Google has shifted its account registration process to require users to *send* an SMS via their phone number instead of receiving one via QR code. This change, framed as a security enhancement, disrupts traditional verification methods and complicates privacy-focused account creation. Users no longer can scan a QR code during setup; instead, they must trigger an SMS from their device to Google. While harder to bypass than receiving a code, this method also blocks services like SMSpool, forcing users to rely on personal phones or workarounds.

The shift raises significant privacy concerns, particularly for those avoiding traceable identifiers. One workaround involves using a temporary number in a foreign country—such as an Italian SIM card during travel—to register an account. By enabling 2FA via an authentication app and YubiKey immediately, users can bypass SMS verification long-term. However, this relies on Google not linking the account to the temporary number indefinitely. The company does retain records of past numbers, but enforcement against reused numbers is inconsistent. The method also excludes users without smartphones, highlighting accessibility issues. Spoofing risks remain unaddressed, as Google provides no manual code entry option. Critics argue this approach prioritizes security theater over practical usability, especially for non-technical or privacy-conscious users.

The move reflects broader tensions between security demands and user privacy. While SMS sending adds friction against automated abuse, it creates new barriers for legitimate users. The lack of a fallback method for those without smartphones or in regions with strict SIM regulations underscores the policy’s flaws. As Google tightens controls, users may increasingly seek decentralized alternatives or advocate for more flexible verification options. The balance between security and accessibility remains unresolved, with potential long-term implications for how identity is managed in digital ecosystems.