
Mailinator launches Disposable SMS - zinxq
http://mailinator.blogspot.com/2018/04/mailinator-launches-disposable-sms.html
======
wslh
The problem is phone number reuse, if you try to open an anonymous Google,
Twitter, etc account they immediately realize that phone number was already
used.

~~~
bluedino
Which brings the question, when will 'ipv6' for phone numbers come out?

~~~
BillinghamJ
Why would it need to...? We aren’t running out of phone numbers.

~~~
always_good
Phone numbers are regularly cycled. The nice thing about something like ipv6
is that you could build a system where reuse isn't any more convenient.

~~~
jldugger
And with your own personal block of /64, you could give out unique numbers to
anyone you want ^_^

------
exabrial
Good! SMS should have never been a 2fa technology, hopefully this causes a
splash and services start actually pushing people to TOTP and U2F!

~~~
pilsetnieks
You can't really intercept SMS with this, you know that, right? You can't just
write any existing number and start to receive messages sent to that number.
You can only use this to receive messages sent to phone numbers assigned to
Mailinator, and frankly, if you're using their numbers as a 2nd auth factor,
you kinda deserve what you get. It's no different than signing up for any
service with a Mailinator email address.

The only bad scenario was if they somehow got hold of real mobile numbers that
real people were actually using before but that were lapsed and got recycled,
without those people removing the numbers from, say, their Gmail accounts.

~~~
exabrial
The point I was trying to make is one SMS number does not equal a phone with a
paid, credit checked, account behind it. Making it easy to create SMS numbers
will help expose the weaknesses of using them for 2fa.

Many people have access to your SMSs. One bad actor at your phone provider,
the sms gateway, spoofing your sim, a bad app, or someone casually observing
your lock screen are a couple I can think off have, but I'm sure the security
experts know many more ways than I do.

~~~
zapita
Not disagreeing with your overall point, but note that you can configure iOS
to hide message contents from lock screen notifications.

~~~
Bromlife
iPhone X does this by default and only shows the message contents once Face ID
verifies you.

------
bsimpson
Would have been a dastardly April Fools if they just told you to make up any
phone number and then try to check its SMS messages on mailinator.com.

------
gus_massa
It's only one number? (I can't imagine other possibility.) In that case it's
even less private than the normal (public) email box of mailinator.

Do they sell a similar service with a private box?

~~~
DEFCON28
According to the linked article, they have a list of public phone numbers. I
guess they can cycle through fresh ones every few days.

Of course, if they simply provision a list of phone numbers and then give them
up and get new ones, the new holders of the numbers won't be happy....

~~~
lucb1e
So perhaps we should fix the problem at the root, rather than needing
disposable email address or phone number services.

------
Canada
These are going to get blacklisted quickly

~~~
huhtenberg
They already are.

Doesn't work for anything notable with a sole exception of Steam, which will
probably blacklist it in an hour.

~~~
middleclick
Unless someone comes up with a single-use-only phone number, this idea is not
going to work.

------
0x0
Is there a list of phone numbers available for SMS? Or a a way to generate a
different number? Or do you have to go with the one number linked in the
blogpost?

By the way, looks like you can see the sender's phone number for incoming SMSs
by choosing "JSON" as the format.

~~~
progval
> You can find the Public SMS numbers on the left navigation of Mailinator's
> "email" page (which we should probably think about renaming, huh?) or follow
> the link below.

But I can't find the list they are talking about

~~~
timvdalen
I think it's just the one-item list on that page

~~~
homero
1 number is more than useless

------
homero
I don't get it, only 1 number?

------
mankash666
If one sends an email to <number>@... they treat that as an SMS?

Does this get delivered as an SMS to said number? How's the deletion happening
on the phone? Do they delete the sms from the phone's SQL lite db that holds
sms-es?

~~~
lillesvin
What? No. They're not launching an SMS interception/hijacking service, they
just have a few numbers that you can use.

~~~
homero
It is confusing. That's how they describe it then they show one number.

