[SOLVED]

Thank you so much for everyone's support and suggestions, it seems that I may have overreacted a little bit. One of the things that I did was send a form to Google, but the form was not really for this issue, so I wasn't hopeful at all. To my surprise, I received a message just now with instructions to recover the account and change the 2-factor phone number to my mother's current one. The cause of the issue is not clear, but whatever it was, they sorted it out. She is obviously ecstatic, when I went to her house two days ago I couldn't disguise my pessimism.

I set her recovery email to my own and will generate recovery codes shortly, so we're good for now. I instructed her on how to download all her data from Google (it's easier than I thought), just because this made her quite paranoid, and I'll take the opportunity to gradually move my family out of Google, as well as myself. Thanks for being so supportive, this was very stressful, to say the least! Sometimes it's nice to know we're not alone ;)

Original post

So, for some reason Google logged my mother of everything at once: browsers in two laptops and two smartphones (one Android and one iPhone). Trying to recover the account sends a message to a cellphone number she no longer has. I understand Google is basically unreachable, but there must be something I can do, right? We're not famous, but she does pay for YouTube Premium.

In a discussion on Hacker News, Jonathan Mayer pointed out that the differential privacy code was removed from Chromium. It looks like they finished doing this in February.

I haven't seen any announcement, discussion, or explanation of this based on a brief web search, so I figured I'd note it here.

At about the time this process finished, there was a Google blog post about how they're still using it in other products.

We first deployed our world-class differential privacy anonymization technology in Chrome nearly seven years ago and are continually expanding its use across our products including Google Maps and the Assistant.

(If you read this quickly, you might think it's still used in Chrome.)

Reading between the lines, I suspect that some folks at Google are still advocating for more usage of differential privacy, but they lost an important customer. Why that happened is a mystery.

Ubuntu has this package installed by default:
network-manager-config-connectivity-ubuntu

It's only purpose is to provide settings for NetworkManager to send requests to connectivity-check.ubuntu.com , and based on the result (AFAIK) detect redirection by captive portals and open an ISP's page (think public WiFi, or hotel rooms, where you need to authorize to access the net).

Well, connectivity-check.ubuntu.com is hosted on Google cloud (you can check that by running:

dig connectivity-check.ubuntu.com
whois [the IP from previous query]

), so by default Ubuntu sends requests to a Google cloud page.
I don't say Google counts daily active Ubuntu users (because many of those have the same IP), or that Google actively logs and analyzes that data. But some of you guys may not like that behavior.

So what's the fix?

Purge the package

sudo apt purge network-manager-config-connectivity-ubuntu

If you do need a captive portal detection, create your own config file to query some HTTP (not HTTPS) page of your choice, in the example below I have a Debian page used for the same purpose. Use your favorite text editor to create and edit /etc/NetworkManager/conf.d/90-connectivity-custom.conf :

[connectivity]
uri=http://network-test.debian.org/nm

Restart NetworkManager

sudo systemctl restart NetworkManager

If you run an Ubuntu derivative, please report if you have network-manager-config-connectivity-ubuntu installed in the comments.