"I am surprised that the EFF is recommending two factor auth instead of avoiding Google..."
Yes, I was surprised by this too. Giving away your mobile phone number is not something I'd consider doing lightly. What's more, Google have a poor record on privacy matters.
If you provide your phone number to Google, who has access to this info at the company? Is your phone number encrypted so that no-one sees it at Google? i.e is it only accessed by automated computer systems? Do they have strict procedures in place that allow access to authorised staff under particular circumstances only? Do they tie your number to other tracking info? (Of course, Google would never reveal this, but it wouldn't surprise me if they did).
I think these are perfectly legitimate questions to ask when a company stores your personal information. And particularly for a company that has greater oversight of online activity than anyone else. We don't know the answers to any of these questions, because Google's vaguely-worded privacy statements tell you nothing. (The help text when signing up to a Gmail account simply states "your phone helps with keeping your account secure...")
You might feel you can trust Google on matters of security, but can you trust them on matters of privacy?
> Giving away your mobile phone number is not something I'd consider doing lightly.
Why? Unless you're a world famous celebrity no one is going to call you. I put my Google Voice number all over the place and the only issue I have is with recruiters.
Yes, I was surprised by this too. Giving away your mobile phone number is not something I'd consider doing lightly. What's more, Google have a poor record on privacy matters.
If you provide your phone number to Google, who has access to this info at the company? Is your phone number encrypted so that no-one sees it at Google? i.e is it only accessed by automated computer systems? Do they have strict procedures in place that allow access to authorised staff under particular circumstances only? Do they tie your number to other tracking info? (Of course, Google would never reveal this, but it wouldn't surprise me if they did).
I think these are perfectly legitimate questions to ask when a company stores your personal information. And particularly for a company that has greater oversight of online activity than anyone else. We don't know the answers to any of these questions, because Google's vaguely-worded privacy statements tell you nothing. (The help text when signing up to a Gmail account simply states "your phone helps with keeping your account secure...")
You might feel you can trust Google on matters of security, but can you trust them on matters of privacy?