[arriu]

Whenever one of these threads about Google (or Apple) come up, I am shocked at the lack of response from people working at those companies. It seems reasonable that this site would be where you'd find someone from a team that interacted with logic that OP is having trouble with.

I'd expect to see something like a "hey, yeah, I know a guy on our team that might be able to get in touch with the team who maintains this. I've sent them this thread"...

I'm hoping OP got a private message.

[taftster]

Maybe when Google was an exciting place to work and a darling of the internet, possibly somebody working there would consider going out of their way to help a user out and considered themselves empowered to do so.

I get the feeling that anymore people just don't care. There might even be disincentives to report or try to address such issues. It's maybe just me, but it seems the excitement over the dotcom has subsided and we're all just in a technical slump right now. Corporate takeover of the internet has taken hold.

[joeframbach]

Anecdotally, my wife works for a pharmaceutical company and is mandated to report possible impacts that people report about a drug, even in casual conversation. People working under this mandate simply avoid these areas entirely. We avoid watching certain Instagram and Youtube personalities with certain conditions in the chance they might say something she has to report.

[Radim]

Is that for real? I'd love to hear more about this mandate.

Why would someone refuse to watch celebrity Youtube videos, in private with their husband, because of some mandated self-reporting by their pharma overlords?

I'm in awe at the level of corporate control and domestication implied.

On the face of it, your anecdote reminded me of that (apocryphal?) prank that natives played on early explorers: "Will he eat this disgusting food if we tell him it is our tradition? How far can we push him into abject nonsense before his common sense revolts?"

[mbauman]

It's not a random Pharma company mandate, it's an FDA one. I think it's in here: 21 CFR Part 314.80 Postmarketing reporting of adverse drug experiences.

https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfCFR/CFR...

At its heart I get it — you don't want a company's employees to be burying reports of adverse events. But now the company is liable to ensure such things get reported. And thus they pass this liability onto their employees.

[chc]

It is real. To my recollection, this isn't so much a matter of corporate control as it is following FDA guidelines to the letter.

[halkony]

Developers at large corporations are strictly informed that they are not the public face of the company and can't do that. These aren't mom and pop developer shops.

[arriu]

I agree to some extent but large companies do staff roles that have public outreach as part of their job description. Suggesting that no one is able to say "there is an internal ticket for this" is not the full answer.

[phendrenad2]

Really? I've never seen anyone at Google or Apple who's in a "staff role with public outreach as part of their job". I don't think any big tech companies have those.

[arriu]

They do, and Google does.

Job descriptions are usually something like: "As a Technical Evangelist, you will be the face of the platform and often the first contact our customers have with us, both online and in person."

https://en.wikipedia.org/wiki/Technology_evangelist

[htrp]

Do tech evangelist roles really have the power to send things back to the product teams? They always seemed more like platform adoption/marketing people.

[phendrenad2]

That's... not what technology evangelists do. Tech evangelists are the public face of a specific, often open-source, product/project. There are no tech evangelists for "all of Google". These are narrowly-defined roles, and they aren't empowered to be the public face of the company outside of that area.

[lexapro]

They can't send a link to a colleague?

[johncessna]

These places are large complex organizations. Event at small places it's difficult to find the right person the feedback would go to. That also assumes that the person who takes in feedback can actually change anything.

My guess is that they want to implement the feature but the security burden is so high that it's not worth it. When everyone's ${stereotypical_computer_illiterate_user_of_choice} starts using MFA and losing their 2FA solutions, it may be worth tackling, but until then, I imagine the number of impacted users is relatively low.

[marcellus23]

How can you possibly know they don’t do that?

[ironmagma]

You don't have to be mom and pop to give a crap about your reputation/perception.

[afandian]

Something similar but different happened to me. I know someone who works at Google in a distant dept. The best he could do was try to follow the internal escalation policy, which was broken, so he filed an internal bug about the process. I solved my issue a different way on the end.

I bet employees feel as disempowered about this stuff as civilians…

[NikolaNovak]

I would be surprised if they were allowed to do so by their workplace policies, and clearly they don't feel it's worth the risk to stick their neck out. Not only is there limited win scenario for themselves or their company, there are multiple lose scenarios - there's likely NO response that everybody will be happy with, and some percentage of these scenarios end up with more than initially meets the eye.

[mcherm]

> I'm hoping OP got a private message.

I'm not. I have the same problem -- or I will if I ever lose my 2 factor identification keys, which are held by Authy NOT by myself. I always assumed that my one-time-codes (which I have carefully secured and protected) would be usable to regain control over my account. If that's not the case, then I want Google to fix it for EVERYONE.

[efreak]

Not sure if this is still accurate or not, but you used to be able to use the element inspector to export your keys from the Authy chrome extension (I can't find the original script I used, but I did find this one for developer mode [1]). This is how I migrated to WinAuth (dead project, but still works. Theoretically secured by windows itself, so shouldn't matter I think?). I've since migrated my mobile devices to Aegis[2], which I'm trusting sandboxing to secure; new otp are still added to Authy solely as backup.

Aegis supports importing from a bunch of apps, as does android-otp-extractor, both need root to do so. Aegis can also import backups from a bunch of different apps.

[1] https://gbatemp.net/threads/extract-your-totp-keys-from-auth... [2] https://github.com/beemdevelopment/Aegis [3] https://github.com/puddly/android-otp-extractor

[ranger_danger]

Always back up the key/QR code before importing it into any app in case that device blows up.

[gravitronic]

Nothing yet, but I just added an email in profile if any helpful googlers are able to assist

[zelphirkalt]

I guess no one wants to be responsible, while at the same time having some of the highest paid employees of tech companies. No one wants to take the blame for the crap Google is pushing down people's throats. If Google started to actually deal with these things, instead of leaving it to "the algorithm", they probably would have lots of extra costs. Some number pusher needs to make their numbers, so nothing changes.

If one has the choice, one should never rely on Google for anything, unless one has a fetish for being victim of some algorithm with no way to change it. Most of their tooling is not worth that pain anyway and looks like a thin veil around user tracking. Never forget, that Google is an ads business company and that is how they make their money.

[random2021]

Any of these large companies are like governments. Assume you complain to a Chinese or US or European that your govt does this bad/crazy/illogical thing.

how do they respond?

Do you think if you tell an engineer from John Deere that they have unethical practices the are going to complain in the next meeting? Or a Volkswagen person that does care about pollution but will be quiet.

They just look at pay checks.

Any complaints. they just shrug or chuckle ...

The teams are big and finally they cant get involved. IIRC, even spouses of Googlers cant get special access.

At the same time if they did manage to reset account/password/etc that would be the best way to circumvent security.

[redavni]

Which could mean that these people have been outsourced.

[afandian]

Their billing collections dept is outsourced to Accenture (they say so in the email sig) and from my support conversations are pretty much siloed off.

[lmz]

If a random employee can do that, a random employee can do that and I guess it's better for everyone if no employees can bypass user security based on a forum post.

[deepfriedrice]

The suggestion isn't to bypass, but to surface a missing use case to the relevant folks