[atomicfiredoll]

> A few days ago, I was prompted to verify my phone number by Google. Immediately after completing the verification, I received an email notifying me that Google had overwritten all my personal information. It turns out that because my mom is the one paying the phone bill, they automatically "verified" the name on my account to be hers and updated everything on my account without my consent.

It sounds like someone at Google (not necessarily a programmer) needs to read "Falsehoods Programmers Believe About Phone Numbers:"

> 4. A phone number uniquely identifies an individual

What a bureaucratic nightmare.

[kylec]

Link to the Falsehoods article, it's a good read:

https://github.com/google/libphonenumber/blob/master/FALSEHO...

[diggan]

Falsehoods Programmers Believe About Google:

- Projects under the `google` GitHub organization is from Google itself (Google for some reason force projects from Google employees to be umbrellaed under their own organization for some reason, even if it's a personal project)

- Google follows their own rules (applies to any "Big Tech" company)

- Google actually cares about correcting mistakes unless they hit the news/social media

- YouTube and Google tries to make the experience for you, the consumer (on YouTube: consumer = creators + viewers), as good as they can

[lelandfe]

> Google's common Java, C++ and JavaScript library for parsing, formatting, and validating international phone numbers

It does seem this repo is “from Google.”

[mtlynch]

I think they mean that just because code is under github.com/google, it doesn't make it an "official" Google thing.

For example, yapf[0] is under the Google Github org but has the disclaimer:

>Note YAPF is not an official Google product (experimental or otherwise), it is just code that happens to be owned by Google.

libphonenumber doesn't have any similar disclaimer and does seem to be an "official" Google product, but it's hard to tell what Google considers official or not.

[0] https://github.com/google/yapf

[Ferret7446]

Google does not offer (m)any developer facing "official" products. Google offers "official" products for consumers or enterprises (e.g., Gmail, Cloud Platform), but all of their FOSS code, of which there are many, are all "unofficial"; they are FOSS projects that happen to be developed by Google employees but come with a normal zero liability FOSS license (as opposed to their "official" products, which do come with some liability user agreements/contracts).

[Ferret7446]

> Google for some reason force projects from Google employees to be umbrellaed under their own organization for some reason, even if it's a personal project

I don't think that is true. Google employees can have regular personal projects. If you have a "personal" project that is done under the scope of your employment (e.g., you work on YouTube and you wrote a tool to, I dunno, manage Makefiles to help yourself and/or other coworkers, then that would be a "Google project" housed under `google` even though it's not an "official" product).

[mindslight]

Falsehoods Programmers Believe About the Surveillance Industry? Entry #1: Do no evil.

[foota]

Um... Does anyone else see the repo owner?

[layer8]

They meticulously document the falsehoods their programmers believe. ;)

[ffsm8]

These decisions haven't been made by programmers in over 10 years.

These lists made sense in 2000-2010 when programmers had the autonomy ( in most corporations ) to decide on what feature to develop and how it should behave.

This hasn't been the case since the industry introduced roles such as product owner.

I've had to implement my fair share of anti patterns that I was fully aware would degrade the experience for the user. At the end of the day, the programmers have been reduced to essentially blue color workers that just do whatever the MBAs decide on.

[twic]

Is anyone old enough to remember when Google was an aspirational place to work? They had the best engineers and were doing the best stuff, and people spoke their name with awe. Now it's just Microsoft with a salad bar.

[antonvs]

> programmers have been reduced to essentially blue color workers

Papa Smurf will not be pleased to hear about this.

[rad_gruchalski]

> These lists made sense in 2000-2010 when programmers had the autonomy ( in most corporations ) to decide on what feature to develop and how it should behave.

Falsehoods programmers believe?

[dingnuts]

Which part? That programmers ever had that level of autonomy?

[ketzo]

Programmers are some of the most in-demand workers in the world. You wield significant influence. And any even-slightly-functional workplace will at least try to listen to the word of their experts.

Perhaps it’s possible you didn’t do enough to explain why you didn’t believe it was the right work to do, or if you did, perhaps there were other factors in play than “user experience.”

Also, uh, “I have to do what my boss says” doesn’t make you a blue collar worker.

[Mountain_Skies]

If programmers are some of the most in-demand workers in the world, why do they have to send out over 1000 job applications and are still treated like trash by hiring processes? Hacker News is one of the few places on Earth where this belief that programmers are in control of everything still exists. Pretty much everywhere else has adapted to the reality where programmers are in great surplus, but the investor class won't be happy until it's a minimum wage job, or even better, an unpaid internship. No wonder HN has a reputation for being a bunch of out of touch Bay Area investors with little concept of the real world.

[ffsm8]

> doesn’t make you a blue collar worker.

I know, I was exaggerating. I thought it was clear from my usage of the word "essentially".

> perhaps there were other factors in play than “user experience.”

Of course there were. There always are - chief among them the profitability, because selling the customer on stuff they didn't need is profitable. Especially if you frame it "right".

But that example is completely unrelated to this case, to very little value in getting deeper into it.

[ForHackernews]

> Also, uh, “I have to do what my boss says” doesn’t make you a blue collar worker.

No, but it does make you a non-professional. The distinction between professionals and non-professionals is that members of professions have ethical obligations above and beyond their obligation to their employer.

You will not find lawyers willing to perjure themselves, accountants to cook your books, or civil engineers happy to sign off on deadly designs.

In contrast, software "engineers" are not professionals, we are hired goons and you can easily find a software monkey ready to build whatever atrocity you want for the right price.

[sdiupIGPWEfh]

Heard the of bimodal salary distribution? I'd bet it matches up quite well with a bimodal influence distribution.

[out-of-ideas]

im sure it will be deleted/modified/adjusted/enhanced; though #1 is subjective, "unless it is essential" -> and right there, it is essential for google to do lookups of phone numbers to correct account ownership information based on another-companies paid services. "whenever possible try to provide" ... nope, it is never possible; phone validation or bust.

edit: i gotta change my first guess that it will be modified soon. google does not set the goal to not be evil, so they'll likely just leave the repo as-is, unattended.

quote: 1. An individual has a phone number

Some people do not own phones, or do not wish to provide you with their telephone number when asked. Do not require a user to provide a phone number unless it is essential, and whenever possible try to provide a fallback to accommodate these users.

[throwaway290]

One programmer's falsehood is another manager's kyc/regulations.

[ycombinatrix]

That is insanely pathetic

[GoblinSlayer]

2020: hey, it's second factor for your safety

2040: 4 hour ago your body separated from your phone, drink a verification can

[jsemrau]

Google dies of many little papercuts based on decisions of incompetent people.

[pjmlp]

Which is kind of tragic given their famous hiring process that every wannabe great startup feels like copying.

Maybe the process isn't that great after all.

[adamors]

That hiring process is for engineers tho, do we know how they hire the various product people that might end up making these decisions?

[pjmlp]

Well, code quality on Android also speaks for that hiring process.

[david_allison]

What's the point of code quality if you rewrite everything every 3 years?

[saagarjha]

I don't think it does.

[pjmlp]

An previous consumer of Android teams work, across NDK, Studio, Gradle, and userspace libraries, I think it does, and am quite happy that Android development is no longer something I have to care about.

[crusty]

How many phone numbers fit in a jumbo jet?

[RataNova]

And the worst part? Instead of acknowledging the mistake and fixing it, they just double down on policy rigidity

[crote]

They are institutionally incapable of fixing it. Companies like Google are too big for that.

Individual workers and even entire teams don't matter. They are just another cog in a massive machine. Customer service representatives are forced to follow a script, and they are technically unable to deviate from it. After all, if there's an override button, it just takes one of your tens of thousands of minimum-wage workers to go rogue to end up with a massive compromise.

To fix it you need your manager's manager's manager to file a change request, which will be put on an endless backlog to be potentially looked at by two dozen teams a few years from now. And if it's not a frequently-occurring issue, it's not worth the effort. Google isn't going to fix it because as an organization they aren't even aware you exist. You are collateral damage, and they are totally fine with that.

The only way around this is to shortcut the entire process. Post on HN and hope some manager high enough in the policy/tech chain can be bothered to personally agenda the issue.

[Telemakhos]

I wonder if there's any sort of quiet constraint outside of organizational inertia at work here. Telephone numbers were (are?) one of PRISM/XKeyScore's favorite "strong selectors," and Google, like all major players in communications, does things to make its services play well with the current iteration of surveillance tools. I wonder if the current, seemingly boneheaded approach to applying phone company data to account data via phone numbers, including overwriting names, is some new requirement of the surveillance system.

[formerly_proven]

I'm actually fascinated Google can apparently query US service providers for the billing address given only the phone number?!

[pram]

Literally anyone could do the same thing with the telephone directory in the 80s ;P

[diggan]

Or, change the country to Sweden and anyone can still look it up, even online :) Checkout hitta.se, ratsit.se or similar services.

Which reminds me that someone claimed that the income/amount of tax paid is the most private data American citizens have (the context was the DOGE/payments stuff), meanwhile every Swedish residents income is very public information.

Negotiating your salary is a whole other ballgame when you know your colleagues salary and your boss knows that you know :)

[marci]

It was the fastest way to find Sarah Connors

[ta1243]

In practice in the 80s you could do a name->address or name->phone lookup

You couldn't do a phone->name or address->name lookup

[devilbunny]

There were "reverse directories" for phone->name, though you didn't get one delivered to your house with your phone subscription. You could also call directory assistance.

[kbelder]

You could. Phone companies published reverse phone directories, with name and address listed by number.

[olyjohn]

Yeah but I also remember that when I signed up for phone service, I could opt out of being in the phonebook at all if I wanted to. And you'd have to wait up to a year before the new phone books came out with updated information.

[sebazzz]

> It sounds like someone at Google (not necessarily a programmer) needs to read "Falsehoods Programmers Believe About Phone Numbers:"

>

> > 4. A phone number uniquely identifies an individual

The whiteboard algorithmic interview didn’t prepare nor test for this.

[thaumasiotes]

> It sounds like someone at Google (not necessarily a programmer) needs to read "Falsehoods Programmers Believe About Phone Numbers:"

>> 4. A phone number uniquely identifies an individual

But that has nothing to do with this. The idea here is that whoever is paying the phone bill is the same person who uses the phone. Nobody believes that.

[smgit]

I have an Indian colleague whose dad was in some kind of coma for few months after an accident. He had a real crazy time keeping the house running. His dad's number was attached to all kinds of bills - electricity, gas, milk, water, internet, cable, newspapers etc. Most of the services would send a verification sms to his dad's phone for any kind of interaction. No one knew the password. And it turned into a major nightmare. It wasn't just a question of paying the bills. Lot of these services had to be shutdown or have settings changed temporarily. And each one had a different set of documents/processes required to prove he was a relative.

[sieve]

The only place where the phone number really matters in India is when dealing with banks, AADHAR and the phone company.

Phone/Gas/Electricity/Internet/Cable etc bills can be paid through any of the hundred-odd mobile wallet apps. Other than some exceptional cases, none of them require access to the linked phone number.

[lmz]

Remove the SIM card and pop it into some other phone? Unless the SIM has a PIN lock, but I guess you could go to the telco for help with that.

At least SMS is easy to divert that way. Think about the services that verify over Whatsapp or Telegram. Good luck finding someone who cares there.

[smgit]

He was in a different location initially. He eventually got access to the sim. So every process requiring sms verification became a roadblock.

[kazinator]

It is related. The belief that a phone number maps to a single person, the one paying the the phone bill, is a form of belief that a phone number uniquely identifies an individual. The reality is that the number identifies two individuals: the mom paying the bill and the user of the phone.

[thaumasiotes]

No one believes now, or ever has believed, that the person paying a phone bill is the same person who uses the phone. That's not the way money works.

[kazinator]

According to the bizarre anecdote in this HN submission, the person who pays for the phone bill must be the person who is validating a YouTube account with that phone number.

Validating an account with a phone number constitutes phone use so, yes, Google and Youtube have shown an instance of belief that the person paying is the same as the person who uses.

[rixed]

I don't know if it is still the case, but in the past Android would let you create several user accounts on a single phone.

[Y_Y]

To be completely fair, Android also allows having multiple sims and phone numbers on a single phone. I've never heard of people sharing a device without sharing the number, but it's possible.

[david_allison]

It's still the case. I have at least 4 on the same number.

[chrisandchris]

This belief gets very interesting with company phones, where 1 person pays several hundreds/thousand phones. Oh wait, that's not a person but a legal entity?

[wink]

I don't even want to guess the percentage of couples where one partner pays for (both, maybe three) phones/landlines, and that's ignoring all children, underage or not.

[diggan]

Don't remember what service exactly (Paypal I think?) that some time ago asks for me to "verify" the account by showing some bills with my name. At that point, the only utility bills they accepted for the verification, were all in my wife's name, which they didn't accept, so now I no longer have Paypal.

[wink]

Good point. I actually think we're both on some of the statements, so that's at least one problem I wouldn't have. Still ridiculous overall, of course.

[grapesodaaaaa]

I currently pay for 4 other people, because the way plans work in the US, it’s a lot cheaper.

I don’t bother to update the names on their lines, so they all probably link back to me.

[johnisgood]

So were they engage in something illegal you would be liable?

[yellowapple]

The rationale of that falsehood¹ addresses that point:

>> It wasn't even that long ago that mobile phones didn't exist, and it was common for an entire household to share one fixed-line telephone number. In some parts of the world, this is still true, and relatives (or even friends) share a single phone number. Many phone services (especially for businesses) allow multiple inbound calls to or outbound calls from the same phone number.

----

¹ https://github.com/google/libphonenumber/blob/master/FALSEHO...

[thaumasiotes]

How does that address the point? They've got nothing to do with each other. Our example user isn't sharing a phone number with his mom. He's having his phone bill paid by his mom. It is correct to believe that the number uniquely identifies him. Explaining that "all phone numbers uniquely identify a single individual" is false doesn't matter in any way, because it isn't false as applied to the phone number that's giving us trouble. That number uniquely identifies an individual.

This should be a hint that you've misdiagnosed the problem... shouldn't it?

[yellowapple]

> Our example user isn't sharing a phone number with his mom. He's having his phone bill paid by his mom.

Having his phone bill paid by his mom makes it his mom's phone number by default; it's then shared with him, making it a non-unique identifier. That's why it falls into Falsehood #4 (and likely into Falsehood #3, assuming that his mom has a separate phone number that she doesn't share with anyone else).

[snowe2010]

> Having his phone bill paid by his mom makes it his mom's phone number by default;

No, it makes his mom the account owner. Just because I pay the bill for mine and my wife’s phones doesn’t mean her number is actually my number. Imagine operating a company and the CEO isn’t the one paying the phone bill, it’s the accountant, and you claimed that it’s not the CEO’s phone number, it’s actually the accountant’s, but it’s shared with the CEO. It’s nonsensical. The number is assigned to a person on the account which has nothing to do with who pays the bill.

[yellowapple]

> No, it makes his mom the account owner.

Which makes the phone numbers under her account hers.

> Just because I pay the bill for mine and my wife’s phones doesn’t mean her number is actually my number.

It absolutely does mean that her number is actually your number. That you choose to share it with her doesn't change that; you can revoke that sharing at any time, or even cancel the line entirely.

(And of course, if both of you jointly own the account, then the numbers therein would simultaneously belong to both of you.)

> Imagine operating a company and the CEO isn’t the one paying the phone bill, it’s the accountant, and you claimed that it’s not the CEO’s phone number, it’s actually the accountant’s, but it’s shared with the CEO.

Is the phone bill under the accountant's name and paid from the accountant's personal bank account in this hypothetical? Or is it under her employer's name, and paid from her employer's bank account? The answer to that question determines the owner of the CEO's phone number, and in neither case is the CEO himself personally the owner of that number.

> The number is assigned to a person on the account which has nothing to do with who pays the bill.

And if that assigned person was the son then it would've been the son's name that Google pulled instead of his mother's, and Google's ignorance of its own advice would've gone unnoticed.

[Dylan16807]

Your quote disproves you. That explanation does not address the point of who pays. It addresses what point 4 is actually about, multiple people sharing a number, which is not happening here.

[pyuser583]

Mobile phones date from the 1930s.

[pjc50]

I have some very bad news for you how ID works in countries that don't have national ID systems: companies use all sorts of awful hacks instead.

The UK treats "utility bills" as proof of address. Yes, these are trivially forgeable and often incorrect. Yes, it's a big pain that you don't exist if you're not paying bills.

[ben_w]

> The UK treats "utility bills" as proof of address. Yes, these are trivially forgeable and often incorrect. Yes, it's a big pain that you don't exist if you're not paying bills.

Spent the last few months trying to explain to a randomly changing E.ON representative how unacceptable it was for them to send bills with my name on it to a non-existent address.

I moved out of the country in 2018.

They've offered me £10 credit. That I can't use, because I left the country.

I need to gather all the emails together and send them to the ombudsman, but there's around 80 emails now.

[hyperman1]

I've always vaguely wondered how the US knows who to tax, if they have no complete, trustworthy register of who the citizens are and where they live. It presumably works, I just don't understand how.

[pjc50]

They rely on a number of inefficient proxy systems, like the UK: making employers keep track of the tax of employees, and making all the banks report "suspicious" transactions.

The US even tries to make its overseas nationals pay tax. As a result, everyone everywhere in the world who wants to get paid by Amazon has to sign a US tax form saying they're not a US taxpayer.

[htrp]

https://corporatefinanceinstitute.com/resources/accounting/v...

The answer is goodwill and doing the right thing.

[crote]

How does that even work these days? Taking a picture of a bill physically mailed to you is bad enough, but all of my utility bills nowadays are nothing more than an email! How's that supposed to prove anything?

I mean, I guess you could do something with the DKIM signature, but good luck getting non-technical people to forward a mail in a way which leaves that intact. Realistically the best you're getting is a butchered screenshot.

[_trampeltier]

In a lot of cases, the company payes the phone bill or there are sometimes family plans, so there is just one bill for the whole family.

[metadat]

Imagine being the implementing engineer at ElGoog:

Your manager / PM: "Make this change, it's how Google is doing things now."

Yet it's so obviously wrong, but if you push back.. not good for you.

[atomicfiredoll]

Lots of us have had to implement changes we've disagreed with or pushed back on, but this one looks so obviously wrong, it's particularly mind boggling.

I'm almost inclined to think maybe the process/tech isn't designed to do this and there's a bug, or somebody tasked with a manual verification made an outright mistake, or something else went off the rails. Any number of this could have gone wrong.

Then I think of the number of sites and services that have started asking for phone numbers, as if they believe doing it over and over will somehow change the nature of telephony--it would probably be a mistake for me to give Google or any of these other companies the benefit of the doubt.

[have-a-break]

I wish I could find a the exact court case, but legally you cannot associate anything online with an individual.

[trueismywork]

Indian govt does it do, to great success.