Comment by KennyBlanken
5 years ago
Yep, the latest example was my credit card company rejecting my GV number. They easily have the means to see that I've been using it for 10+ years and it's definitely me. Luckily they wanted my business more than they cared about that policy; a CS droid was able to "force" the system to allow it.
Requiring cell phone numbers isn't about anti-spam or 2FA or anything else these services and sites claim.
It's about linking your account to a real person identity, so they can sell that to someone - either live, or later when they get bought out (privacy policies almost always have a clause that allows them to just fork over all your info to whoever buys the company.) "Where was phone number 111-555-1212 at any point in time" is really valuable these days.
SMS for 2FA is less secure because cellular accounts are almost trivial to take over. Carriers never intended for their accounts to become so important to security. These days you can get a second password added to prevent shipping out a new SIM or transferring the account, but that's bypassable by a cellular store on the corner, and poorly implemented (my carrier just adds it as a CUSTOMER VISIBLE AND EDITABLE comment on my profile. WTF?)
If you get someone's unlocked cell phone or a SIM card, you can get access to their email account, their bank and credit cards...damn near everything. How fast can you lock and wipe your phone if it was ripped out of your hands while you were using it in a public place?
> It's about linking your account to a real person identity, so they can sell that to someone - either live, or later when they get bought out
Yeah, this can't be emphasized enough. Phone numbers are established as universal identifiers. Discord is sitting on a giant heap of personal information including DMs from millions of young people. It is all centralized, both in terms of data, and in terms of accounts (instead of them having to correlate an account between multiple forums, most of which volunteer run and they don't turn over non-public data for money), and also associated with phone numbers. Making multiple accounts for different areas of life is made hard. Beautiful for whoever has access to the data.
Not only discord. Today it's easier to say what chat applications don't use phone numbers than those which do.
Asking for information for one purpose and using it for another is amazingly user-hostile and abusive, and it's an almost universal practice for technology companies.
I first noticed phone number abuse with facebook, which asks for a phone number for "security" but then uses it to match you with advertisers.
It's the same scam that sites have been running for years where you have to use an email address as a user login, and that address is instantly added to spam lists.
"Sign in with Apple" is hilariously useless since privacy-violating apps can just require a phone number for "security" or "verification" purposes.
> "Sign in with Apple" is hilariously useless since privacy-violating apps can just require a phone number for "security" or "verification" purposes.
Apple is one of the only companies with both the ability and a possible incentive to push back on that behavior. I wonder if they will.
It's 100% about linking identities between services. I've had my cell phone number for 25 years. It's basically a lifelong identifier at this point and I constantly have to use it for low value online accounts. I wish I could go back 10 years and get a dedicated phone number for online verification.
The security side is a total lie as well. Your post made me think about the biggest risk for myself and, like many people I know, I put my email address on my lock screen so that if I lose my phone someone can get it back to me. Now it just clicked for me and I realize I need to change that because if I lose my phone someone has everything they need to recover a lot of my online accounts. My Google, Microsoft, Amazon, etc. accounts all use that same email address and all they need to do to perform SMS recovery is put my (unlocked) SIM in another phone.
It’s the new SSN but even less private.