[wyxuan]

> Google&co extort a phone number if they don't have enough tracking information about you and yandex shadow bans you (you can login, but don't receive any emails).

Uhh no. Its for anti spam. Imagine if someone created a bunch of email addresses in one go without the phone requirement. You could abuse the 15 gb per account allocation pretty easily, or you could use those emails for spamming others.

[CodesInChaos]

I have a 10 year old gmail account. Every time I log in (from a residential IP) there is a 50% chance that it'll reject me despite entering the correct password, demanding a phone number.

> Its for anti spam. Imagine if someone created a bunch of email addresses in one go without the phone requirement. You could abuse the 15 gb per account allocation pretty easily, or you could use those emails for spamming others.

That may be the goal. But it also makes using the internet anonymously very hard, since getting a phone number are linked to real names in my country.

There should be less invasive solutions, like rate limiting sending of emails from new accounts.

[nix23]

>using the internet anonymously

Use:

-Protonmail not Gmail

-Swisscom myCloud not Drive

-Neocities not blogger

-Matrix (Element) or Signal/Wire not Talk/Whatsup/etc

[AnthonyMouse]

If that was it then they would only require a phone number after there has already been a new account creation from your IP address that month, or support any number of alternative rate limiting strategies that don't have the same privacy implications.

Any website that requires your phone number is doing it for tracking purposes. Which is the same reason why you should never give it to any of them.

[ckwalsh]

My ISP gives me a dynamic IP. I could turn off my router for a few minutes and be someone "brand new". Or I could use IPv6 (if my ISP actually invested in it), and have every web request use a different IP.

The only surefire way to curb abuse is to make sure the abuse is not cost effective for the abuser. For spammers trying to make a buck, make it so it costs them more to send their spam than the value they reap from it. For non economic spammers (politics, trolls, etc), it's a lot harder, but there's always some price that it becomes not worth it for their influence/"fun". This was the approach Bernstein was trying to do, but based on the article it sounds like he underestimated the cost of storage as technology improbed.

The hard part is adding this cost in such a way that does not drive away or punish real users. An email system that costs $10/month isn't going to be used by many spammers, because any reasonable administrator will ban obvious spam and they won't get their $10 to cover costs before being shut down. But it also limits the customer pool; most people are not going to pay $10 a month of email when free services are available.

Phone numbers are definitely not perfect, but they are trying to solve the problem of "What do most people have and would not invoke any additional cost on them, but would invoke additional cost on spammers?" Yes, phone numbers are relatively cheap, but there is still some backtracing/ownership checks that can be performed, and ones from more "trustworthy" blocks will still cost a buck or so. Suddenly spammers need to make at least a $1 from the account or they are losing money.

Domains are another way spammers are often dealt with: if it costs $10 for a domain, you have to make $10 from the domain before it is blocklisted, or again, you are losing money.

I can't think of any myself, but if you have any ideas for a model with comparable high costs to spammers but low cost to real people, that fulfills your privacy expectations, I'm all ears. However, costs generally are better enforced in a more centralized model as opposed to a federated/privacy respecting model, so I suspect it will be incredibly difficult to find a solution that actually enforces the appropriate economic goals.

[AnthonyMouse]

> My ISP gives me a dynamic IP. I could turn off my router for a few minutes and be someone "brand new".

They can do the same thing with phone numbers. Buy prepaid SIM cards in bulk, use each one to create an email account, then sell them all again to recover the money because they still have 99% of the prepaid data left. This is less annoying for spammers than regular people who have to do this, because the spammers benefit from technical knowledge and economies of scale.

> An email system that costs $10/month isn't going to be used by many spammers, because any reasonable administrator will ban obvious spam and they won't get their $10 to cover costs before being shut down. But it also limits the customer pool; most people are not going to pay $10 a month of email when free services are available.

It doesn't have to be $10/month, it only has to be $10 on account creation, or $1. The legitimate user is going to have the same account for ten years, the spammer is going to lose their account inside of an hour.

The problem there is we still don't have an easy anonymous digital payments system, but requiring payment details is about as bad as requiring a phone number. In theory this is where cryptocurrency could be useful, but only if it becomes easier for regular people to use it.

You could also do similar proof of work things. For example, user doesn't want to provide a phone number? Fine, here's your email account, which can receive emails. If you want to send emails, install Folding@home or similar and submit X many work units. With email apps this could be completely automated; you install the app, your phone is plugged in overnight, the next day you can send emails.

[beagle3]

> Or I could use IPv6 (if my ISP actually invested in it) and have every web request use a different IP.

But you'd be using the same prefix, which I'm sure some good soul would map, so you anyone who cared would correlate all of your accesses just as if you had a fixed IPv4

[zelphirkalt]

I would like to know how it is done at protonmail, where, last I checked, one does not need a phone number to register an account.