• LWD@lemm.ee
    link
    fedilink
    English
    arrow-up
    4
    ·
    11 months ago

    SMS messages suck because they are insecure, expensive as you noted, and tie you to something that you must continually pay for… And which, when used across multiple sites, could be used as a form of identifier. And of course, bad actors can simply buy one anyway. My hatred for phone number verification runs way deeper than Signal itself; if anything, Signal is more responsible than every website that begs for phone numbers (Microsoft, Twitter, Discord, fill in the blank)

    That much being said, I agree that there is no easier solution. People have recommended Proof-of-Work, getting your phone to complete some arbitrary mathematical equation… But this is an even weaker defense, because it hurts people with low end phones and can be worked around by people with a little bit of money or just a desktop.

    • BearOfaTime@lemm.ee
      link
      fedilink
      English
      arrow-up
      7
      ·
      11 months ago

      Bad actors can buy one.

      What does it cost to buy hundreds? It’s a great deterrent to bad actors creating many accounts.

      I really, really, really dislike using my phone number to verify. Like so much so it kept me off signal until about 6 months ago.

      I get it. I don’t like it, but I get the compromise until they can develop a better mechanism

        • jet@hackertalks.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          11 months ago

          You could run a network like signal, and either charge a small amount of money per message, or a larger amount of money to register with the network.

          Hell you could do the WhatsApp model, charge a dollar for new users, the pay for the registration verification. The same thing.

          You just need some mechanism to add friction for mass spamming, be that money time or complexity.