Gmail registration now requires scanning a QR code and sending a text message

Any Gmail person can tell me why Gmail is tolerating Gmail phishing emails that use Google's own services (e.g. https://storage.googleapis.com/savelinge/... ?

More info here: https://news.ycombinator.com/item?id=46665414

> Supposedly, using the QR code on the smartphone triggers an SMS sent from your phone to Google in order to verify your phone number.

Does anyone have a better source of information than this one forum comment from someone who thinks scanning a QR code is enough to get your phone to send a text message?

Recently helped a small business set up a Google Workspace account and we hit a wall during registration.

Told the owners that if Google is already being difficult during signup, imagine being locked out later with client work on the line. Pulled up a few horror stories about Google lockouts to drive the point home. They ended up with another workspace solution.

I got this a few weeks ago, it was a URL like "sms?:number" which tries to pre-fill text in app. Didn't work for me (Fossify) so I had to copy the number and verifier text from that URL and send it manually. It's for saving money spent on providers like Twilio.

Gmail has been evil both for client privacy as they use email scanning for marketing purposes, and for 'spam' filters that reject legitimate emails.

The fact that they're introducing QR/SMS/MMS/whatever they want is actually an interesting signal, because it will harm the customer experience, which might result in the growth of responsible paid email services.

Won't be registering any new gmail accounts in the future and will gladly dump the ones I have if Google tries to force obtaining my phone no.

... and gives me a message on my primary phone: "This number has been used too many times."

Everything is going to get so much worse and AI really is to blame. So many websites now have these verification pauses and CAPTCHs because of AI agents. Part of it is agents. Part of it is everyone running their own awful versions of Googlebot.

Years ago IIRC there was a "bug" where the Android emulator allowed you to create real Google accounts. This was found and I'm sure millions of these accounts were created. There's a whole black market for Google accounts. Whereas I lost a Google account I'd created for a relative because it hadn't been used in awhile and it was tied to a mobile number I no longer had.

I don't see how this ends without registering for a service like Gmail being tied to your government ID.

When did it start?

[flagged]

The real problem for privacy is that governments are increasingly outsourcing the verification of identity and bot protection to private companies.

Last time YouTube wanted to verify my phone number it was easier to find a free service to receive SMS than for Google to deliver it to my actual phone. And Google didn't care I "verified" a number assigned to other side of the world.