upvote

points

by bluebarbet14 hours ago |
comments
upvoteby simonra9 hours ago|
next
[-]
> I've never understood why so many people still chain their identities to physical SIM or even eSIMs. It's so fragile.

Living in a place where getting a replacement sim is gated behind obtaining an id from the police tied to your national id number, I wish there were other identity systems which were as robust. Much easier to get back to normal operations when the id device becomes damaged or lost with a physical sim you can shove into a cheap replacement device, than relying on backup services you need one of your digital id devices to access in the first place, especially if they're all lost at the same time in a house fire or something. The police will presumably get all my photo backups and savings if they ask nicely anyways, so the big threat to the single point of failure doesn't have a great marginal impact, while I dread the possibility of having to recover the accounts I can't get back through the local legal system given the poor 2fa recovery ecosystem.

reply
upvoteby bluebarbet7 hours ago|
parent|
[-]
>Much easier to get back to normal operations when the id device becomes damaged or lost with a physical sim you can shove into a cheap replacement device

If the device can get damaged or lost, then the SIM can too. To buy a physical SIM or rent a virtual number online, in most jurisdictions you need to provide ID docs these days, so nothing is changed there.

reply
upvoteby lxgr14 hours ago|
prev|
[-]
Yeah, that's a good workaround. Google Voice can work too.

Unfortunately, more and more services are declining to send to VoIP numbers because of seCurItY, so it's a game of cat and mouse.

Fortunately SMS is so expensive in parts of Europe and it's not allowable anymore to use SMS by itself for online payment authentication, and both issues combined have slowly been pushing companies to explore alternatives.

There unfortunately seems to be no such pressure in the US. Passkeys could solve the issue, but probably increase support request volumes enough for most companies to not bother unless forced.

reply
upvoteby Marsymars10 hours ago|
parent|
[-]
If you port a landline number to a VoIP service, services can't really tell that you're using VoIP, as far as I can tell.
reply
upvoteby toast04 hours ago|
parent|
next
[-]
It's easy and cheap to determine the original carrier (or its sucessor) for a US phone number. It costs money to do a porting lookup to determine the current carrier.

Most of the reason to deny voip users is that many voip services give phone numbers away like candy and then those phone numbers are used to abuse other services, so checking the original carrier tends to be enough for abuse screening.

Some use cases want more though. Banking KYC has some back channel to get subscriber identification or be alerted when ownership changes; those institutions may be willing to pay for current carrier lookups and deny usage of numbers where they don't have a back channel to the current carrier.

reply
upvoteby Marsymars1 hours ago|
parent|
[-]
This is great info, thanks!
reply
upvoteby lxgr7 hours ago|
parent|
prev|
next
[-]
In the US, I belive there are three number categories in the NANP porting database (wireline, cellular, and VoIP), and SMS senders can definitely tell, even though it might take a while (presumably there's a lot of caching going on).

If you're lucky, the service you care about only validates at number registration time, not at text sending time, and you can get away with it indefinitely, I suppose.

reply
upvoteby wasabi9910119 hours ago|
parent|
prev|
[-]
I thought that too but many carriers around me don't allow porting any VoIP-using number back to cellular. (Not sure if you were making a distinction between landline and cellular)

Unfortunately that means that my cell number which I wanted to temporarily park into VoIP while abroad is now permanently VoIP.

reply