(no title)

Scammers can definitely get through it faster than you can. Whenever you attempt to address abuse in a system by increasing the complexity of that system, you implicitly bias it towards those with the time and inclination to study it, which always includes those with intent to abuse it, and generally does not include your users.

I'm in a similar boat...and over the weeks where i have been sending the requested docs/files...Apple reps come back and state that one of docs i sent them was not valid...so i ask them to clarify their "definition" of the doc..and they just either reply with unhelpful comments, or delay a little and delay things further. When someone asks for a copy of a payslip and you send it...but then Apple says its not a payslip, i genuinely am sad about the overall state of the world...I dislike apple and all these big tech providers for their abusive control/power and at the same time vast layers and levels of incompetence. :-(

Google made it very clear years ago that they shouldn't be trusted with anything irreplaceable/that would cause major problems if you lost access.

Once it became clear that they'd shifted from "crappy customer service" to (IMNSHO) "we fetishize the complete absence of customer service" it became dangerous to depend on them. Really, what's the worst that could happen? Maybe someone spams emojis in live chat on a game livestream at the request of the streamer on a personal account, it gets banned for abuse, Google recognizes that it's linked to other services and locks down everything? But that's so unrealistic I'm sure it could never happen.

It's not like they also have the ability to identify links between multiple accounts accessed by the same person and have automated processes that might stomp the associated accounts as well. Why, that would probably require something like allowing poorly-understood automated agents to take actions on their own!

> Fundamentally, this was google's fault for misusing a recovery email for 2FA.

While this would absolutely suck and I sympathise with anyone getting hit by this out of the blue, it's pretty clearly your fault, not Google's. What should they have done? Just permit everyone to avoid upgrading to 2FA indefinitely? That would result in relatively more account hacks overall, for which they would inevitably be roasted in the court of public opinion.

> Fundamentally, this was google's fault

Or yours, for not caring about 2FA. It's been a common practice for many years, and strongly recommended by most identity services, as well as OWASP and NIST recommendations.

What would you do in Google's place?

I have an "OG" mac.com account (got it about five minutes after Steve announced it). My wife actually has her first name.

We both get hit with "OG Hell," where people are constantly entering our emails. I think most time, it is accidental (maybe they meant "XXX1234", and forgot the number).

What makes it worse, is that Apple aliases mac.com, icloud.com, and me.com together, and there's no way to turn off one of the aliases.

mac.com is really in retirement. No one sets up new ones, but the miscreants typo icloud.com, which gets routed to me.

I have a rule, where I shitcan every mail to icloud.com, but I wish I could simply turn off the forwarder.

I logged in several times to other people's accounts and reset their passwords. But it's too tiring, people keep adding my email.

I hope it's because I have small simple email and not because they want to steal it.

My Gmail account is a funny word in Spanish that I got when there was still plenty of names available.

I get TONS of emails of people trying to join services that use my address as a "fake email".

This happens to me several times a month. I'm more concerned about account termination, in that if their Gmail account is terminated for some reason, mine would be as well due to it being the backup email address.

You could try stealing theirs. Surely, one of the forgot-password flows must use the recovery email.

I meticulously report every single of emails like this as spam. Every single one. If it _could_ be read as a phishing attempt, I report them as phishing.

Etc.

s/technologists/venture capitalists/

Any idea what the incentive is for them to put in an email address they can't access?

I run a few websites that accept an email address (all noncommercial, I have no interest in spamming anyone). One of them is the "contact me" feature on my personal website. To prevent spam, I had people just put in their email address and it'll automatically email them my email address. This works perfectly to this day, haven't got a single spam email on any of the addresses I've handed out, but the ratio of emails sent out to received is probably 50 to 1. Why would anyone put an email address in there if not to contact me? I've been wondering if it's used by mail bombing services, idk if that's a thing but I know of the concept of annoying someone by signing them up for a hundred newsletters. My site doesn't send recurring emails, though, and it doesn't allow putting more than two email addresses per month in, per /24 IPv4 block (and even more strict on v6). It's useless for mail bombing services but the (presumed) bots keep submitting a steady rate of maybe 2 new email addresses per day, each time from a new ISP in a random country. No email addresses is ever submitted twice. No rhyme or reason to it. If anyone can make sense of this, that might help me in stopping the abuse

> The former presumably does not verify when I ignore it.

That doesn't prevent a huge majority of them from sending you notification emails all the time even if you never verify.

> and the site also won't send you any more email because they don't consider the email verified

Netflix, for one, didn't do this. They kept allowing this guy to "resend his confirmation email" periodically over several months (I never had a Netflix account).

My theory is that it was an affiliate scam of some sort; someone probably got paid for everyone who signed up with his code. So he "signed up" thousands of random mails in the hope that some of them would click through on the "you're almost ready to start your Netflix journey!" mail and actually subscribe to Netflix.

This exact thing happened to me with a State Farm agent.

After a few months, I told them I was concerned about the privacy ramifications and would have to report it to their state insurance regulator, and it was very quickly fixed.

What is the word for harming other people in order to make more money for yourself, if not "malicious"?

> No need to look for malicious intentions, this is just a feature that costs money so it's very low (or zero) priority for profit driven organisations.

Malicious in-attention then, by the profit driven org? :)

If bartenders are legally (including criminally!) liable in some jurisdictions for their customers, then certainly a chain of legal liability can exist in other industries.

With AI these days it’d cost almost zero money. /s

Smartly, I got firstnamemiddleinitiallastname@gmail.com. I never get anybody else' details.

On the other hand... Occasionally someone gets my info because some careless person entered my email address into their system incorrectly. You'd think this problem would be solved by moving to a custom domain, but I still once in a while find someone completely ignore what I put into the form and sign me up as firstnamelastname@gmail.com.

This is a catchy aphorism, but not really true. Things can be badly implemented so that they fail to achieve their purpose.