Hacker News new | past | comments | ask | show | jobs | submit login
Build a burner phone with Twilio and Kotlin (twilio.com)
312 points by harel on July 18, 2017 | hide | past | web | favorite | 117 comments

You might want to use the term "single-purpose number" or something similar. Burner phone is colloquially used as a term for non-registered/anonymous phones, which this isn't. Sure it sounds cool but people might assume that's what they are buying...

i was going to call you out for being overly precise, but given that this is literally hosted by essentially a Telecom company its a pretty valid point.

That being said, burner doesn't mean anonymous. Burner means disposable. Obviously you're not going to dispose of your account, application, and server every time you're done with the number.

It's also not even a phone. I guess its a phone application in the most minimal sense of the word..

So here's by detailed response https://www.twilio.com/blog/2017/07/building-a-fully-feature...

But I agree with kchr in principle. "Burner" may not mean anonymous but it's more often than not associated with anonymous and anonymity. It's the go-to perception or association if you will.

So I think kchr and I are saying the same thing: the article is using the burner/anonymity context as a little click-bait IMO and it's not a big deal but it's a valid point.

True, but it's mostly anonymous (but not subpoena-proof). There are multiple mobile apps that refer to themselves as "burners" (burn the number) but the same caveat applies.

>mostly anonymous >(but not subpoena-proof)

Then it's not anonymous, "mostly" or otherwise.

Any entity that is either subject to CALEA, or behaves as if it's subject to CALEA, is not your friend.

Note that Twilio, although not subject to CALEA, still behaves as if it is, bending over backward to honor any and all "lawful requests" for customer information, and requiring PII on account signup: https://www.twilio.com/legal/law-enforcement-guidelines

A valid search warrant issued under the procedures described in the Federal Rules of Criminal Procedure or equivalent state warrant procedures upon a showing of probable cause is required to compel Twilio to provide the contents of communications sent or received through Twilio’s products or services.

How utterly unreasonable. Yeah, the man is totally trying to keep you down through Twilio.

No, that wasn't the point. The claim was that Twilio was "mostly anonymous", which isn't true.

If you're not a member operating under the criminal or civil justice system in the United States, it might be anonymous enough. Anonymous "enough" is all you'll usually get anyway. If you want to get technical, there's no such thing as true anonymity. Of course, whether or not "enough is enough" is, as always, going to depend on your threat model.

> The claim was that Twilio was "mostly anonymous", which isn't true.

If you accept that anonymity isn't a purely true/false proposition, which you are doing by using the word "mostly," having your identity only available to law enforcement after a court order has been issued seems like a textbook instance of "mostly anonymous."

Aren't we comparing this to a cell phone and service I could buy from CVS with cash and no ID?

Possibly? In this sort of continuum of anonymity we're talking about, that's probably a lot more anonymous (but it isn't fully anonymous unless you're paying someone else to buy the phone for you in a different city, and they don't know who you are, and probably some other things I'm not paranoid enough to think of).

It's still fine to say Twilio is "mostly anonymous," and objecting to that - that Twilio is "mostly anonymous" - on the basis that law enforcement can find out who you are with a court order is very silly. As if a service that requires due process of law to uncover any information about you is morally or practically equivalent to having your name and address in the white pages.

It's not any more anonymous than any other cell phone if "anonymous" simply means it's not listed anywhere.

So should we just say it's not anonymous at all? Eliminate the whole notion of "mostly anonymous?" That's what the argument was. If Twilio isn't "mostly anonymous," what is? And why the heck does having subscriber data available via court order eliminate something from the "mostly anonymous" category?

edit: by the way, I never said '"anonymous" simply means it's not listed anywhere'

You can't see the difference between something where it's difficult to even figure out who the user is and something else where anonymity depends entirely on you trusting the service provider and them not being subject to a court order?

At a nesting depth of six or seven comments, is it really productive to reply with rhetorical questions that don't even respond to the comment? Of course I can see the difference. I just don't understand what it is about the level of privacy that comes from requiring a court order to access user information that moves a service from "mostly anonymous" to "not anonymous at all." It seems like a highly ideological rather than a practical position to take.

If you care about anonymity because you're, I don't know, some sort of dissident, then the kind of anonymity offered here is absolutely useless.

I'm sure we can all agree that "mostly anonymous" isn't good enough for a dissident, but holy fuck what a useless subthread you started. Or I started. Dear God.

You're free to quit participating in the conversation whenever. Moaning about the content of it being "useless" is even more "useless."

It's ironic: the above reply is the first time you've responded to something I actually wrote. I almost admire the fact that it's impossible to tell whether I'm being trolled or whether you are actually like this.

Is the only way I can "respond to something you actually wrote" by repeating key words and phrases from your post? I reject your notion of "mostly anonymous" as essentially impossible to distinguish from "not anonymous."

>having your identity only available to law enforcement after a court order

or after a security breach...or after access by a third party without a court order (however unlawful it might be)...

I meant in the general use case, where I talk/text a random person and then "burn" the number.

I don't think that's what most people think when they hear "burner phone".

Well, the subpoenas tend to be the downfall of phone use. This is certainly a good deal less anonymous than buying a sim and minutes with cash.

It's not anonymous at all. Twilio requires PII to register an account and they log all communications. I've never used their voice services so I don't know if those are recorded but everything else is. It's fantastic for debugging and horrifying to think of what might happen if someone compromised an account.

The challenge for Twilio is that phone #s are a fixed quantity. The same #s have been circulating across lots of different companies including being used by spammers and in marketing campaigns and published across the Internet. Make sure to search the Internet for any phone # you acquire from Twilio before buying it. It may already have substantial call spam/undesirable organic traffic associated with it.

On the flip side, there are already companies out there specializing in monetizing misdials. They specifically look for phone #s that have been retired recently with a lot of volume and then take those calls and resell as leads for cars, insurance, etc.

Greg from Twilio here.

Agreed on the challenge of working with a fixed number of phone numbers (and I say this as someone who recently moved to NYC and would love to own a 212 number).

In the industry, phone numbers that have a high-volume of unwanted traffic are called "dirty numbers." Think of a number used by someone who signed up for every sweepstakes they came across for 40 years, or maybe a number that's particularly cute (you probably don't want to have a cellphone tied to XXX-867-5309).

If we sold them, dirty numbers would be worse-than-useless for (almost all) of our customers. So, whenever a phone number is released by a Twilio customer, we reserve it for a minimum of two months before it can be purchased by another account. We also monitor each reserved number until it reaches an acceptably low number of phone calls.

If you do find yourself getting unwanted calls, you can use the <Reject>TwiML verb[^1] to create a blacklist - your account won’t receive or be charged for those calls.

[1]: https://www.twilio.com/docs/api/twiml/reject

SendGrid engineer here.

We have a similar challenge in working with the fixed number of IPv4 addresses we're able to get our hands on. We offer our customers dedicated IP addresses for outbound email, but there are sometimes situations where a customer doesn't want to hold onto one forever.

We want to make sure mailbox providers (like Gmail and Hotmail) have time to realize the IP is not in use, rather than mistakenly associating it with the old customer. It makes sense to hold onto it for a while after the customer releases it before allowing another customer to purchase it. We call this the "cooldown period."

Gmail primarily uses domains for reputation, according to their docs (and in practice). I never had to deal with much IP management when sending to Gmail or G Suite recipients.

Microsoft does use the range of black holes, e.g. Spamhaus, including using their own, so etjossem is right about having to cool down a bad IP before requesting whitelisting. Almost all ESPs and black holes will reject whitelisting requests without a sufficient cool down period anyway.

Gmail is certainly ahead of its time. I haven't tried sending with IPv6 addresses but the Gmail documentation claims it will work.

Just from looking at my own mail servers and mail headers, Gmail will happily both send and receive mail over IPv6, and has for years. Same with Outlook. Oddly, despite Apple's push for IPv6 support, iCloud doesn't seem to have an IPv6-capable MX.

You're spot on about Google; they've moved forward from this approach and lean more heavily on domain-based information now. But they're a rare exception, and they have very little to go on when the domain is just "sendgrid.com" (i.e. the customer hasn't set up whitelabel yet). So we want to make sure we're always giving customers new or cooled IPs!

I'm surprised you willingly burn your own domain's reputation. Other email-as-a-service companies require a validated domain with SPF and DKIM in the DNS TXT records or use a burnable subdomain, e.g. freeaccount12345.sendgrid.com; or even better, 12345.sendgridfreeaccount.com.

Yep, we use burnable subdomains if you haven't whitelabeled.

Hey Greg, uneducated but interested inquirer here: Once you're inside a phone network, phone numbers can be as long as you like, can't they?

Could Twilio not arrange for a new "country code" to be assigned, possibly to an industry working group of some kind, and then make the numbers ~64 digits long? Then there should be more than enough to go around and to discard dirty numbers, and the numbers could always be made larger in the future if needed?

No, because 98% of peoples' phone systems out there expect a destination number in a specific format. You can't just have a NANPA area phone number that is arbitrarily long or has extra digits in it.


If you are way, way bigger than Twilio you can create a country code. Country codes exist for special purposes like the Iridium satellite phone network. But you cannot just create a country code for arbitrary purposes and expect it to work with the world's PSTN/SS7 infrastructure, any more than you can choose an arbitrary non-RC1918 /8 of IP space and start using it on the public Internet.

Maybe Twillio isn't big enough by themselves, but if you add in Google Voice, Plivo, all the internet VoIP providers, and all the Cable Company VoIP services, you are big enough.

Is there a VoIP trade association they are all members of? If so, the trade association would be big enough to push for a new country code for the special purpose of software-based telephony just like Iridium has one for satellite-based telephony.

If that fails, Iridium is struggling. That hypothetical trade association could acquire the country code from Iridium with special agreements to ensure that Iridium still can lease numbers for no-cost for satellite-phone purposes.

You're wrong that Iridium is "struggling", they're in the process of launching and commissioning their next generation satellite system. It is used so extensively by the US DoD, NATO militaries, aircraft based phone systems and maritime systems that it's quite well positioned. It is the only real LEO truly global coverage satellite phone network that includes high latitude polar regions. The globalstar bent-pipe network architecture and coverage is a joke.

The problem with that idea is I'm pretty sure an incoming call with a +988 (or other) country code is much more likely to be screened by Americans. I'd be like "I don't know anyone in that country". Not sure but I suspect Europeans may screen calls if not within their set of known Euro country codes.

I wouldn't pick it up because I'd be worried about fees for taking an international call. I don't know if there are actually fees though the uncertainty would stop me.

I wonder if someone is going to end up buying out the Cook Island country code (+682) similar to the .ck top level domain.

A bit off topic, but if you would like a 212 number, you can pick up one from https://212areacode.com for < $200.00.

Or if you're in the local area, you can find somebody with a POTS 212 number or cellphone and pay them cash. Porting a number to a voip service is basically as simple as the bill payer writing "authorized to port to NEWSIPTRUNKINGPROVIDERNAME 2017-07-18" plus a signature on a one page scanned piece of paper.

This is awesome and completely on topic. Thanks!

I got a 212 number for no extra cost from MagicJack.

At Penn State, we run our own phone system and have the 867 local exchange (in the 814 area code). If you dial 867-5309 from a phone on campus, it plays "Jenny" for you - an Easter Egg in a phone system!

If you're confused about 212 numbers, this is a good read: https://mobile.nytimes.com/2015/03/25/nyregion/as-manhattan-...

Hi Greg -

Why not disclose prior call patterns before selling the # rather than putting the burden on developers to flag spam to receive credits?

Saving a couple of cents by getting reimbursed for the call doesn't actually solve the issue when your team is wasting their time picking up the phone only for it to be a misdial or spammer.

Good question.

Wholeheartedly agree that the burden is ours -- not the developer's -- to make sure a number is clean before you buy it. We monitor inbound activity for two months before making a number available for sale. <Reject> is not for spam that comes with a number when you buy it -- it's for all the stuff that happens after you put that number out in the wild.

More than that though, we can't reveal historical patterns because we'd be violating the privacy of whoever previously owned the number.

Is it actually a problem though? I'm not a high volume consumer of numbers, but I've not had any spam on the handful of numbers I have.

The same can't be said for my physical POTS/cellular numbers.

Anecdote of one, and everything, but has anyone actually impactful levels of spam from an insufficiently cooled number that they wouldn't have had from any number in the area code?

I think the idea is that all of the numbers to be sold meet an acceptably low bar of incoming text messages/calls before Twilio offers them.

This hardly works when people scrape Twilio to find vacant numbers to spoof on caller ID.

Odds are you won't be able to figure that out. Furthermore downstream providers will often treat traffic differently, including but not limited to ratelimiting and dropping of SMS, if the number was abused by a previous owner. The things that people gloss over in an IPO...

Agree you won't be able to figure it out 100%. A couple of lines codes counting # of websites that reference the phone # will prevent some potential catastrophic results, but not all.

Couldn't you test that though? I mean, test if your SMSs are dropped, or if you get ratelimited somewhere?

You have to acquire (at a cost) a number first to do that.

Slightly OT question - if I want a particular phone number, whats the preferred method of doing this? I.e., is there a way to be notified when someone gives up a certain number?

When I got my prime phone number I wrote a script that hooked into Google voice and Broadvoice's number requisition forms and looked through all the available numbers for suitable candidates every hour. I had the advantage of having many numbers that could meet my criteria, though. If there's just one specific number you want you might try calling it and seeing if you can negotiate a transfer?

Recently tried to use Twilio as a burner for registrations (project to set up unique personas online). All modern websites that require a phone number are also using a CNAM lookup and discriminate against VOIP numbers. I won't be ditching my prepaid phone any time soon in exchange VOIP services.

"Recently tried to use Twilio as a burner for registrations (project to set up unique personas online)."

Another problem with twilio numbers is that they are not mobile numbers. The reason that is a problem is that two factor authentication and other security measures are very often sent from mobile short codes and not from another actual phone number.

And no twilio number can receive any SMS from a short code. It's not possible, since they are not mobile numbers.

This means that you cannot use a twilio number for google products like gmail or google play store - you can never receive the challenge/auth numbers.

Twilio even has a web UI for this lookup: https://www.twilio.com/lookup

That's really cool, I'm plugging in my cell phone number and it's returning my name and carrier. I didn't know services like these were available.

A lot of cellphone companies have this information displayed as an option for numbers not saved in your contacts. My provider (Verizon) gave me this option for a month for free when I first signed up then sent me a text that it was additional cost if I wanted to keep it. Then they started displaying that information for business lines for free. Later when I got my new phone it stopped for some reason.

"Twilio even has a web UI for this lookup: https://www.twilio.com/lookup"

Strange - almost every number I put into this UI (friends, family, etc.) comes up with:

  "caller_name": {
          "caller_name": null,
          "caller_type": null,
          "error_code": null,
I wonder why that is ?

Are you using a paid or a free trial account? A lot of number lookup services start returning garbage data if they suspect fraud/abuse from free users.

You can get CNAM enabled numbers from Vitelity. At least you could back when we set up our VoIP. They also support inbound SMS fwiw.

I think that the disconnect here is that this isn't a "burner phone" the way many people think of them, but rather some sort of call/SMS firewall.

At the risk of sounding silly, what advantage does this provide over buying a $20 TracFone for cash and activating it without an account on TracFone.com over a public Wi-Fi?

Or, better yet, not bothering to "activate" it, but using it only over Wi-Fi, creating a new Google account, and downloading Talkatone (or the Hangouts Messenger to create a Google Voice account connected to your new account)?

Greg from Twilio here.

Not a silly question at all. Developers certainly have a propensity to recreate the wheel for the sake of recreating the wheel -- though I think that many of us would agree that the act of creating is itself the advantage.

That said, a few things:

1. Costs less. A Twilio phone number is $1 per month (in the US). A minute of calling costs $0.01.

2. You can get a new number any time you want.

3. You get to write code.

Don't want to speak for Marcos (though he happens to be sitting 10 feet from me at the moment), but my guess is that what excites him most about writing this post isn't that other developers will copy it line for line. It's that they'll use it as a jumping off point -- that it inspires and equips developers to ship their own inventions.

For an example of this, check out the folks at Burner app who used the similar concept (pre-Kotlin) to build an entire business around this idea.

[1]: https://www.twilio.com/blog/2012/08/burner-app-offers-alias-...

For example, this is the same model Uber uses to anonymize the driver's and rider's phone numbers. Probably when a driver signs off their number is released for a new driver to use until they sign off.

Do they use a unique number per driver per shift? If you know the rider's and driver's phone numbers, then you can connect them anonymously with just a single phone number. When I call that number, see if I have a ride in progress, and put me through to the right driver.

This assumes no pooling. With pooling you might need 4 numbers, as the driver could have up to 4 separate passengers they want to contact.

Or download a real burner phone app that lets you buy numbers and associate them for different things. There are plenty on the app store for iOS and Android.

Still looks like a fun project.

Those apps are just using a provider like Twilio on the backend. Though some of those apps are pretty feature-filled - "Burner" supports integrations via Slack, Dropbox, webhooks, etc.

That defeats the purpose of a burner phone by not being anonymous.

Neither is this. I don't know much about Twilio but when I clicked on the link in the article it asked for a bunch of personal information.

I also don't know how this is any different from, say, Google Voice?

Twilio is a business with a full KYC process this isn't an anonymous service.

You don't always want anonymity, and when you do it still depends on who you want anonymity from.

Sure, state actors will probably still be able to track you. But the weirdos on Craiglist and the spammers that scrape it won't.

Depends. A burner can be for anonymity, but can also be for disposable use. For most legitimate usage cases, like those in the OP, are covered by using Twilio.

I've been doing this for a long time and there is one big, real-world, gotcha - most business (such as Uber, Lyft, Microsoft) can't send text messages to Twilio numbers. I filed a ticket with their customer support a few years ago and they basically swept it under the rug.

BTW, nor can you use your Twilio number to send a text message to a short code provided by Twilio to a third party such as Uber: https://www.twilio.com/help/faq/sms/can-my-twilio-number-sen...

Is it just me or wouldn't everyone just rather live in a world where privacy is respected by third parties just like a first party would. The do not call law has developed too many exceptions or needs strengthening methinks. If I'm getting a spam call on a burner number vs. my normal number, have I really saved any time? or privacy or security if the number can be reused in malicious ways?

I save numbers for 2nd factor auth, and I seem to get yahoo/msft messages from the same numbers, also github sometimes. Number reuse is definitely a problem. A PKI cert system for numbers/calls would be great to have in this case. I want to know for sure that I'm getting my 2nd factor auth code from msft, regardless of the number they're using.

Then you'll pay for all the phone calls from marketers. Thanks but no thanks

Greg from Twilio here.

Totally understand the concern there, especially since you're already paying for your cellphone.

I did something similar a couple years ago when we were shopping for a car. A lot of car shopping sites are basically lead generators for dealerships and you need to provide a number to get real info. I used a Twilio number forwarded to my cellphone.

The deluge of calls started immediately. After 48 hours, when we had all the information we needed, I released the Twilio number and incurred no further charges.

Total cost was $1 (per month) for the phone number and $0.01 per minute for the inbound calls. Upside was that my phone stopped ringing the moment I was done talking to salesmen.

Doesn't this use case eventually screw over any future Twilio customer that selects that number? I see several inbound calls to my Twilio number from random numbers that I have to pay for, even though I'm only using Twilio in a development capacity right now. Do you guys "expire" numbers from your pool that receive aggressive amounts of Inbound traffic (voice, fax, or SMS)?

At some point a few years back, my VW dealership sold my phone number to people for vehicle service contracts. Even though I sold that car 4 years ago, I STILL get at least 2-3 calls per week from different companies offering to sell me an extended warranty. How does Twilio mitigate that for us?

(Off topic, but seriously, thanks for Twilio. Ping me if you want to know how we're using it in our new startup [email in profile]. It's pretty rad.)

Really good question.

Just wrote a lengthy reply to this concern up above, but the tl;dr is that we sit on all numbers for at least 2 months and wait until there's an acceptably low amount of inbound traffic before releasing them back into the available number pool.

Would love to hear how you're using us. Will drop you an email. (And thank you!)

Do the numbers being held register as disconnected to anyone calling them? It seems like that might cut down on some of the junk calls by the time they're released.

It absolutely does. Twilio should provide usage history on the phone #. The best predictor of future undesired/spam calls is prior call volume. The use case described sets up terrible downstream effects.

A number having high usage history does not necessarily mean it still is being used. Providing these numbers to the customer is a neat idea, but since they only provide an indicator for how it _was_ used they won't have much value. It might also be a bad PR move since users will draw conclusions from that history that might not be true.

So what you're saying is this tutorial was written by a twilio sales/marketing employee?

..it's own twilio.com, so isnt it transparently promoting twilio?

Or is your comment about sales versus engineers?

If their salespeople know how to fire up a little endpoint in kotlin using their API that's fantastic.

It's on the Twilio.com blog, so I think that it is pretty reasonable to assume that it's written by a Twilio employee. :-)

I'm still waking up... :/

Stick it to the Man!

Marcos Placona is a Developer Evangelist.

I missed that this was on twilio. Fair enough

To solve said problem don't give the # out. Burner phones are for you to use and dispose of, not keep and use as a primary daily phone.

Interesting, unless I'm missing something Twilio's pricing does not include any unlimited incoming model.

From other VoIP providers, you can get that pretty easily. I use voip.ms and they charge $4.25/mo for a number and unlimited incoming.

There isn't an unlimited package to normal users afaik. But calls are cheap.

If you only want a number for a month, thats $1.

Leaving $3.25 worth of calls at $0.05 (0.01 incoming, 0.04 back out to your cell) a minute forwarded to a mobile to match. Over an hour of calls, which I wouldn't hit on a gumtree advert.

That $4.25 presumably doesn't include the outbound leg, does it?

Twilio also do SIP registration, so you can route calls to your handset via SIP even more cheaply. (0.004 for outbound, so 0.01 and 0.004, for over 3.5 hours for that $3.25.

There are definitely usage cases for unlimited, but I don't think this is necessarily one of them unless you have a ridiculously high call volume. At that stage, I'd just use the voicemail to email Twimlet and bounce everyone into that.

So, for per-minute SIP calls:

Twilio - 0.0125 in 0.017 out

voip.ms - 0.09 in 0.005 out

Of course, the unlimited plan is only useful for a select few - if you want to plug it into your PBX and use it as a small support line (could be this case) or if you're making nightly calls for a few hours to relatives or a significant other, it's quite possibly worth it.

Depends what you're going to use it for and if you want that Twilio API really. If you just want a SIP number, it's pretty clear, but if you want all those nice API features and don't need super high volume, Twilio is probably the way to go.


Although there's something to be said for Twilio for straight up SIP too if you've got awkward fucking hardware. The Gigaset N300 is great, but the dialplan options are embarrassingly limited.

Twilio offer their own hosted Node.js (Twilio Functions - BETA) and TwiML Bins (free super-basic TwiML hosting with basic moustache templates for simple variable insertion.)

Pretty sure the whole project in the OP could have been done quicker and easier using Twilio Functions, but I get that it's more of a learning tutorial and example.

I use a combination of TwiML Bins, Functions and Twimlets to quickly chain together powerful functionality. And to work around the N300 dialplan limitations!

Edit: https://support.twilio.com/hc/en-us/articles/230878368-How-t...



isn't the purpose of a burner phone....to give the # out?

That is what this tutorial is advocating. Don't get me wrong this is a great project to explore kotlin and twilio. But ultimately a very expensive one if your number gets sold to a lot of other companies.

Nice idea, confusing title (burner phone??).

"Burner phone" is a colloquium used in the United States referring to limited use prepaid phone, separate from your main phone, that's not tied to your identity. Usually used for drug deals or other criminal behavior.

This isn't really a burner phone as the Twilio link I clicked asked me for a bunch of personal information first.

I meant to write colloquialism not colloquium. Burned (heh) by auto correct.

It's a common thing in US spy/criminal movies. Basically a throwaway phone number not tied to you that you might give to an informant or use in some other way to stay anonymous.

but in this case it is probably tied back to you ... (the credit card used to pay Twilio...) So it is not really a burner phone in the traditional sense

Your not the first person to think that https://news.ycombinator.com/item?id=14802242

"Your not the first person to think that" and then referencing a few minutes old comment that points to an equally young other comment?

Author is building a Spring MVC application but labels it as a "Kotlin app". Is it because Kotlin is the new hotness and the Spring Framework is "old" and "uncool"?

I imagine it has more to do with the fact that simply saying "Spring app" will make most people assume it's written in Java. It would perhaps be better to say it's a Kotlin Spring app, but honestly the web framework being used is probably less important than the language it's being written in.

I've been using ring4 for throw away numbers and it's been decent. Plus there are often lots of promo codes to use.

Code for 20 extra credits if you check it out: INV-DKCSGJHX

Er, you realize Twilo logs everything, right? You can log into Twilio and read your own logs.

Greg from Twilio here.

Privacy is incredibly important to us. You can delete the logs of any call or message that you don't want residing on our servers.


According to that blog entry, it just makes that data hidden on the front-end and from the API, but it still resides on your servers. Has that policy changed?

Soft-deletes, which the blog indicates that you are doing, is very different from actual deletion.

To make the distinction clear, if a log of a call or message is deleted, can it be given to law enforcement? If so, it's not truly deleted.

Is this a USA solution only, or also applicable in UK, EU, Rest of World?

UK for sure, dunno about RoW number availability. When you pick a number though, do check that the number supports voice and SMS. Not all do.

bur.nr is available for $679.99 :D

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact