[FrenchDevRemote]

the average person don't have any idea what's a hardware token. google is not catering to HN readers, they're catering to your grandma, your parents, your little brother/sister, your tech illiterate neighbor.

They couldn't care less about the habits of a nerd on archlinux with ublock, noscript, firefork a vpn, hardware tokens and 2FA everywhere with recovery code split in 7 different location.

[throw10920]

This is a straw-man. The problem is not that Google is designing their services to cater to the average tech-illiterate user, it's that they're preventing the tech-literate users from opting out of phone recovery and/or using something more sane, like what's been listed above.

That's clearly malice. Like, there's no good reason that Google would require you to hand over a phone number.

[TheDong]

> That's clearly malice. Like, there's no good reason that Google would require you to hand over a phone number.

Let me give you a reasonable non-malicious reason:

Googler A: "We have this new attack. People are creating accounts from compromised IPs, and then creating app passwords to send huge amounts of gmail spam through SMTP directly, thus avoiding our browser-based spam mechanisms"

Googler B: "Can we ban them?"

A: "We can't ban them because we have no info on them, just sign-up IP, and the botnet has practically unlimited IPs"

B: "What about forcing them to have a phone number so we can do anti-spam on that, and perma-ban compromised phone numbers from making new accounts?"

A: "Good idea, that'll stop such a huge quantity of phishing emails and spam. That'll be good for the internet as a whole"

----

See, a non-malicious explanation.