http://dont-do-ev.lol/

Does Google Maps actually push adverts through the turn-by-turn navigation in the U.S. now, or did you just confuse Google with some movie you saw? So far, it seems Google's success as an advertising business comes from being less obnoxious than the others. Pushing somewhat relevant ads might contribute to that.

No, but I close my browser regularly enough that using session cookies for tracking is bloody stupid. Which is why nobody does it. The rest of your post is just more ranting about cookies, without addressing the distinction between session cookies and persistent ones. This EU law doesn't appear to distinguish between the two either, and is therefore, just as stupid as you.

Except that this article wasn't talking about informing people; it was talking about restricting their knowledge, because increasing it leads them to conclusions the author doesn't want them to hold. That's why I used the phrase "manipulating information" rather than "education" - education implies increasing the student's knowledge; "manipulating information" means either increasing or restricting their knowledge, based on the goals you're attempting to implement.

So, advertising on your own site is anti-trust. Ok, thanks for playing.

So, you run a computer museum?

It actually is there already, at least in the current versions of the recovery interstitial. It says something like "Hey, this is important: We don't have a password recovery email address or phone number for your account. If you lose access, we may not be able to help you." and mentions that people without a phone number are much more likely to accidentally lose access to their account. I'm not sure we can make it much clearer than that, the more text on the screen the fewer people will read it.

Hi EzInKy,

Beyond being an avid reader of Slashdot comments (10+ years now!), I also work on Google account security, so am quite familiar with the phone number prompts you're seeing. Let me give you some background and maybe you can at least see our perspective on why we're doing this and why it's not necessarily "evil".

The traditional approach to handling users who forget their passwords, or otherwise need to be identified via a non-password based mechanism, is the secret question and answer. We have spent many years trying to make secret QA work. I myself wrote the code we use to correct typos, handle different abbreviations of street addresses, normalize unicode characters etc to try and increase the success rate. Other people have analyzed the types of questions/answers provided and encouraged users to select better ones. All to no avail. People just suck at choosing these options .... some people choose absurdly easy questions like "Do I like the incredible hulk?" or "In what month did I get married?". Lots of people forget the answer, even with the hint. The suggestions we provide (library card number, frequent flyer number) are often ignored as being too much hassle. Some questions looks superficially strong ("What is my mothers maiden name?") but we've seen fraudsters from Nigeria successfully research the answer to that question starting from nothing more than an email address! To top it all off, the success rate for good users is staggeringly low. Even with all the effort we put in to handling common mistakes, the success rate is rarely higher than 25%.

So we gave up on it. New Google accounts do not prompt you for a secret QA. Instead we ask for a phone number. The reason is that it's a kind of "second password" that cannot be guessed by random strangers unless you happen to publish it on the web (happens, but rare), most people have memorized it, and if we need a strong proof of authentication - like if you forget your password - we make an automated phone call. We have also been asking users to provide a phone number for existing accounts for the same reasons, our stats show users with phone numbers are dramatically less likely to lose their accounts.

You may think, well, I'll never forget my password so this is irrelevant. But nowadays we also use it as a second password in cases where we aren't sure a login is really coming from you (it seems unusual or suspicious in some way). You normally just have to type it in to confirm you know it. In very high risk cases, like using an IP that's been heavily abused before, we may want to send you a message.

You're right that the UI strongly encourages people to provide a number although it's still optional. I'd personally prefer to have the UI you suggest. However that will lead to a lot of users getting locked out of their accounts, no two ways about it. The alternatives for proving your identity are just so much harder. So there are no ideal solutions here. The numbers aren't used for anything else (certainly not advertising or anything like that).

You do know what an antitrust complaint is about don't you? It's not about having a monopoly, it's about abusing one. When has Google abused its search monopoly?