Comment by vizzah

2 years ago

$6 million per year on outgoing SMS? Do not send SMS to users, make users send SMS to you instead to confirm their numbers! I have this solution for years and it works >90% of the time. The rest 10% is calling a verification number which drops calls with busy signal (no fees for the caller) but sees who is calling and is able to verify their number.

16 comments

vizzah

Reply
illiac786  2 years ago

Significantly less secure. Faking the sending number is much easier than hacking SS7 and getting SMS routed to you which are not destined to you (which is also doable but require an order of magnitude more skills and ressources in my view).

  • nickff  2 years ago

    This is correct; anyone with relatively basic knowledge of VOIP can spoof any number (and CID name) they want.

    • costco  2 years ago

      I don't think ANI is spoofable in practice. But that requires a toll-free number which costs money per minute.

johndoe18637  2 years ago

It would be great if Signal wouldn't require a phone number for account setup at all

  • illiac786  2 years ago

    this is in testing and coming to you early next year.

    • traviswt  2 years ago

      Would invites be a solution? Anyone can sign up if they provide a number, otherwise you need an invite from someone with a number linked. It would clump the identity/legitimacy for all invitees into origin number, but still allow disparate accounts.

      5 replies →

dheera  2 years ago

Or just kill SMS entirely. SMS is old tech from the 1990s. We have better things now, like e-mail over LTE/5G, that work across countries, across devices (whoa!), across providers, across SIM cards (wow!) allow more than 140 characters (wow wow!), and allows easy-to-remember alphanumeric identifiers for user ids (wow wow wow is this the future!). I hate SMS confirmations, I don't want to use my phone number as a username, and I will most certainly never donate to an organization that is using my donations to pay for stupid SMS texts after e-mail was invented.

  • pmlnr  2 years ago

    > We have better things now, like e-mail.

    Funny how email, being from the 70s, is actually better.

    • warner25  2 years ago

      I think we're all on the same page here, but the point is specifically "e-mail over LTE/5G..." (or really HTTPS over TCP/IP/LTE). I see SMS as this weird, independent, kluge of a data channel on the side, which was only cool when phones weren't yet fully interoperable with the Internet.

      I feel the same way about the entire telephone system at this point.