"Sign in with $Clearinghouse" could bring you to a page that prompts whether you want to share a user ID or the phone number, as required, with that service.
The clearing house verifies you only once, or once a year, instead of every time. If the clearing house were to be a nonprofit, perhaps even set up by Signal themselves to spread costs with similar services, that has to be cheaper.
It also gives users confidence that only a randomized user ID was shared, so it won't be used for cross-service correlation and tracking, if the service didn't actually need your phone number but only some identifier.
This does not reduce the overall cost, it just shifts it to the clearinghouse. Who pays the clearinghouse so that they can cover their own exorbitant SMS costs?
"Sign in with $Clearinghouse" could bring you to a page that prompts whether you want to share a user ID or the phone number, as required, with that service.
The clearing house verifies you only once, or once a year, instead of every time. If the clearing house were to be a nonprofit, perhaps even set up by Signal themselves to spread costs with similar services, that has to be cheaper.
It also gives users confidence that only a randomized user ID was shared, so it won't be used for cross-service correlation and tracking, if the service didn't actually need your phone number but only some identifier.
A Flow:
> Service A => User: Please Enter Your Phone Number and Email
> Service A => Clearinghouse: Please verify phone number XXX wants to sign up for an account with us
> Clearinghouse => User (SMS): Please respond with the Email you used at signup to confirm you want an account with Service A
Later...
> Service B => User: Please Enter Your phone number and Email
> Service B => Clearinghouse: Please verify phone number XXX wants to sign up for an account with us
> Clearinghouse => User (Email): Please verify you want an account with Service B
Not saying it's great (providing email twice is annoying), but it's something.
This does not reduce the overall cost, it just shifts it to the clearinghouse. Who pays the clearinghouse so that they can cover their own exorbitant SMS costs?
You miss the crux of it: the second time onward the clearing houses uses email to authenticate the previously-SMS-verified account.
2 replies →