Spam is getting horrible lately. I get all sorts of new techniques including:
- using legitimate sites to bypass filters, like sending you a bill through a legitimate bill-creation site
- pretending to be a tracking service for something you supposedly ordered, then over the course of days pretending the package got lost on the way and offering a discount code for the 'purchased' amount, expecting you to use it on their phising site.
Gmail not only fails at spam classification, they classify these messages as important and nag you with first priority notifications and summaries.
I can’t prove it, but it feels like the world recently decided that spamming/scamming is acceptable, so the number of spammers/scammers has increased dramatically.
The number of spam calls, texts, emails, iCloud account unlock requests, etc I’ve received in the last year is insane.
That doesn't really change the fact that it's hard. Do you know how many full movies are on YouTube that infringe on copyright? How many pirated streams are hosted on S3? How many piracy sites are behind Cloudflare. It's just very hard to police at scale and if something is flying below the radar it will be there for a while. They probably spread out their assets over many accounts, or even use misconfigured buckets with write permissions to drop some files in there.
"It's so easy when you don't know how". I'm not sure if this phrase is in common use at all, or if I just misheard it once and attributed it to mean that when the details of a problem aren't obvious, its easy to conclude the solution is simple. "Why don't they just do ___?"
At the companies I've worked at, I refer to this as the "well, can't you just...?"
Yeah, I can "just" after I "just" do A, and B, and C, and D, and E, and F, and G.
Drives me batty on top of being insulting. "Surely you realize I thought about that weeks ago, and if it were that simple, we wouldn't be having this conversation."
> Supposedly, using the QR code on the smartphone triggers an SMS sent from your phone to Google in order to verify your phone number.
Does anyone have a better source of information than this one forum comment from someone who thinks scanning a QR code is enough to get your phone to send a text message?
EDIT: It’s just an SMS URI. It doesn’t automatically send anything, just opens a text message for you to send.
This is just the old phone number verification with a QR code convenience method.
Technically if you can copy paste the qr code into any qr reader website and manually do it, I think it's possible? Assuming it doesn't change the code very rapidly every few seconds.
I think it's probably enough to get your phone to open your texting app with a pre populated number and message body, then all the user needs to do is hit send.
Recently helped a small business set up a Google Workspace account and we hit a wall during registration.
Told the owners that if Google is already being difficult during signup, imagine being locked out later with client work on the line. Pulled up a few horror stories about Google lockouts to drive the point home. They ended up with another workspace solution.
Everyone hates on Microsoft, but their platform is 50x better than Google. Personally nowadays I would be looking at Proton if I was going to setup a workspace for my company.
We are 365 shop… I cannot think of one single time the 365 being down has affected us at all. Maybe you’re right I don’t know. Maybe your region is worse than my region.
I got this a few weeks ago, it was a URL like "sms?:number" which tries to pre-fill text in app. Didn't work for me (Fossify) so I had to copy the number and verifier text from that URL and send it manually. It's for saving money spent on providers like Twilio.
Gmail has been evil both for client privacy as they use email scanning for marketing purposes, and for 'spam' filters that reject legitimate emails.
The fact that they're introducing QR/SMS/MMS/whatever they want is actually an interesting signal, because it will harm the customer experience, which might result in the growth of responsible paid email services.
It is good to realize that it has never been "Nice Uncle Google" and always an advertisement moloch offering tools to hook their product. All that trust that was bestowed was never warranted.
The only “real” competition for Google Workspace is Microsoft if you need a full collaboration solution beyond just email, and 99.999% of customers of such hosted solutions need that full solution. It’s why Dropbox worked even though hacker news users probably roll their own sync solution.
His point was just that many business users can only purchase Google’s solution or Microsoft’s solution, because they’re the only services that will offer interoperability with many other security and compliance services and advanced functionality like SSO, third party email scanning, compliance journaling etc. The email market is essentially a duopoly as soon as you need any functionality beyond basic email.
The simple fact that you believe this is insane to me. Microsoft?Security and compliance? Ahhh, yes the north star of security!
No, you don't need either of these companies if you need a corporate stack for communication and collaboration. And anyone who believes Microsoft or Google is doing anything out of the ordinary to protect their users or data is out of the loop.
It's not about actual security; it's about the appearance of it. It allows CTOs and such to check a box to say "Why yes, our vendor is secure! Look at all their claims! Look at how many other companies use them!" That's it. Safety in numbers for clueless CTOs.
Everything is going to get so much worse and AI really is to blame. So many websites now have these verification pauses and CAPTCHs because of AI agents. Part of it is agents. Part of it is everyone running their own awful versions of Googlebot.
Years ago IIRC there was a "bug" where the Android emulator allowed you to create real Google accounts. This was found and I'm sure millions of these accounts were created. There's a whole black market for Google accounts. Whereas I lost a Google account I'd created for a relative because it hadn't been used in awhile and it was tied to a mobile number I no longer had.
I don't see how this ends without registering for a service like Gmail being tied to your government ID.
Last time YouTube wanted to verify my phone number it was easier to find a free service to receive SMS than for Google to deliver it to my actual phone. And Google didn't care I "verified" a number assigned to other side of the world.
It's becoming increasingly hard to find a service that lets you see verification messages, and even then google doesn't like a lot of the numbers those services use
More info here: https://news.ycombinator.com/item?id=46665414
- using legitimate sites to bypass filters, like sending you a bill through a legitimate bill-creation site
- pretending to be a tracking service for something you supposedly ordered, then over the course of days pretending the package got lost on the way and offering a discount code for the 'purchased' amount, expecting you to use it on their phising site.
Gmail not only fails at spam classification, they classify these messages as important and nag you with first priority notifications and summaries.
The number of spam calls, texts, emails, iCloud account unlock requests, etc I’ve received in the last year is insane.
Yeah, I can "just" after I "just" do A, and B, and C, and D, and E, and F, and G.
Drives me batty on top of being insulting. "Surely you realize I thought about that weeks ago, and if it were that simple, we wouldn't be having this conversation."
But hey, I get paid every 2 weeks.
Does anyone have a better source of information than this one forum comment from someone who thinks scanning a QR code is enough to get your phone to send a text message?
EDIT: It’s just an SMS URI. It doesn’t automatically send anything, just opens a text message for you to send.
This is just the old phone number verification with a QR code convenience method.
It’s not something specific to a phone. It’s just a convenient method to enter your phone number.
So if there are any costs for sending this SMS it’s on you.
Told the owners that if Google is already being difficult during signup, imagine being locked out later with client work on the line. Pulled up a few horror stories about Google lockouts to drive the point home. They ended up with another workspace solution.
What does this mean? The scanning a QR code and sending a text message from this article, or something else?
The fact that they're introducing QR/SMS/MMS/whatever they want is actually an interesting signal, because it will harm the customer experience, which might result in the growth of responsible paid email services.
It is good to realize that it has never been "Nice Uncle Google" and always an advertisement moloch offering tools to hook their product. All that trust that was bestowed was never warranted.
My comment, as per subject, is about Gmail.
No, you don't need either of these companies if you need a corporate stack for communication and collaboration. And anyone who believes Microsoft or Google is doing anything out of the ordinary to protect their users or data is out of the loop.
Years ago IIRC there was a "bug" where the Android emulator allowed you to create real Google accounts. This was found and I'm sure millions of these accounts were created. There's a whole black market for Google accounts. Whereas I lost a Google account I'd created for a relative because it hadn't been used in awhile and it was tied to a mobile number I no longer had.
I don't see how this ends without registering for a service like Gmail being tied to your government ID.
It's like saying that the government has outsourced burger making to McDonalds.