> More than all the antitrust regulations being thrown at Google, I'd like to see regulators force Google to provide users customer support.
I would recommend a $5/month email service. It would be nice if free Gmail gave even more free stuff, but only a paid for service can really expect paid support staff.
Having said that, this seems like a terrible idea from a security perspective. There may well be no way to design a service that is resistant to social engineering and lets you unlock your account via a phone call.
*While the social engineering concern is a valid one, I suspect that Google's original reasons for not providing support were not opsec related.
Google's 2FA system combined with their lack of support terrifies me as a security-literate user. Here's one example: I was traveling and signed into Google from a new location. Google prompted me to verify myself via two-factor auth, and the only method they allowed me to verify by was by opening up the Google app on my iPhone and by confirming the provided number. I tapped "try another way", and gone was the option to verify via authenticator app.
I'm lucky that I had my phone on hand but I was dumbstruck. What if I lost my phone? I'd be screwed, locked out of my account with no way to fix it, even after following the best security practice of enabling 2FA via authenticator app, because Google took it upon themselves to say "screw your choice of security, open our app on the phone" (also, thereby coercing me to link my two devices to my ip address/location for analytics/targeting reasons, I'm guessing).
I could have done everything right and still gotten locked out of my account.
Google does nothing, nothing!, without it being an attempt to track you. And the golden of tracking, is your real id and real location.
Even if the initial push for 2fa was security, by dev#1, you can be positive dev#2, 3, 4, xxx, 100 came running, and thought "tracking".
Google owes everything it is, to being the sleaziest, sneakiest, slymiest company they can be.
If the internet is an information highway, google is a van, stopping, and asking your kids if they want candy.
Were google a business in your physical neighborhood, tracking people as they do, they'd end up with a molotov cocktail through their window. No one would abide such behaviour, but the average Joe has no idea, and cannot understand, and thus, does no object.
Google is doing to our society, what the new settlers to North America did to Native Americans. Offer them beads, and plets, in exchange for riches, using our own ignorance against us.
Google is a primay example of the "slippery slope". They were given an inch, and they took us out back, and beat us with a 2×4.
If you trust your business to google, you're nuts.
And to the comment I replied to, yes, it is all for tracking.
Edit: yes OK I admit I don't like Google, just to ensure my bias is clear.
> Google Workspace Standard Support—Standard Support is included with your Google Workspace license. It provides support with a 4-hour service-level objective (SLO) for P1 cases. If you're interested in faster response times and additional Support services, Enhanced or Premium Support might be a better fit for your business.
A good question is what does P1 case means. Locked out of email or "sorry Google, I just wanted to say your global email network is down, when it's gonna be up?"
only a paid for service can really expect paid support staff.
Why?
You make it sound like Google is a pauper, doling out free e-mail accounts and not making any money off of it.
Just because it's not billing your credit card doesn't mean you're not paying for GMail. You just pay for it indirectly through advertising.
If only a paid service can expect paid support, then how does Google make hundreds of billions of dollars every quarter? If GMail wasn't making any money, it would have been shut down years ago.
Even at Google's scale, they cannot afford to provide high-touch tech support for 1.5 billion users. The fact Gmail is possible is partially due to their ability to scale low-touch tech support for free by supplementing the cost from other sources and, sometimes, just providing best-effort support.
(Remember, the cost isn't "How do we field calls from a fraction of our 1.5 billion users," it's "How do we tell whether that phone call is an actual user, or just an attacker treating our phone service as yet another attack vector?")
Keep in mind that all three of these companies provide support primarily to customers who have paid them. If you are on the phone with Apple about being locked out of an account, you have likely spent at least several hundred dollars buying their devices.
Apple has a full order of magnitude fewer iPhone users than Gmail accounts. I'm pretty sure, unless I have misunderstood, that acquiring an iCloud email account requires ownership of a physical Apple device... If you're suggesting we should back-stop this problem of marginalized users losing access to Gmail by subsidizing the homeless or elderly to own iPhones, I don't think it will work.
Amazon is similarly an order of magnitude fewer users than Gmail accounts (and tends to address this issue by pushing the hard-to-address auth problems onto the seller... There are known exploits for just pushing exorbitant costs onto the seller via buyer fraud). Amazon has a couple hundred million customers... Gmail is in the billions.
I am, perhaps, just simply old enough to remember when not everyone could have a Gmail account. Low touch customer service that works 99 plus percent of the time was necessary to open the floodgates for free. I have never seen a practical explanation of how to scale providing the service otherwise. There's room for improvement, but (a) every simplification of authentication must be balanced against how it can be abused to steal accounts, and (b) I cannot conceive of a solution that would rival high touch customer service, and that scales to the billions. If one exists, I look forward to being extremely pleasantly surprised (having myself been on the receiving end of losing my phone while away from home for an important event: yes, it really sucks, Google's trust model is they trust you zero without some corroboration if all you show up with is the password). But I've watched them hammer at the problem long enough to suspect it's uncrackable at the billions-scale.
That's a pretty [citation needed] assertion. Again, we're talking a risk surface stretched across 1.5 billion users. There are few architectures of that scale in existence today; we're talking Chinese government, every-bank-on-Earth numbers.
I'd be interested to see a workable solution but, to-date, I never have.
I remember being *stunned* in a positive way by Google's out of the box thinking back when they *invented* "self-service" account management, aka "no phone support provided". I thought that it was a brilliant move and that this little search company was really going places.
I hope I might be forgiven for failing to anticipate the consequences for our least affluent sisters and brothers.
I am now of the opinion (for many, many reasons) that human-interactive customer support is a mandatory cost of doing business when your business is materially important in the lives of the customers (both paying and not paying customers).
That Gmail is "materially important" is well established already, yes?
There are legal requirements of banks carrying enough PII on a person to reliably unwind an auth attack (and also to send the cops after them if they are the ones who commit fraud).
This would be one solution. But it would require Google to hold significantly more PII, explicitly, on every Gmail user than they do right now (and make the process of opening a Gmail account take a bit of time, like it does at a bank). This is one of the better suggestions I've heard, though it would threaten the integrity of the existing 1.5 billion accounts unless Google grandfathered them into a "low-identification" status.
You're missing the point. When a poor tech illiterate person signs up for an email account, they probably don't consider if they will someday need phone support to recover an account. They will choose a free account over an account that costs $5/month that they don't have. And that assumes that they even know about the paid email services. For a lot of tech illiterate people email and gmail are synonymous.
Ironically I just wrote[0] about my experience moving from Google to Zoho and, despite the slightly sub-par experience with Zoho, I'm happier now because there are actual human beings at Zoho that I can talk to when I run into a problem. I pay $1.25/mo for peace of mind.
I would recommend a $5/month email service. It would be nice if free Gmail gave even more free stuff, but only a paid for service can really expect paid support staff.
Having said that, this seems like a terrible idea from a security perspective. There may well be no way to design a service that is resistant to social engineering and lets you unlock your account via a phone call.