This is all well and good if you've got a smartphone with Google's authenticator or have a safe deposit box. The people using a library for Internet access don't necessarily have access to either of those things. They also may have had access at some point in the past but no longer do.
I understand, and agree with you, but at the same time, a HUGE number of people don't have that identification. Many homeless people that could qualify for services struggle to prove who they are, and that they are able to receive it (especially vets) because they have lost their ID, have no idea where their birth certificate is (or marriage license), and have no home to show multiple bills to that address in their name.
At some point, though, the solution doesn't become "make it possible for anyone to access any account without any proof of identity", it becomes "make it possible to live in society -- receive medical care, eat, be sheltered -- without any proof of identity".
Proof of identity should be a government function, and that we likely have millions of people in the US with no way to prove their identity has real-world consequences beyond the flaw in my post-office-account-recovery-scheme; it affects access to benefits, as you said, as well as voting and being able to even prove your citizenship. That should be fixed too, but I'm not sure we can do any better for internet identity verification than the post office fallback.
Hard agreement with you here re: the USPS being involved in this kind of stuff. They are uniquely capable of being a major identity and trust provider. I'd love to see a PKI administered by the USPS. I'd love to get 2FA tokens issued by the USPS.
It certainly beats having to send an email to a faceless "support" address that ends up sending me the same 4 boilerplate questions when I try to figure out why my business locations' rule-compliant map listings were suspended from My Business even when I spend $15k per month on Google ads, sure. It hurts my business (there hasn't been a resolution since when the issue arose four years ago), but it's not nearly the hurt that the folks the librarian is helping are feeling.
Maybe, just maybe, if people are sobbing, maybe there's a good reason why! And maybe, just maybe, if you don't want to receive such support, you can advocate for a system in which you could opt out of all such processes entirely, instead of arguing that any form of account remediation shouldn't exist.
They could preauthorize a random token amount on credit card with matching details, have you call the number on the back of your card to figure out that amount and then you have to input that number to authorize the access in an oath like flow.
Please tell me if you see something wrong with my procedure?
edit: I saw something wrong, I have forgotten about the vast unbanked population in the rest of the world as we don't have that problem in Canada¹
As with every other "simple solution" to a complex problem there are a few flaws:
a) google will have to require a credit card in order to open an email
b) person opening an email account must actually have a line of credit, e.g.: many of the people mentioned in the OP will not have it
c) opens a new attack vector on google accounts, e.g.: people who secured their emails using 2FA app for example can now be attacked via a credit card process
but you already know what will happen next, don't you? People would stop using 2FA, then some donkey on government contract with access to nuclear weapons gets hacked, and everybody would lose their mind: "how could google be so stupid to allow people not use 2FA?!?!?!"
I don't know if you are being sarcastic or naive here... Why would Hillary use her own email server for critical government correspondence? I don't know! Reasons I guess. People on all levels tend do stupid stuff every once in a while
Customer support is a cost sink that usually isnt empowered to do anything. Its more PR tactic to make people feel they are "heard" without resorting to twitter.
In the email/business apps space, google is clearly not a monopoly. Presence/quality of customer support seems a very reasonable grounds to have normal competition over.
Too bad. If you have a business (and Google is a business) that goes business with the public (which Google does), you should offer some form of customer services. It's what we human beings call "the right thing to do."
Yes, customer service costs money. It costs money for the dry cleaners, the restaurants, the banks, the car washes, the design firms, and every single other company on the planet. It's a basic part of the financials of running a business, and is called "cost of doing business."
Imagine if Google's vendors stopped offering Google customer service. Janitor didn't show up today? Well, clean your own office toilet today, technie. Surely, there's a YouTube tutorial for that.
Just because Google's a "tech" company, people on HN pretend like it's OK to not provide customer service. Bullshit. It has billions and billions and billions of dollars that it can throw at the customer service problem, but it doesn't for one simple reason: Greed.
How about the restaurant down the street maximizes its shareholder profits by not honoring your reservation? How about the dry cleaner optimizes its workflow by only being open three minutes a day? How about your kid's school right-sizes its workforce responsibilities by kicking your kid out on the street when you got stuck in traffic and couldn't pick him up at the exact moment the school bell rang?
If Google is so wonderful, full of so many smart people, then how come it can't solve its customer service problem? Ignoring the problem isn't a solution. You can do better™.
The need for unbounded growth is not a valid justification for not acknowledging humans.
Now, I'm not sure what would be the solution. Regulation requiring some level of support? "Right to talk to a capable human" or somesuch? Sounds a bit arbitrary. In the meanwhile, I'm trying to un-Google myself and use more respectul alternatives, as well as raising awareness in my immediate circle.
If you're not able to do business at Google Scale without providing human support (and similarly, not treating support personnel like absolute garbage, as we see with call center operators for ISPs and whatnot), then maybe you just can't operate at that scale?
This goes even further: things like free-to-play games that use psychological manipulation to culture addictive personalities and whatnot seem ethically wrong to me. If your business model depends on absolutely fleecing vulnerable people, then maybe it shouldn't be viable?
I guess the base premise is I don't think companies should "have the right to make all the money in the world".
To be clear, I'm not advocating for the solution above, but I sure believe the problem described _is_ in fact legitimate within my morals.
In the physical goods world, there is no company that is allowed to dump products onto market and pretend like their customers do not exist. If their product cause harm to the consumer, their products will get recalled or they'd get sued.
Google has somehow allowed itself to infinitely scale their users but also infinitely shrink their liabilities/duty by binding all users to their ToS which foists arbitration on all of them.
My position is that google is subject to the same laws as physical goods companies, and held to the same standard as they are for product recalls. No more, no less.
I do not claim that some sort of utopia of ultimate consumer protection exists. It does not for google, nor for physical goods companies.
> Yeah, lawyers are just lining up to represent those homeless folks, elderly grandmothers, and people who just don't get tech.
Represent them for what precisely? The tort of not providing a good user interface?
I don't think wealth has much to do with the lack of google being sued here. Wealth may buy better lawyers, but it doesn't create grounds for a lawsuit out of thin air.
> Clearly you've never been poor.
Life often sucks and is not fair. It is not google's responsibility to eradicate poverty
The librarian's letter that we're commenting on describes many concrete ways in which people are getting harmed and google getting away with doing nothing.
> Imagine if Google's vendors stopped offering Google customer service. Janitor didn't show up today? Well, clean your own office toilet today, technie.
At their scale, this exact scenario happens all the time. The back-stop is that Google chooses to stop doing business with unreliable service providers.
This is also an option for Google users. Gmail competitors are just a click away.
If Google is not satisfied with the level of cleaning in their buildings and fires the custodial contractor, they don't lose access to their buildings because the janitors walked away with the keys. When people start using Gmail, they don't expect to someday lose access to their online banking and utility bills and all the rest, and by the time it does happen to them and they decide to look for a competitor, a lot more damage has been done due to missed bills, etc. It's not as lighthearted as, "Oh, this burger tastes bad, guess I'll go to a competitor's burger shack." If regulation improves the terms the users agree to so they have some way to get reasonable help from customer service and Google finds that too expensive, they can either charge for Gmail or shut it down.
> they don't lose access to their buildings because the janitors walked away with the keys
... You are actually ascribing a larger amount of have-their-shit-togetherness to Google than may be strictly true. Without telling too many stories that aren't mine, I'll say "Usually. They usually don't." ;)
But to extend your analogy a bit... Google doesn't lose physical access to their headquarters because security is not a third-party vendor. They keep the mission-critical stuff in-house. That would translate, analogously, to individual homeless or elderly people running their own mail servers (infeasible)... Or, perhaps, libraries running mail servers and providing accounts for patrons tied to their library cards (might be actually, maybe, feasible?).
> When people start using Gmail, they don't expect to someday lose access to their online banking and utility bills and all the rest, and by the time it does happen to them and they decide to look for a competitor, a lot more damage has been done due to missed bills, etc.
You're absolutely right, and the back stop is almost certainly to make people aware of this very significant risk factor in using Gmail instead of alternatives.
> If regulation improves the terms the users agree to so they have some way to get reasonable help from customer service and Google finds that too expensive, they can either charge for Gmail or shut it down.
If such regulation is impossible at the scale of serving 1.5 billion customers, which I assert it is until somebody can provide a practical road map for getting to that scenario, then your recommended remedy for "Gmail doesn't work reliably for a subset of its users" is "Deny its benefits to all of its users." That seems strictly worse than a solution where we encourage people to be conscious of their risk tolerance before signing up for service with a company that can't guarantee they won't get locked out of their account with no easy method to unlock it.
> Too bad. If you have a business (and Google is a business) that goes business with the public (which Google does), you should offer some form of customer services. It's what we human beings call "the right thing to do."
Lets pause on that thought.
Why is there a moral imperative to offer customer service (provided they dont misrepresent that they do)? What is the basis for a moral obligation?
Its not like there is a line in the bible saying "thou shalt offer tech support". Admitidly im not convinced by religious arguments, but i dont see any more modern moral source either.
> Imagine if Google's vendors stopped offering Google customer service. Janitor didn't show up today? Well, clean your own office toilet today, technie. Surely, there's a YouTube tutorial for that.
That's not really a customer support inquiry. That said, one of two things happen - either they are ok with it, or they are not. If they are not they negotiate other terms or hire a different cleaning company.
I'm not saying you have to like google's policies, just that its not unethical for google to have policies you don't like.
> Bullshit. It has billions and billions and billions of dollars that it can throw at the customer service problem, but it doesn't for one simple reason: Greed.
Wait. Are you telling me that a private corporation in america is trying to maximize profits? The horrors. I would have never guessed. What next? Is the sky blue?
> How about the restaurant down the street maximizes its shareholder profits by not honoring your reservation?
A) that action does not maximize shareholder profit.
And b) its wrong because they promised something and didn't deliver. The sin is in the reneging.
If google promised customer support and didn't deliver, that would be wrong. But google didn't promise customer support.
> How about the dry cleaner optimizes its workflow by only being open three minutes a day?
Sounds like a shitty dry cleaner, but i fail to see the ethical issue. If the dry cleaner doesn't meet your needs, don't use it.
Quite frankly, i think this entire thing reeks of entitlement. Just because someone offers to sell you a service, doesn't mean they have an obligation to provide it in the fashion you want. Their obligation is to not mislead, and be honest about what they are offering. Maybe what they are offering works for you, maybe it doesn't. If it doesn't dont do business with them.
> If Google is so wonderful, full of so many smart people, then how come it can't solve its customer service problem?
Because they don't want to and there is nothing wrong with that.
> You seem to be working with a different definition of "wrong" than the rest of the planet.
How would you define it then?
I know this is sort of a trick question, as defining morality is something moral philosophers have struggled with since forever.
Generally though, i think that if you give something to someone for free, you're not responsible to teach them how to use it or make it accessible to use (Unless you promised otherwise).
e.g. We don't think Linus is responsible for teaching a course on how to use Linux.
> There are people becoming homeless and losing government benefits because of Google.
Is it really because of google? I would think the primary party to blame here would be the government that seems to insist using email to communicate about benefits. This seems highly inappropriate given the audience they are trying to serve.
> Either you didn't read the letter, or you are a deeply amoral person who should seek professional help.
You can be sympathetic to the situation without thinking google is at fault here. Or alternatively think the situation is really sad and unfortunate but think that imposing a duty to provide support is a bad solution.
Hm? I'd say about 80% of calls I make to customer service accomplish the goal I have (canceling something I can't cancel online, doing some kind of "identity verification," etc.).
Does it have to be a cost sink? Charge $20 every time you have to field a support call and you fund your call center while also killing the expected value of scammers trying to spoof their way in. And that’d be a pretty easy sell for a public assistance fund for situations like the librarian deals with.
!!! PSA : I emailed the author of this this morning while on the toilet and got an email back thanking me for my kind words, but ALSO made it very clear that this was meant to be PRIVATE communications between her and Google, and that it was never meant to be posted here or elsewhere, ESPECIALLY with her private contact information exposed and she has very politely asked that people stop sharing this with her PRIVATE INFORMATION for all to see. She said all the incoming communications are essentially DDOSsing her servers at work and make it hard to do her job.
Idk if mods or anyone wants to do anything about that, but yeah we have a case of someone being doxxed here, and even without malicious intent - its causing her issues in her day to day life.
New heading on the doc. Please don’t try to contact the author. Quoting:
STOP EMAILING ME AND CALLING THE LIBRARY ABOUT THIS
This was shared without my permission. This was not supposed to be public. It was meant to be shared internally to Google. It was not an open letter. It went directly to the security team and we had a conversation about it and it’s over. This is from well over a year ago and we no longer are having this issue as often as before due to various improvements.
Please delete this from HN. You are essentially DDOS’ing my work email and the library branch phone number making it very difficult for us to perform our duties as civil servants today.
I do not know how this made it onto HN. Someone must have leaked it. If they need to work that out internally then I’m leaving this here for their reference. But I do not want news reporters or random HN readers contacting me or the Free Library over this.
I hate, hate, hate how so many web services have started to force 2fa on us. I have many accounts that I don't care that much about and I use bitwarden so it is extremely unlikely that I will get hacked and if I do I don't really care. Still, they force me to open my email account every time I log in because my cookies or ip address do not match my last login so I can input a stupid code. Big offenders in this regard are google, amazon, twitch, outlook, twitter (rarely). I know 2fa exists. If I don't enable it it is because I don't want to.
Yes, this one is a bit of a grey area and I'd love to hear dang's opinion on it, but personally based off the user's EDIT I have used my "flag" on this post.
You don't really need dang's opinion to flag unclearly-sourced outrage stories. There are much better places for them to be verified. It's a good idea to do that well before they potentially affect someone badly.
I quit gmail 10 years ago because of this fucking bullshit (which mainly was brought to status quo by people like HN users and programming blog posters for the last 2 decades).
This is a direct consequence of garbage cultures that have been left uncontended:
- UN*X, for not providing sane protocols that anyone would want to use (email is garbage in the first place. aside from the other 10000 problems with it, you should be able to generate addresses on the fly for each contact you interact with, which also solves spam and removes the need to have a "super smart" central "trusted" server with spam filter created with 10000 man hours of work that you can never create yourself). SQL injection was a UN*X braindamaged phenomena; no sane protocol would require embedding strings in the concrete syntax by hand, except when you have a bunch of idiots following the "everything is text" and "text is the lowest common denominator" mantra
- (continued) The email end game from the beginning (due to the spam problem) is that anyone who tries to make their own email provider will be blocked temporarily or permanently. There are already only a few remaining email services in existence. Due to UN*X braindamage, your email address is tied to a domain name, which will also be blocked as this is the natural meta of such a system: Admins get to look at the pointless string at the end of your address and decide if they don't like a substring of it, or only allow a set of known domains. Of course, if a sane protocol was in use, your address would just be a long string of meaningless bits and there would be no location or English word to discriminate on.
- Webshit, for allowing corpos to create interactive nonsensical applications instead of forcing them to use well established protocols with static pages describing the address of said services. Why in the hell can a website run code? Immediately the first thing I thought of when I heard of that was, "oh but wait what about all the stupid people who will make crap code that will freeze your browser?". This is such a terrible nonsense idea. And all the web standards are crap too. The web is a relic like Flash player.
- Infosec, for floating this idea that the user is an absolute idiot, and cannot be trusted to manage his credentials, not even with an "I'm an infosec expert, opt me out" option (ironically, anyone in infosec probably _can't_ manage their credentials). The only reason they are partially right is because of UN*Xy practices which make the most trivial tasks insecure (for instance, you could just dump the database of 99% of websites between 2000 and 2010 due to SQL injection, so for casual/lazy users who use the same login on multiple pages, you could login to all their services).
- Login voodoo, this started with "frequent flyer number" bullshit, where you could never tell if someone could use your stupid questions to get into your account without your password (they could), and password reset, which means your email address is essentially the public key for your account, and stuff like the Steam vuln where you could literally just press "i forgot my password" and it would let you into whatever account you wanted
- Hyperstatism, the narrative will eventually shift (if it hasn't already) to "you have to have a complex login mechanism because you need to be identified [by cell phone, government ID]"
This thread is a good example of how you are all helping nothing. We need real solutions to technical problems. Not solutions for people who don't know how to do anything properly. We can trivially have a cell phone that stores private keys, and public keys of other people and maps names to them, and is trivial and intuitive to use by lay people, but instead you will pander the dumbest possible thing like "biometrics", or some other forced 2FA crap, because poor people are supposedely too stupid to use anything else, like even a simple password which would still be better that what companies like google do. That's not how it works, you implement a PROPER solution and let the user friendly amendments to it trickle down. We even see now the capability folks reusing UN*X and javascript, the two worst OS and language to try and appeal to get uptake of their projects. Literally no solution the hacker has put forth today solves the problem, they just want to pander to specific nonsense that makes them feel pragmatic about themselves.
She/her covers 3 of the 4 you mention, and the fourth form always ends in an s. So it's not really necessary to hit all 4 in a signature line.
Additionally, the common pronouns (he, she, they) only really need a mechanism to tell a speaker which set to use - "he/his" is a label for a set, not the set itself.
For neo pronouns, I agree, it's probably best to lay them all out to reduce ambiguity.
I used to work as a librarian and ran into the issues the author writes about. Less than she did - but it being a community that skewed older I have plenty of experience shepparding older and/or low income individuals through basic online tasks such as applying for unemployment etc. If you have never done this kind of work then it is very easy to take for granted how low the baseline technology competency of certain folks is. Telling someone they will need a working phone number, a password, and recovery codes to access their email when "it used to just work" will simply not fly for them.
This side steps the issue that often these are scenarios where the patron is already locked out of their account and coming into a library as a last resort - so lecturing them on backup codes will be of no avail.
To give a sense of the level of tech literacy samsa is talking about, I've had to teach multiple people how to use a mouse and keyboard + had to explain to dozens of people that the icon called 'Internet' on the library computer will let them go to Facebook just like the 'Internet Explorer' icon at home or the 'Facebook' app will.
Obviously, it would be better if Google would do something, but they won’t. A temporary solution could be something like a sign that encourages people to print out backup codes and the librarian could help them with it. Maybe the librarians could even store them in a folder and retrieve with ID. Not saying these are good solutions, but they could maybe help a bit.
You do not need to enable 2FA to be affected by this issue, so IIRC it is possible you never received the 2FA backup codes to begin with. "Suspicious" logins will prompt 2FA from your connected phone.
Something that I don’t think has been mentioned yet is that Google requires a phone number attached to every account (not just a 2FA method). This is to prevent scammers from making an infinite number of Gmail accounts. (With a max of 5 accounts per phone number if I remember correctly.) This means that people without phones are unable to even set up an email account—backup code or not.
And this is more likely to happen to the poor since they're going to have Lifeline Assistance phones, which are all shitty Android phones. (I had a couple and keep them as burners but they're crap.)
My father was a statistician and programmer for most of his career. He's switched to a new gmail account three times, at least, when he couldn't remember a password.
So, no, nobody has printouts of backup codes except the people who are already aware of Google's reliability problem.
This is great, until you're locked out of a service that you actually need, and the only password-reset way is to send a reset link to the e-mail account she never uses anymore.
I wish that Shelley had co-written this letter with either a tech employee or a more tech-focused librarian. The problem that she mentions is real: I've worked in her position and can confirm. But the way the letter is written makes it clear that she's not very familiar with the tech industry or how things are developed.
If I were a Google engineer, this would read like one of dozens of pleas we get constantly to change X, Y, or Z for some small portion of the served population. And software devs in general find those demands annoying, particularly given some of the language that Shelley uses.
I think this would have gotten more reach and been better received if Shelley had a co-writer that acknowledged the reasons for 2FA from a security standpoint and emphasized the trade-offs that are being made + suggest other security measures. Likewise, having someone with a better understanding of tech would mean being able to do things like present some solutions that don't amount to "Oh most magic of Google Oracles, please fix this." Also the suggestion that they could contact her to learn about where patrons get stuck made me cringe slightly.
Basically, there's a misaimed moralizing tone throughout the letter that I think is at odds with its stated purpose, and it could have been written better, but the problem is real.
My goodness, I think you just might be lacking in empathy. I honestly recommend that you take a step back and reread what you have written here.
> But the way the letter is written makes it clear that she's not very familiar with the tech industry or how things are developed
And she should not have to be familiar with the tech industry. The tech industry's job is to figure out what the users want, by understanding what they do.
> And software devs in general find those demands annoying, particularly given some of the language that Shelley uses.
No no I hope not! I hope that engineers who possess some empathy will see a letter like this and feel their pain and feel compelled to do something for them. If someone feels nothing after reading this letter, they are lacking in empathy.
I'm a colleague of Shelley's, loosely: I've been working in libraries since 2004, a fair amount of it in public service, and my first job was literally teaching people basic technological skills in a public library.
I don't think it's 'lacking empathy' to focus on whether or not the tactics or strategies my allies are using are likely to, you know, work. I would consider it more important that the letter be taken seriously and lead to actual change than people pat themselves on the back for their empathy in agreeing. It's because I have empathy for the people affected by this issue that I care more about effectiveness than the feelings of the people reading/writing the letter.
> And she should not have to be familiar with the tech industry. The tech industry's job is to figure out what the users want, by understanding what they do.
I mean, she's a librarian. I do expect people in our profession to be able to look at an issue, understand where our experience is lacking, and seek to either remedy it or find someone with complementary skills. For a librarian to run into a problem and not act to acquire relevant information is something I (as another librarian) am pretty comfortable judging as 'unwise'.
> The tech industry's job is to figure out what the users want, by understanding what they do.
The tech industry's job is to make money.
> No no I hope not! I hope that engineers who possess some empathy will see a letter like this and feel their pain and feel compelled to do something for them. If someone feels nothing after reading this letter, they are lacking in empathy.
I would like the world to be that way. It would be great. I would feel much more optimistic!
Focusing on tactic and strategy is the opposite of empathy. An empathetic response communicates that you understand the feelings and experience of someone else. Your comment did the opposite by only focusing on your own thoughts/desires/experience. You may find it useful to research emotional intelligence so that you can respond appropriately and productively to another's emotional state.
I strong disagree. This isn’t a tech issue, it’s a poorly delivered solution that didn’t consider the needs of the users. The solution is so poorly delivered librarians are an ad hoc support team for thousands of people.
Google in particular created a moral problem by choosing to implement a security solution that doesn’t serve people who depend on the services. They have the metrics to know better, but didn’t consider the use case.
I provide services to users in these use cases. It’s very possible to serve them in a way that is both secure and respectful to humans.
I honestly can't remember who implemented 2FA in this case first, but it's not only a Google problem. People also end up locked out of their Yahoo and AOL accounts fairly regularly.
> The solution is so poorly delivered librarians are an ad hoc support team for thousands of people.
Well, yes. We're also expected to be teachers, social workers, etc. Everybody has been outsourcing/dumping the unprofitable work on us for decades now, why would Google and other tech companies act any differently? It's a problem that goes deeper than Google and the tech companies; it's a general assumption that infrastructure design can ignore the worst off parts of society and that people like volunteers and librarians will step in without considering whether or not we have the capacity for that as a society.
I just think instead of 'Google, fix it', it would have been wiser to make clear that this is a general problem (not a Google specific one) and to suggest things like partnerships between the GMail team and the PLA, etc.
I'm saying this in the spirit of 'yes, we need to take this territory but maybe a cavalry charge isn't the best way to do that given the other side has machine guns'.
yikes. old poor people are having their lives upended because technology has infiltrated the processes by which basic business is conducted and the designers of said technology had not bothered to consider them as a real use case, and your response is "she's not asking nicely enough."
Maybe I should have mentioned I'm a programmer and a librarian, and my suggestion is one of tactics/strategy.
I care more about getting the problem fixed than the writer's feelings not being hurt, and I think that things would be more likely to change if she'd written it differently.
sure, maybe you do get more bees with honey. or more often than not you never get seen. we live in a sad era where the only way to get real attention from large companies is to embarrass them in public. this is by their design.
> I care more about getting the problem fixed than the writer's feelings not being hurt
i don't really follow how the writer's feelings could be hurt in any case. you seem to have an odd perspective on all of this.
So we disagree on the best tactics to take here. In particular, I think the embarrassing tech companies in public works when it's done by either other tech people OR it gets into the media where the bottom line could be impacted. This
That doesn't make me 'cringe^inf' or boil down my tactical critiques to '"she's not asking nicely enough'. I presumed you were attempting to call me out for tone policing, and usually the point of that call out is to protect the feelings of the person being critiqued. Or to prevent the person making the tone argument from making it for biased reasons, but as I am ALSO a female librarian, that doesn't really apply here.
> you seem to have an odd perspective on all of this.
Yes, I imagine I would. I differ from both HN's average readership and the average librarian enough that my views on things are odd. I also did some time in communications work and I can't turn that off either. It's like seeing poorly written code for me.
the call out was more in line with a general disagreement with what i saw as a tech industry apologist take. i don't think people who work in the tech industry are bad people, but if people are losing housing because of their products, inventions, or service policies, then it appears that they have certainly (possibly inadvertently!) done some very bad things and that needs to be acknowledged plainly and clearly.
no masters need to be pleased, no egos massaged (it's time for that obnoxious culture to die). they done bad and it's time to make it right.
embarrassing companies in public is an old tactic that predates consumer technology companies by a large margin. in the old days letters would appear in trade rags or newspapers to the same effect.
That's fair, that would be a decent read on the comment assuming average HN demographics. I am a librarian who was raised by hackers, so I was programming and playing around online for years before starting library work and eventually getting my MLIS. So I was critiquing her from a colleague's POV of 'this clearly isn't your area of expertise, why didn't you ask a colleague who does know this area so the letter was stronger?' I wouldn't write a letter about, say, the impact of social media on kids' media without talking to some of the children's librarians I know, since I don't know much about children's services.
Also libraries have a major cultural issue of their own, which is that they love credentialism and gatekeeping, and part of that manifests through assumptions that they and only they know the right thing to do (you'll note she suggests that Google contact her for more information rather than perform their own research or, God forbid, asking the userbase directly). Related to this, librarians, because of their vocational awe, are very, very susceptible to forms of communication that affirm their righteousness, and I see signs of that in this letter. From a communications standpoint, it's just not ideal to ask people do something by shaming them and assuming a stance of superiority while ignoring some context. That's just asking to be dismissed.
So that's where I'm coming from.
I actually greatly agree that tech culture needs to change.
> embarrassing companies in public is an old tactic that predates consumer technology companies by a large margin. in the old days letters would appear in trade rags or newspapers to the same effect.
Same problem, though. Embarrassing a company in a trade rag means that your employees are going to be judged by their peers and you're going to have a hard time hiring new employees. Using a newspaper meant that it went through some sort of editorial gatekeeping and the newspaper determined it was an issue that was likely to blow up. There were also plenty of cranky letters to the editor/opinion pieces in newspapers (especially smaller ones) that were dismissed as 'lol old people be cranky'. You have to have a strategy there.
And I think she's wrong, as another librarian who's worked in public services.
I think Google's poor implementation of 2FA is a result of misaligned incentives, unknown unknowns in the product development cycle (because she's right that engineers assume a baseline technological literacy and access that isn't there for everyone), and deeper social issues.
Lying it directly at Google's feet and implying that they made that choice maliciously rather than ignorantly (or to maximize their actual goal, which is $$$) + not noting that the bad decisions have also been picked up by their competitors makes it read more as a judgment than an invitation for collaboration/plea for help. I think a different approach would have been more effective.
I have a tactical disagreement with Shelley. No disagreement on the actual issue, which she's right is a huge problem and one I've personally encountered hundreds of times.
Librarians rock. There's even a show about them[0], Starring Number One.
I can't access the gMail account I set up, because I made a mistake, when setting the password, and did not save the one I used.
It will not allow me to access the account I set up.
After a while, I just gave up. I am satisfied that someone can't use my gMail address to impersonate me (because even I can't get it). I have plenty of other eMail accounts.
[0] https://www.imdb.com/title/tt3663490/