But I no longer own that number.
And from the customer Q&A forum, I realized I was not the only one - it is almost impossible to find an actual human from Facebook to solve this kind of verification problem.
All I wanted is to delete it, but I can't. Now, my account becomes a zombie, can't be used, can't be deleted, and has lots of personal information. All thanks to the falsehoods Facebook programmers believed about phone numbers, and its non-existent "customer " service.
I've heard Google has similar issues , if the machine works, then everything is fine, until you need a human...
Repeat after me: fxxk Facebook.
 because I'm the product, not the customer?
and read this comment, https://news.ycombinator.com/item?id=18887548
Fast forward 6 months, and my Line account suddenly disappears. I contact customer service, and it seems someone else had registered for Line with my previous phone number -- which was of course release when I canceled my service with the telecom in Korea. I was informed that it's Line's policy to only allow one account per phone number, and thus they deleted my old account when the other person registered. There was no way to recover it. I even reached out to one of my engineering friends that worked for Line, at the time.
Some of my friends, I only knew and communicated with through Line, and I have no way to find or contact them again.
So yeah, fxxk using phone numbers as identification.
Had to create a new account.
The backing-up and restore is the easy part. Not much help if you can't move the account due to that silly phone number lock-in.
I'm sure there are things I could have done to prevent it from happening, but I had no reason to believe Line would simply delete my account, as it was linked to my email address. In fact, I only used the number for the initial registration. After that, I only used my email/password combo to log in.
As you, I only used the number for the initial registration - and I suspect that what's everybody do. I have no idea what the phone number should be used for outside of that. I'm not sure why Line (well, Naver, the company) does it that way. Others, including Skype (which would need the same level of 'verification') manage it better.
Seriously, I would do everything I can to destroy fucking phone numbers, but I have no idea how can we stop this madness.
> 15 years after Skype
I agree with your general sentiment, but the two phrases I picked out are where you have it backward. Phone numbers are not proprietary. They're difficult to move, but if you're a customer with one phone company you can call a customer of a different phone company using a phone number.
Skype is proprietary. It belongs to a single company. Customers of Skype or Facetime or Slack or Hangout cannot simply contact each other across services.
Yes, phone numbers need to be replaced. They need to be replaced by an open solution, not a proprietary solution like Skype.
slightly paraphrasing Hanlon's razor: don't attribute to a conspiracy that which is adequately explained by stupidity
> Seriously, I would do everything I can to destroy fucking phone numbers, but I have no idea how can we stop this madness.
I assume throwing away your phone isn't a solution for most people who grew up with one. Works for me though. :)
Before purging Facebook and Twitter from my life I thought it would be inconvenient to live without them, it isn't.
Living without a phone looks inconvenient, but I think I'm going to try it some time this year.
Do you know low tech magazine? https://www.lowtechmagazine.com/
Yes Facebook is using your 2FA phone number to target you with ads
Phones are an imperfect solution for two-factor authentication but nothing else is as widely available.
There are also very well-supported ways to recover access to your phone number if the physical device is lost or stolen: Contact your phone company, present legal ID and get a new sim card.
I wonder what happens if you acquire that phone number and decide to make it your main one. Hopefully support staff have a way of checking if the old user's active, and asking them to change their account to a number they actually have access to.
But yeah, Telegram shouldn't be used for really sensitive stuff.
I think it's naive to think that this wasn't decided at the product level. This exact scenario was discussed, along with many others like it, and this is how they decided to handle it. "So they'll have a profile up with their personal information, maybe some embarrassing stuff they posted in college, and now they're adult and looking for a job and it'll be up forever looking like they intentionally left it that way?" "Yes." "Okay." "It's fine." "I mean...." "Do you have a solution that doesn't cost money?" "No, but...." "So you want to propose we spend money fixing this?" "...." "Okay, so we're agreed that this is fine. Moving on."
I don't mean to change it, I mean to lose access to it. If you change it, find a way to hold onto access to the last one.
I learned this lesson relatively easily. I had a vanity domain that also received my e-mail and I eventually replaced it with a different one. I ran the new domain and e-mail for a few years before allowing the domain registration on the old one to expire. I hadn't received (non-spam) e-mail on it in a couple years, seemed safe enough.
Turns out I've had a few websites over the year since that I wanted to login to and I needed to recover my password, either because I forgot or the site had forced a reset due to a breach. I hadn't updated my e-mail on a few of those sites.
I don't think I'll let go of a main e-mail address or phone number again.
(to other readers: click "next page" to read the rest of the story)
The most absurd aspect of my Facebook verification problem is, despite my account has been frozen due to "suspicious activities", their system is still sending those automated mail notices to remind me returning to Facebook for those activities I've been missed on my timeline!
I have had great support via phone, chat, and email with google a number of times over the past 3 years, and I live on an island foreign to Google in the middle of the Pacific Ocean. My experience has been that if you're using a paid Google product, the support is excellent.
I wonder if phone companies couldn't [partially] solve this; probably any system would be too open to abuse?
I have come to realize that if you do not deal with a real person when signing up for some service, you will never get to deal with a real person when you need one. Customer service doesn't exist at FB, Google, etc. because they aren't customer oriented companies. They were not created to service you, they were created to use you.
1. Correctly identify some personal information about your Facebook friends, or ask them to provide some information about you. However, I have abandoned my account for years, and clearly I no longer have personal contact with most of them.
2. Provide your National-ID document to Facebook. Obviously, I'm not comfortable with it, but I assume my identity is already public information on Facebook so I may have to do it. Unfortunately, the bigger problem is that, personally, I'm in the middle of some tricky paperwork problem with the government bureaucracy, just like my Facebook account. I may need to go to the court to sort it out, but currently I don't have time to bother.
"Right to be forgotten" and GDPR seems to be a powerful tool to solve these kind of problems,
but I'm not a EU citizen and I don't know much about its regulations, but I also want to know about it. Does anyone know something about it? Assuming I'm a EU citizen, how exactly, can I submit a request of information removal? If it's similar to DMCA takedowns, perhaps it can be used? Or it need a rigorous legal proof of identity like (2)? For non-EU citizens, is there a similar outlet to solve these kinds of problems?
Personal data shall be [...] accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
OP could contact Facebook's Data Protection Officer, that they are required to have, and demand that his data is fixed. A complaint can also be filed to the relevant country's Data Protection Authority if needed (I've done it with some success).
Well, in this case, he still owns the email so it should work.
* "A mobile phone knows its phone number." The phone cannot know its own phone number without making a call or sending a text message. Some SIM cards carry an "own phone number" record but it is not authoritative and sometimes inaccurate.
* "A SIM card is permanently assigned to a phone number." SIM cards to phone number relationship can be many:many and change over time.
* "<Social app X> requires phone number to sign up, so we should too." Users actually react very differently when a messaging app asks for their phone number (useful to find contacts) vs a calculator app or a game or an app where they want to be anonymous.
> Only mobile phones can receive text messages
> Some service providers support sending and receiving text messages to fixed-line numbers. There are also online services like Skype that can send and receive text messages.
"Oh but not-mobile-number phone numbers are always fraudulent so we don't accept them!" Great, I love getting caught in spam traps because I have a mobile phone...but it is a VoIP-backed system so the numbers show up as VoIP. (BTW, Verizon's "My Numbers" feature also show up as VoIP numbers, not mobile.)
Even more annoying: "Oh, but a bunch of people we know who are also technology professionals happen to use Google Voice / Google Fi so we'll just whitelist them." Grrr. So now I have to care what my "mobile" provider uses for its underlying network or just use Google.
And the last one: My credit union just sent out a terms of service update saying I "cannot use Google Voice, VoIP, or similar numbers with Zelle." OK, but I already have a number like that registered, what now? "Your Zelle access is suspended until you give us your mobile number." But that is my mobile number. "Too bad."
This is expensive and time-consuming, however, and almost no CLEC (or other such provider) will do it - you have to petition and register your number(s) with every single mobile provider and get them to accept that these are not sources of spam, etc.
I have this problem because my main, personal number is actually a twilio number (as I built my own personal telco within twilio) and this means I cannot receive validation messages from shortcodes (like a bank). I spoke to some twilio engineers at Signal and they confirmed that it would indeed be possible to register twilio numbers as "mobile" but too expensive ...
Why does Twilio work for me for SMS 2FA? Is it because I m using an '07' number in the UK?
The problem is not that I can't do 2FA - that's just SMS messaging. The problem is, I can't receive messages from a shortcode, which is different than a normal phone number.
* Every other country's telephone numbering is like one's own.
* Every other country's telephone numbering is like that of EU countries, or like the NANP.
* The last 10 digits are the subscriber number.
* Geographic numbers are actually geographic.
* 123456789 is a perfectly fine number to use for test calls.
* STD is exactly like NPA-NXX.
* The leading 1- in NANP long distance form is the country code.
* There are only national and international forms nowadays.
* Users do not use E.164 themselves.
* Emergency numbers are easy to filter out, as it's only one number.
There are also falsehoods that people believe about telephones, which I would start with:
* When you hear the ringing tone, the other end is already ringing.
* Your ringing tone comes from the other end.
* Every network sends in-band call progress tones.
* It's perfectly fine to use fax over a G.729 'phone.
* DTMF is in-band and universally supported.
* DTMF is out of band and synchronous to media.
* There is only one way that callees reject calls, and it never involves being connected.
* TPC does not need to know the correct physical location of your non-mobile 'phone.
* TPC tracks mobile 'phones through "a GPS chip".
* Calls can only be traced whilst the caller is on the line.
* Caller-ID is unspoofable and works across networks and across countries.
* The callee can always clear calls.
* Only the caller can clear a call.
In the 1980s at school, the phone system in the dorms was a private system (you could connect to the public system by dialing 9 first). In this system, a call was not terminated until the originating side disconnected. So a common prank was to call someone, then not hang up. Now their phone was unusable.
You just punched a hole in the plot of every procedural crime drama. :)
> Some people do not own phones, or do not wish to provide you with their telephone number when asked. Do not require a user to provide a phone number unless it is essential, and whenever possible try and provide a fallback to accommodate these users.
Signal, WhatsApp and Telegram are spectacular design failures on this point because they assume that every person has a phone number and also that every person has their own private (non-shared) and unique phone number. Facebook, Google, etc., require a phone number for verification and believe that it’s sufficiently adequate to thwart spammers.
The whole “must enter a phone number” phenomenon is a big mess, introduces privacy issues and excludes many people. None of the companies mentioned above would agree that excluding people is a goal for them, but they’ve made it so.
As I understand it, Signal is always intended to be the "StartTLS" of telephone communication, so naturally it explicitly targets mobile phone users. I only use Signal to call or text someone I would otherwise call directly.
But I agree with your general opinion. For most services I found it's ridiculous to be hardlinked to my phone number. Why on Earth you have to expose your phone number to some random people you chat with on the Internet?! Telegram... at least they accept VoIP numbers...
I use other non-phone, general-purpose services, such as Matrix, to communicate with other people.
This doesn't make sense to me. If I have telephone service and the person I want to talk to also has telephone service, why do I want to use Signal to communicate from my telephone device to their telephone device? Aha! Because I want to communicate privately and the telephone service does not allow me to communicate privately. So why do I have telephone service? To allow me to use the service that doesn't use the telephone service?
This always struck me as a particularly poor argument. While it is true that most people have data services through their telephone provider, why do we want to encourage this behaviour. I mean, I could even understand implementing it initially out of convenience, but it's been years and they still haven't provided a means for authenticating with the service without using a means that will publicly identify you. As much as I wish to believe otherwise, I do not think this is unintentional :-( And if it's not unintentional, I'd really like to understand the reason.
That’s precisely what bugs me about these platforms. They all want to create the “social graph” based on phone numbers without giving the option to the user on how they want to expose themselves and how they want to construct their social graph.
Requiring phone numbers is a system that works quite reasonable, as most people have a phone number, and it's not that easy (and certainly not free) for a spammer to get thousands of phone numbers to make thousands of fake identities.
No, most people have a phone number and for most people that's their own phone number. That was a tradeoff for them.
>Facebook, Google, etc., require a phone number for verification and believe that it’s sufficiently adequate to thwart spammers.
I am sure that it is one of the most effective ways to thwart spammers, but to say that it's all they do is laughable. What's an alternative, email address? Throwaway emails are a dime a dozen.
>None of the companies mentioned above would agree that excluding people is a goal for them, but they’ve made it so.
They've made excluding people a goal? Are you serious?
That’s a very first world observation, and even there, this would be quite shaky if actual numbers were known.
Also, I didn’t say or intend to mean that these companies made excluding people a goal. Their decisions, on the contrary, have resulted in that.
I used to work in telco, so I've seen some pretty wacky format formatting schemes, but this takes the cake. Who thought this was a good idea!?
Not even 20 years ago, before any number could be ported to mobiles, landlines in some (all?) Baby Bell regions had their prefix determined by geography. In other words, you could know what "zone" a given phone number was in by its prefix.
Take Silicon Valley. A (650) 960-xxxx number meant Mountain View. (408) 733-xxxx meant Sunnyvale. Etc.
Zones roughly respected cities, but boundary conditions abounded. If you lived near the Mountain View / Sunnyvale border, you could be in area code 415 (later 650) or 408.
San Jose had 3 zones. Cupertino was part of SJ1. Fremont / Newark were lumped and spanned 2 zones. Milpitas was part of SJ2. etc.
You were only guaranteed a local (non-toll) calling area of something like 8 miles, but Pac Bell would give you all of the zone overlap: if any part of your zone was within that 8 (?) miles of any part of your destination zone, it was a local (free) call. This meant your actual local range could extend 20+ miles.
I set up PC-based call broadcast systems (the vendor product I used was "BigmOth" for some membership organizations such that I could send a recorded message to whatever numbers in a given member roster. By placing two parallel systems in, say, Sunnyvale and SJ3, I could cover everywhere from Menlo Park to Los Gatos to Coyote to Fremont Newark zone 1 with no variable phone costs.
So, I set up a table in my database to join prefixes to zones, and my program went through the contacts and routed each destination number to the appropriate calling phone book (I rewrote the phone books after every batch of database updates). I had one system in my house, and a colleague had one in his in SJ3. I'd just uploaded his share of the phonebooks and the message recording binary to his ftp site, leaving him maybe 10 minutes of work for each cycle's setup.
Thus, I could blast 2-minute messages to members over a 200+ square mile area for free.
It was really slick. 10 years later, it was irrelevant, as everywhere became a free call.
Around 1984 the ARB (named for its author, Arthur Richard Brock, R.I.P.) BBS system did store-and-forward e-mail from one ARB BBS to the next, covering a good portion of the New England and Mid-Atlantic states.
Back then toll charges were pretty high, but there were gateway nodes that had phone numbers which had free calling that spanned area codes and LATAs.
ARBnet was pretty awesome, ran on Commodore 64's, and was a pioneer in public e-mail, but is now completely forgotten.
* Names: https://www.kalzumeus.com/2010/06/17/falsehoods-programmers-...
* REST APIs: http://slinkp.com/falsehoods-programmers-believe-about-apis....
* Fonts/typefaces: https://github.com/RoelN/Font-Falsehoods
Collection of falsehoods: https://github.com/kdeldycke/awesome-falsehood
In general, the Earth is a really lousy clock.
Currently I just store phone numbers in E.164 format as a string with max length of 25 just to be safe and index them. This really takes up no additional space and can easily handle extensions.
I can't tell you how many times I've run into people storing phone numbers without normalization eg: "(555) 444 - 3333" etc., not understanding that's hard to compare against, where E.164 = "+15554443333" is much more consistent and also works with services like twilio etc.
If you are just storing the phone number to display to a user at a later time, it is a lot simpler just to save it as text field with no validation.
As someone who created many texting apps (HeyWire, Salesforce's LiveMessage Product) this is how all numbers are treated internally...except short codes, which aren't phone numbers.
I mean, every programmer I know considers stuff like this to be very interesting trivia to learn and apply. But even if you know this stuff, putting the knowledge to use often involves a series of battles against your PMs and managers and maybe even customers, who either don't know it, have their own vision, or just follow what everyone else does.
(Getting a product to work correctly is as much an exercise of diplomacy and ego management as it is a matter of technical skills.)
I've also met a few "Jo"s in my time.
Vietnam just removed a few months ago one digit of all the mobile phones making all the previous number recorded for the country invalid.
There's popular app in Bangalore that you can use to rent bicycles. I can't use it because my phone number (which has a relatively newly released starting digit series) doesn't pass their signup validation.
It's frustrating indeed.
Belgium uses 9 digits (leading 0 included) for landlines and 10 digits (leading 0 included) for cell phones.
What got me, was that people working at the telco used to give us requirements that clearly indicated that the telco people entertained a lot of falsehoods about phone numbers too!
Not entirely sure what this point is trying to achieve. Do you read a birthday field expecting a phone number 99% of the time? Should you read a phone number field expecting an email address? And at what point in that process did you decide that not having data validation on both ends was a good idea?
But latterly, Android just won't do birthday dates. Oh sure, the dates are still in there and get exported from the database but there is no way to enter the information or look at it on the phone (I use BirthdayAdapter from F-Droid which causes a reminder on the day)
I expect that some people just put the birthday of their friend in a phone number field. In fact I'm pretty sure that millions of people just use random fields for their own purposes full stop, they just don't care about any of that.
So the article is saying that it is their phone, don't try to control them. If information is in the field and you can't parse it? You store it and export it as received but otherwise ignore it..
It's a general list of "Falsehoods Programmers Believe About . . ." lists. Names also come up fairly often on HN.
Any system that has an input with a single "telephone number" field that is both required and cannot accept multiple entries fits this pattern.
Think of it as a list of antipatterns to be avoided. Some of them were deployed intentionally, and others pop up because a programmer took the spec they were handed and implemented it without thinking about it -- or they did think about it and their attempt to fix it was overruled.
The last time I was in northern New Jersey, Warwick Valley Telephone Company still supported five digit dialing across area codes!
People could dial 4nnnn to be connected to 973-764-nnnn (a New Jersey area code). They could also dial 6nnnn to be connected to 845-986-nnnn (a New York area code). There were about 15 different short codes across two area codes.
There are a lot of these little regional telephone quirks across America, and I think every one of them is awesome.
 Wikipedia unfortunately has the description only in German: https://de.wikipedia.org/wiki/Ehemalige_Telefonvorwahl_(Schw...
Phone numbers are of the same length within a country. In Austria phone numbers vary in length, and the trailing numbers can also can be used be PBXs.
the +88 and Taiwan is an interesting situation. The phone companies agree to do efficient routing to the TW IDD but China refuses to formally recognize it in the ITU. So, its routed optimally, even if the prefix routing should honour Chinese (mainland) intent according to the model (thats how I have heard it. I don't know how accurate this is)
Telefonica runs several mobile operations in LatAM and I am told that numbers can be somewhat mobile (sorry) across borders.
I also know of AT&T subscribers who are domiciled in Canada and who are flouting some rules to get the phone roaming behaviours they want.
> Some people do not wish to provide you with their telephone number when asked
Well, you don't say!
Next in the series, “Falsehoods programmers believe about 2fa, or: just use HOTP/TOTP, dammit.”
I got my first Google (at that time just "gmail") account back when you couldn't just register freely - you needed an "invite" from somebody who already had an account.
At that time you didn't need to register any personal information. I did add a couple more accounts, mainly to keep high-volume mailing list registrations, and I still have one of those where there's still not any phone number registered.
Now it's different, I guess. And not in a better way.
The last time I've checked it, there's only one workaround - you can purchase a real phone number connected to a computer from a cryptocurrency freelancer developer...
Many stories from the U.S media are condemning that the requirements of personal information online by authoritarian governments are threatening free speech, etc, meanwhile, in the U.S, big companies have done this voluntarily, and you need to be a hacker to register a Google account without personal information, it's just ridiculous.
Where do I start looking for such a person? I very much dislike the privacy aspect of the whole phonenumber game and also the environmental impact of burner use.
But I have to say that It's not a complete solution, it has its own limitations. Once a phone number expires, it just expires, and I don't think you can get your previous number back retroactively... So it can only be used as a workaround for verification code to register your account. If the service decides to issue a SMS challenge to you in the future, you'll have my Facebook problem, as I mentioned in the comment section.
Perhaps I can write to him to see whether he can implement a solution for this problem.
I don't personally know him, I'm just a reader in the field of security and privacy, and he happens to have a nice blog and an interesting service.
> I very much dislike the privacy aspect of the whole phonenumber game and also the environmental impact of burner use.
Then, you should also care about the environmental impact of cryptocurrency, Proof-of-work literally works by burning the energy, and in order the secure the network, it must burn as much energy as currently available for general computing.
I personally don't have problem with it, as I think a global consensus mechanism is genuinely expensive, and merely using it does not directly contribute to its energy use, but I acknowledge that criticisms based on the environmental ground has a strong and valid point. Perhaps for you, using a burner phone is still a better option for your philosophy?
Meanwhile, looking forword to GNU/Taler, an PayPal-like anonymous payment system, which is not a currency, so it doesn't need to burn energy.
And not long before that, it was common for several homes to share one fixed-line telephone number.
Is the falsehood of the above statement sufficiently evident? I don't see it listed explicitly. In Hong Kong, for example, phone numbers are just 8 digits (+852 1234 5678). Some websites/apps insist on an area code, forcing one to arbitrarily split the number.
That can't be right. When will Americans learn basic 4th school year geography?
Precisely. That should give the reader pause to think that there's something wrong.
You're missing that the author mixed up Monaco with Montenegro (Kosovo's neighbour) because they sound similar. That's the perennial Austria/Australia confusion writ small.
Kosovo has numbers that are reachable through Monaco (not Kosovo's neighbour) country code.
Kosovo does not have numbers that are reachable through Montenegro (Kosovo's neighbour) country code.
Requiring a phone number one way for me to ignore your website or service (ie, Signal) forever. But if you do it I'm probably not your target demographic anyway.
Phone numbers as they are today should be dead. The world is connected using internet and there should. Be a new standard for "call identity" which should be cross region.
Some people want to put phone numbers in their address books but never ever want to call that person. An example would be to get a name from a number only caller ID so you know not to answer that call.
A flag beside the number to indicate no outbound calls would be helpful. (separate flag for no inbound calls)
* a SIM card holds only one phone number.
* if a SIM card holds multiple phone numbers, they are from the same country.
Always feel these lists include things no human actually believes.
I think it was a riff on the "falsehoods programmers believe about names" article, which is a bit more insightful.
> Always feel these lists include things no human actually believes.
Well, somebody believes that. I can register my phone number with the local postal system, and, as shippers add a phone number to shipments, I can search for shipments to me by logging in to my post company account on the net, or via the Android app. The problem? I can only register a single phone number. But I have two numbers, and, for various reasons, different shippers must sometimes use one or the other, and not the same number. But I can't register more than one, and I can't register two accounts - b/c they also need my social security number, which is unique.
So I can only track a subset of shipments to me. All because somebody there (it's their own software) made the assumption that an individual can only have, or at least use, a single phone number. I did report this as a bug, with no understanding.
Go look at the keypad of a POTS touch-tone telephone. You'll see 10 digits and 2 non-numeric non-alphabetic symbols.
In fact, there are at least 16 possible characters at the signalling level, considering just DTMF alone, and not counting punctuation added at the human-readable level like hyphens, spaces, dots, and brackets. Then there's SIP. (-:
1) Do nothing and support all valid addresses (that your mail system can handle)
2) Spend development time to make your system not support all valid addresses.
Why do you spend development effort to make your software worse?
4) Realize that the added benefit of supporting weird formats are not worth the time to verify that it actually works.
As someone who works on an email client, I can absolutely tell you that using IP address literals and quoted localparts are more trouble than its worth. Chances are, the libraries you use can't handle them anyways. And if you don't try to support quoted localparts, than normalization is a lot easier. (Although I was once locked out of a system because I signed up with an email address that used capitals and the login form changed to lowercase it without changing the database storage, which meant no form I could spell it would cause it to match).
Hint: I believe domain names cannot begin with digits.
"Be conservative in what you do, be liberal in what you accept from others"
This is a recipe for disaster and code bloat. I met in the past a vulnerability that some irc clients had due to that principle.
A bit of extra effort by the developers saves a lot of people a lot of time.
I have had various email addresses of me rejected because
- of an unusual tld (email@example.com)
- it was an email of a subdomain (firstname.lastname@example.org)
- it had a two letter username (email@example.com)
... I hope
They sell it as "more secure" and I read it as "higher chance to get locked out".
I found this out because someone accidentally put my email address in a contact (see: https://xkcd.com/1279/) and then texted me to call out sick. After multiple attempts to explain that I was not actually her boss, she accused me of stealing the phone number.
That was a fun day.
Some people just also really find these fun to think about.
A list of these lists might be useful.
I don't think many of these have a useful explanation that would stay within the useful scope of a list like this. Knowing the local implementation details of Argentina dialing requirements, and why the 9 needs to be dropped, most likely involves long-gone phone carries, organic implementations, and local politics.
Expecting guidelines for most all of these is not realistic since many are just "how it is". For most, the guideline is an obvious "don't do/expect this". If your list is mostly comprised of unexpected behavior, then "falsehoods x believe" is probably ok.
As for avoiding the problem, you can't always avoid reality; sometimes you have to accommodate its weirdness, especially when dealing with > 100 year old systems with massive interoperability problems.
I feel like this teaches a way of thinking.