this post was submitted on 26 Mar 2024
279 points (94.9% liked)
Privacy
32173 readers
534 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I imagine SMS authorisation texts are Telegrams biggest single expense, they are for Signal https://signal.org/blog/signal-is-expensive/
Telcos know that authentication is about the only remaining use case for SMS and are not going to turn down the revenue stream.
That said this idea from Telegram sounds absurd. Not least I expect most contracts prevent reselling free SMS’s like this. The security implications have got to be significant too.
And it can't die fast enough, as it's essentially the same as broadcasting your sensitive information over unencrypted radio.
Apart from security, phone number based user identification is such a half-assed approach and I still don't get why Signal wants to die on that hill. It's inconvenient, yet trivial, for anyone to register a second, third or tenth phone number. With a bit more knowledge and inconvenience, even anonymously. It adds so little.
It's pretty drastically harder to register 100 phone numbers, especially in your target region, than 100 email addresses. Major spammers and such work with automation across many accounts, this isn't designed around someone with 10 accounts.
They accept VOIP numbers, so… not really that much harder.
They should just only allow other 2FA methods, like OTP, TOTP, and HOTP. It's really not hard to install an app to handle it...