I could support something like this IF, VERY BIG IF, the money goes to support the people actually produced the music. Not Copyright Board of Canada, the MIAA, or RIAA, or Sony, or any of the big companies out there. It needs to go to the artists. Otherwise it is just becomes another organization gaming the laws to become a bureaucracy that is a parasite upon other peoples works.

you are blaming google for what china is doing, and you are not giving google any credit for being subtle, perhaps because you are a person who doesn't understand anything subtle

china is going to censor the web. with google or without google

now anyone with an iq over 50 can tell why their connection is breaking: it's not google, it's china being a censor

they didn't carefully avoid anything, they didn't say "china is censoring us" because then china would cut off google

do you understand now?

It actually is there already, at least in the current versions of the recovery interstitial. It says something like "Hey, this is important: We don't have a password recovery email address or phone number for your account. If you lose access, we may not be able to help you." and mentions that people without a phone number are much more likely to accidentally lose access to their account. I'm not sure we can make it much clearer than that, the more text on the screen the fewer people will read it.

Hi EzInKy,

Beyond being an avid reader of Slashdot comments (10+ years now!), I also work on Google account security, so am quite familiar with the phone number prompts you're seeing. Let me give you some background and maybe you can at least see our perspective on why we're doing this and why it's not necessarily "evil".

The traditional approach to handling users who forget their passwords, or otherwise need to be identified via a non-password based mechanism, is the secret question and answer. We have spent many years trying to make secret QA work. I myself wrote the code we use to correct typos, handle different abbreviations of street addresses, normalize unicode characters etc to try and increase the success rate. Other people have analyzed the types of questions/answers provided and encouraged users to select better ones. All to no avail. People just suck at choosing these options .... some people choose absurdly easy questions like "Do I like the incredible hulk?" or "In what month did I get married?". Lots of people forget the answer, even with the hint. The suggestions we provide (library card number, frequent flyer number) are often ignored as being too much hassle. Some questions looks superficially strong ("What is my mothers maiden name?") but we've seen fraudsters from Nigeria successfully research the answer to that question starting from nothing more than an email address! To top it all off, the success rate for good users is staggeringly low. Even with all the effort we put in to handling common mistakes, the success rate is rarely higher than 25%.

So we gave up on it. New Google accounts do not prompt you for a secret QA. Instead we ask for a phone number. The reason is that it's a kind of "second password" that cannot be guessed by random strangers unless you happen to publish it on the web (happens, but rare), most people have memorized it, and if we need a strong proof of authentication - like if you forget your password - we make an automated phone call. We have also been asking users to provide a phone number for existing accounts for the same reasons, our stats show users with phone numbers are dramatically less likely to lose their accounts.

You may think, well, I'll never forget my password so this is irrelevant. But nowadays we also use it as a second password in cases where we aren't sure a login is really coming from you (it seems unusual or suspicious in some way). You normally just have to type it in to confirm you know it. In very high risk cases, like using an IP that's been heavily abused before, we may want to send you a message.

You're right that the UI strongly encourages people to provide a number although it's still optional. I'd personally prefer to have the UI you suggest. However that will lead to a lot of users getting locked out of their accounts, no two ways about it. The alternatives for proving your identity are just so much harder. So there are no ideal solutions here. The numbers aren't used for anything else (certainly not advertising or anything like that).

I don't like the real names policy either, but it's not like the competition doesn't have the same policy. The alternative is diaspora (as far as I am aware there are not other credible, directly comparable alternatives) and it has not really been embraced so far.

Don't worry, if history is any indication the USDoJ will catch Microsoft red-handed for this only ten years from now and at a cost of only tens or hundreds of millions of taxpayer dollars.

Of course, if history is any indication, Microsoft will be let off the hook without penalties by whoever is sitting where Ashcroft was sitting last time.

I adore that one of the big bad guys in Freelancer is named Ashcroft.

As long as they keep killing the competition with their competence instead of compelling us to consume their crap with coercion then I'm fine with that. I don't use google because there are no alternatives, there are alternatives to everything they offer. I use google because so far it is superior for my needs.

Why not draw a parallel to the current American housing crisis? Homeowners should have known better; banks knew they didn't know better, and took advantage of them. The government helped. Everyone is wrong except for those who didn't involve themselves.

Those wars all accomplished what our masters in the MIC wanted them to accomplish; they made big fucking piles of money. Those wars are all massive successes from their point of view, and since they're the ones calling the shots, they all WERE massive successes. The goals simply weren't what you were told.

who wrote stuxnet