Hacker News new | ask | show | jobs
by hirsin 2847 days ago
What you're describing is a "cost proof" - namely that the user has something we can verify that costs some amount of money and is unique. So when the service I work on asks for a phone number verification, it's not always to determine your ID - it's to cut down on spam from users unwilling/unable to set up tens or hundreds of phone numbers, which I imagine is the majority of spammers.

Adding it to existing accounts, though, makes less sense to me. Retroactively checking that an active account can cost proof seems like the most intrusive way of doing this, particularly as part of OS login - at this point you have so many signals that you should already be able to detect the user is a spammer or not.
4 comments
userbinator 2847 days ago
it's to cut down on spam from users unwilling/unable to set up tens or hundreds of phone numbers, which I imagine is the majority of spammers.

If anything I think it's the opposite --- dedicated spammers have shown they can farm resources like accounts of various types, so phone numbers aren't out of their reach. It's the casual users who don't want to give away their phone numbers or setup a throwaway one which will be turned away.

link
hirsin 2846 days ago
Cost proof doesn't cut in for those users - it's typically only put in on the Nth new signup within X hours from an IP address.
link
comboy 2847 days ago
When logging in on hardware that they provided, the cost proof should be solved (if you are only using one or a few accounts). Chromebook could come with a private key and sign a message for google, they control both hardware and software.
link
peterwwillis 2846 days ago
This is the reason for the verification, and I'm surprised nobody mentioned it yet. When you sign up for a new account they also require a phone number. It provides a basic measure of accountability and a bot prevention mechanism.

They're doing it on Chromebooks because you're using Google's services. A Chromebook is just a Google Cloud Computer; users aren't expected to use one without using Google's services too.

link
zbuf 2847 days ago
Then it also seems especially odd to do this on a paid-for G Suite account.
link