Should users with poor vision also have to use a special blind-person email provider? Because, I'd expect supporting screen readers to take significantly more effort than adding the setting I outlined.

Also, if I was homeless, I wouldn't want my email address to indicate I was homeless.

I broadly agree that it isn't Google's job to cater to everyone, but in this instance, the ask seems overwhelmingly reasonable—and less than what we expect in other circumstances.

What is the ask that is overwhelmingly reasonable? As has been pointed out to me and others, Google already offers a way to turn off 2FA - https://support.google.com/accounts/answer/1064203 Naively this seems like it should solve the 2FA problem for the unhoused community members in question.

With this in mind, what else should Google do?

Even when 2FA is disabled, Google will insist on additional verification (phone, recovery email, etc) if it thinks something about your browser or IP address is unusual, even if you know your password. If you don't have a verification method (or cannot access it), Google will literally just lock you out. I have personally experienced this.

It should be possible to turn this off!

OK. That raises all sorts of follow-up questions, as turning off security measures can be expected to have consequences.

What should Google do in the scenario that this purposely-low-security-for-the-unhoused account is breached? What about abuse? Are we OK with Google just shutting off accounts in that scenario? Are we prepared to accept that the members of our community experiencing being unhoused will find themselves constantly creating new accounts as their old ones are shut off or rendered unusual from the consequences of purposely-low-security-for-the-vulnerable?

Remember, things like gmail accounts are under constant attack. Security measures, the very ones we're talking about disabling, help keep those attacks at bay. Each of those things that triggers verification actually lines up with real attack patterns.

So while this may be a small-ish thing to ask for, I'm a little concerned about the consequences. We're literally asking to offer the most vulnerable and marginalized members of society shittier security and ignoring the effects of this.

> Are we OK with Google just shutting off accounts in that scenario? Are we prepared to accept that the members of our community experiencing being unhoused will find themselves constantly creating new accounts as their old ones are shut off or rendered unusual from the consequences of purposely-low-security-for-the-vulnerable?

I am, yes, if the alternative is that they loose access to their account every few months!

Also, at least this way people have the ability to keep their accounts truly safe if they choose a strong, unique password. If Google just locks them out no matter what, there's no recourse.

> I am, yes, if the alternative is that they loose access to their account every few months!

Good to hear, though I confess to a bit of confusion. The issue I pointed to is that they're going to lose access to their accounts frequently as their accounts get breached, abused, and shut off. As opposed to losing access because they lost their phone number.

> Also, at least this way people have the ability to keep their accounts truly safe if they choose a strong, unique password. If Google just locks them out no matter what, there's no recourse.

As described in the Twitter thread, we're talking about people who already struggle to remember their passwords. I doubt this will improve if we require basically regular people to have strong passwords, but perhaps you have reason to think differently.

Basically I think you're trading one cause of lockout without recourse for another cause of lockout without recourse with this proposal. This does not strike me as progress. For my own part, I think Google is the wrong place to be trying to address this issue - perhaps porting phone numbers within the Lifeline phone program would be better.

I don't think people's accounts are getting hacked anywhere near three times per year. And while remembering passwords is a problem, surely it's easier than remembering a password and keeping track of a second factor device?

You're right, people's accounts aren't getting hacked that often. This is because of a wide array of security measures - the ones you're suggesting be disabled. The frequency of breaches goes up significantly without those in place, especially when coupled with the kind of weak password likely to be chosen by struggling, marginalized, vulnerable people whose priority is not keeping bots at bay.

In short - yes, but the consequences defeat the point.

Gmail is a perfect fit in theory. Google provides a product, workspace, where you can hand out gmail addresses and reset them at need. Given that the cost of providing such accounts is actually less because the support burden falls on the city it might be possible to convince Google to provide them at less than the standard cost.

Of course they can. It's the only thing they've ever done. I honestly can't think of a company that thinks less of its users than Google does - that's because in their view, they have no users - they only have eyeballs, that are worth anywhere from fractional cents to hundreds of dollars every time they can grab them.

Using "support" and "Google" in the same sentence is laughable. They barely support the ad clients that pay their freight. Google's entire business model is built around NEVER providing support for the users of their technologies, and killing off any products that don't monetize.

> They didn't design it with this use case in mind.

Where on the gmail page does it say "not for homeless people, sorry"?

Adding (and forcing) 2FA was a recent decision from Google, which came a long time after Gmail the product was already introduced. There are millions of accounts which were created long before anyone had an idea what a smartphone was, let alone phone-based 2FA.