This is a companion discussion topic for the original entry at https://www.youtube.com/watch?v=hf5d1L6qfes
Some context: I felt we never did deep-dives into current topics, and we had these discussions internally anyway - so we decided to try and have a discussion while bringing them to all of you to show how we think & discuss updates pertaining to privacy & security. There will surely be the immediate “EWW, APPLE!” crowd, but every episode will cover a different topic of that week. Hope this brings value!
I dig this and it would be cool to have more episodes.
I also appreciate the forum enthusiasm, lol.
Google accounts can be used with TOTP 2FA, but that’s not the default. You first need to disable Google prompts / SMS 2FA.
As far as I’m aware you can’t disable Google Prompts and SMS and keep TOTP enabled, it can only be used as a backup method.
- Physical SIMs: In some countries you can buy a SIM and it’s automatically activated.
- Big screens: More space → bigger keyboard → better usability, better readability. Currently Pixel 3a XL and it’s a perfect size for me.
As long as you’ve never logged in to an Android phone with that account, you can use TOTP only (almost).
The only time it prompted me for SMS verification (burner number) is when I wanted to look at my 2FA settings (screenshot is attached), using Tor might explain that. Also apparently Google still keeps this number although I’ve deleted it, and it doesn’t show up anywhere else.
Interesting! So if you ever log in to an Android device it just triggers a lifetime of no TOTP on a Google account?
It appears so, yeah
Well that explains my issue with this. In all seriousness, this seems like a genuine oversight rather than an intentional design. But I guess we’ll never know.
My reasons for using large smartphones:
- Battery life
- Consuming video content on larger screen (aka watching 50mins of techlore talks)
- Google maps while driving also benefits from the large screen
- Photography with larger “view finder” or preview on large screen
Loved the new series Idea!!
We definitely need more deep dives, a lot of people including myself rely on surveillance report for weekly updates so a deep dive is very informative and ties well with the channel’s flow.
Feels like a more personal podcast.
It was nice having @Jonah , great coverage!
Also I approve of the name
Idea at the top of my head: Maybe we could have a screen that shows what you are talking about kinda like surveillance report for viewers that haven’t looked at the new update yet, although I don’t know if that would defeat the purpose of the series or would make it look more like an in-depth report and less of a talk, would love to hear your thoughts.
I have a similar story with Google Messages. So there is a web client that you can use to be able to text from a browser. I use it for work and it works great, but at work I try to never log into my personal Google account. There was no problem just connecting to the web client directly.
One day I have to log into my Google account on my work machine, so I do so and promptly log out. When I logged out, all of a sudden I couldn’t use Google Messages without being logged into my Google account. “Ok,” I thought, “let me just close Firefox so that it dumps my cookies so Google Messages forgets.” No dice. I had to delete the cookie for Google Messages itself and log back in for it to let me pair my phone again without logging in.
So that’s not the only situation where Google takes advantage of other Google products to “encourage” staying in their ecosystem. I think this could still be an oversight because if I’m using Google Messages then I’m probably on Android anyway, which means that if Google wanted to they could have forced me to log into my Google account from the get-go.