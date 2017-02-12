Not listed in the article: I run https://smsprivacy.org/
We don't require any identifying information for signup (not even an email address). We take payment in Bitcoin.
We have cheap virtual numbers available where our upstream provider blocks signup verification codes, and more expensive "physical numbers" available to receive verification codes.
Featured on Indie Hackers here: https://www.indiehackers.com/businesses/sms-privacy
Revenue has now grown to nearly $1200/mo.
Ask me Anything!
(Virtual number is $5 a month and physical number is $20 a day)
Our upstream provider of virtual numbers filters out verification codes from services like Google, Facebook, and Twitter.
The advantage of using a physical number is that no messages are filtered out.
They are more expensive because they are more expensive to me. And the typical customer only uses a physical number for one day, where the minimum purchase time for a virtual number is one month, so the effective price to the customer is "only" 4 times as much.
It's better than Twilio because Twilio filter out verification code messages, and because Twilio don't allow anonymous signup or Bitcoin payment.
And how would it even work? Would you post the gift cards to the company, and then they'd add to your balance when they receive them?
How is it better for either the customer or the business, compared to Bitcoin?
Plus I hardly spend any money in either Starbucks or Subway, so I'd then presumably need to find someone to sell them on to.
Surely it would be easier for both parties if you posted physical cash than physical gift cards (customer doesn't need to buy the gift cards, and business doesn't need to sell them).
I usually pay Bitcoin with my mobile wallet. Could you add a QR code for payment? Thanks!
You can also pick it up from pypi: https://pypi.python.org/pypi/em73xx
1. Is there any free way to send an SMS "from" a different phone number that you verifiably own, without actually sending it from that number? (e.g. if your service provider charges you for messages sent through them, but the phone number is yours)
2. Beyond that... how do VoIP services go about sending & receiving SMSs themselves? Why can't I do the same thing and bypass them?
Anybody who wants to be a serious player needs to have sufficient peering agreements that they can route traffic to every other player.
So yes you could do it yourself, the same as you could setup your own ISP. It's just easier and cheaper not to.
Does anyone know if you can select a Twilio trial number from a different country than your own?
Maybe it's useful information for someone, but it seems more like an SEO content trap than a blog.
Well, you need a phone number to sign up for a Google account, so Google Voice isn't an option if you don't already have a phone.
isn't an option if you don't already have a phone
And if you think "Gah, only an idiot would...", read HN threads about law sometime.
Then there was the time when I was traveling and verification SMS would not reach me because my carrier plan does not include receiving SMS internationally.
Then there was a few other times and cases where not using your phone (provided you have one and carrier plan) but a public text service instead.
To me phone based 2FA is mostly a scheme to collect users' phone numbers as there were in the past to collect email addresses. It introduces a pretty serious point of failure by relying on mobile number (no battery, no signal, no phone, changed number, prepaid card, etc.) while only being helpful in fringe cases such as when my password has been stolen.
Moreover it promotes bad security practices instead of fixing security issues, just slap some 2FA on top of whatever exists and now it is secure.
Then there is the question of how do I change my associated number when I change phone number, then what prevents a social engineering pro from changing the number too ?
I'm not sure using a publicly readable text service is so wrong, it mitigates the relying on phone point of failure, protects your privacy better, someone else reading the code may not be a problem as the code alone is useless.
As usual this really depends on what is the threat model you trying to protect from. Neither option will be able to protect you from a nation state targeted attack.
Never had that request from them, and I'm an active user of the Humble Bundle and Humble Store. What triggered that request?
At some point in the past collecting user email addresses became the standard and using disposable email addresses was the answer. More recently the trend seems to have upped to collecting phone numbers to which the answer is those public text services.
Abuse, for one -- many services use "prove you control a phone number" as a first-pass filter for "An action which is easy to do once but hard to do 100,000 times" to authorize people to do a wide variety of things.
It sounds like something that should be an open source crowd-sourced service!
It imagine it could work like this:
1) Generous people donate a phone number by putting a cheap prepaid SIM into an old smartphone with a special app on it.
2) Everyone else can now use this number to receive messages!
3) The service could end up having hundreds of phone numbers available, with stats (eg. last message received, number of messages received, downtime, etc.)
Just like generous people today run TOR exit nodes, generous people could run an "SMS entry node". (not sure if that term makes sense)
Disadvantage: like TOR, it can and will be abused by spammers.
Advantage: Companies need to come up with better anti-spam measures instead of "give us all your personal data".
Feel free to use it!
https://sms-scope.com/
