No, people like you really highlight the “If they don’t help everyone then they are being immoral” mentality. Which is wrong.
Down grading security for the benefit of a tiny minority with an especially ridiculous use case is not the greater good. If the homeless people think they are at risk of losing their phone then they should pick another free email vendor.
1. Vulnerable populations need more assistance accessing essential services required to participate in society
2. Service providers need to maintain a reasonable level of security for their customers
Can both be true. Saying that maximum (or minimum) levels of security are required at all time completely misses the point of security--which is to mitigate risk. How much risk is appropriate varies a lot by context.
Beyond the context of risk, there is reasonable debate to be had on how to best provide access to essential services to vulnerable populations. It's pretty important to have an email nowadays and if you're not tech savvy or an individual/community has little to no money to spend it's not unreasonable to have the reality of the matter be that there may simply not be many good alternatives (or awareness of alternatives) to GMail.
I'm not sure what a correct answer here looks like, but I don't think ignoring the need is an approach that gets us to a better society or enables vulnerable populations to better care for themselves.
> there is reasonable debate to be had on how to best provide access to essential services to vulnerable populations.
What is the debate? The government can collect taxes and provide services, like they do for multitude of other needs.
> I'm not sure what a correct answer here looks like, but I don't think ignoring the need is an approach that gets us to a better society or enables vulnerable populations to better care for themselves.
The correct answer is not depending on the largesse of businesses. It is using government resources to provide methods for identity verification, communications, and various other bare minimum needs for living.
The debate parent mentioned is what to do with the money, not where to get money. You can see that there are lots of possible options, right? But you say use taxes like it’s ‘duh, easy’ or something. Now we’re in the realm of the debates actually happening every day in the US, whether to provide social services at all, before we even discuss how much money they need, what to do with it, and where to get it. A huge portion of people this country seem to believe that they don’t benefit from taxes and would prefer safety nets for other people not come out of their pockets.
> The correct answer is […] using government resources to provide methods for identity verification, communications, and various other bare minimum needs for living.
This also sounds like you think it’s easy, without considering the implications. (If govt resources is the solution, why do we still have a problem?) We don’t have municipal or federal Gmail or Facebook, and there are reasons to believe programs like that would take a long time and cost a lot of money. The ‘bare minimum needs’ have changed dramatically in 20 years, and will probably keep changing just as fast for a while, with the homeless population growing in the mean time because the tax-funded social safety net we have isn’t doing the job.
> A huge portion of people this country seem to believe that they don’t benefit from taxes and would prefer safety nets for other people not come out of their pockets.
Exactly, and they love it when people waste time and energy blaming businesses for not providing charity. This whole tweet storm should not be directed at Google, but directed at the US federal government.
> This also sounds like you think it’s easy, without considering the implications. (If govt resources is the solution, why do we still have a problem?)
Because it is purely political. Stalling progress on providing essentials for life helps keep people from getting help, and hence keeps taxes lower. If the US government can do identity verification for passports at USPS offices, it can do the same for other purposes.
>We don’t have municipal or federal Gmail or Facebook, and there are reasons to believe programs like that would take a long time and cost a lot of money.
If the world’s leading country cannot setup email infrastructure, then we have huge problems. Presumably, it already does for the how many million federal employees?
> The correct answer is not depending on the largesse of businesses. It is using government resources to provide methods for identity verification, communications, and various other bare minimum needs for living.
To be fair I don't see how any government system can do better regarding identity on the internet. Login.gov is one of the best services I've used for access to usajobs/SSA/etc but it follows some of the same security best practices people are complaining about here with no real way to re-gain access to your login.gov account should you lose your 2fa methods (afaik).
The US government uses the USPS to do identify verification for passports. If it can handle identity verification for passports, why would it not be able to handle identity verification for other purposes, such as replacing or reauthorizing one’s MFA device?
Hell, it should be trivial to offer federal government provided emails with ID verification with customer service in the event of loss of device/loss of ID/death/etc.
Passports require the most paperwork out of anything - your in particular, a birth certificate, a second form of ID including a driver's license, a photo, and $130+$35. The USPS isn't just looking at a face and issuing a passport.
0The issue here is that homeless don't hold onto anything physical for 4 months; identity verification breaks down in-person immediately as shelters/libraries can't be expected to run a facial recognition operation, and specific shelter employees/volunteers aren't guaranteed to be there anytime a homeless person might walk in and need those backup codes, but it breaks down even further online since 2fa is inherently 'what you know' + ('what you have'/'who you are').
> Passports require the most paperwork out of anything - your in particular, a birth certificate, a second form of ID including a driver's license, a photo, and $130+$35. The USPS isn't just looking at a face and issuing a passport.
The point is the hardest part of the problem is already solved - which is the physical infrastructure and labor. As for not holding onto physical items, USPS also has little boxes that people can keep their belongings in.
The USPS and banks would be ideal identity validators. Having run a few mail servers I don't think the Govt is best placed to do that, but they could outsource it to google, with a few tweaks to allow identity attestation.
Many other countries have a central government portal with secure messaging, with federated identify. Heavily reliant on 2FA of course.
Down grading security for the benefit of a tiny minority with an especially ridiculous use case is not the greater good. If the homeless people think they are at risk of losing their phone then they should pick another free email vendor.