zlacker

Phone numbers have become the de facto version of "Internet stamps" for identity verification.

They are near-ubiquitous on a per-user level, but hard to accumulate without significant cost. (Unlike email addresses.)

But the down side is that phone verification tends to be on a per-service level. So, for instance, Signal incurs these costs when they verify their users, and every other service incurs these same costs when they verify _their_ users.

There are a number of businesses out there that are trying to act as clearinghouses, where they verify the users once, then allow the users' verified profiles to be confirmed by multiple services.

I wonder if any of those could be used to reduce these "registration" costs.

replies(3): >>supriy+f >>beefee+ub >>switch+eJ2

>>jawns+(OP)
Phone number verification is used to verify the user's registration intent, so not really.

replies(2): >>explai+09 >>Aachen+Dj

>>supriy+f
A Flow:

> Service A => User: Please Enter Your Phone Number and Email

> Service A => Clearinghouse: Please verify phone number XXX wants to sign up for an account with us

> Clearinghouse => User (SMS): Please respond with the Email you used at signup to confirm you want an account with Service A

Later...

> Service B => User: Please Enter Your phone number and Email

> Service B => Clearinghouse: Please verify phone number XXX wants to sign up for an account with us

> Clearinghouse => User (Email): Please verify you want an account with Service B

Not saying it's great (providing email twice is annoying), but it's something.

replies(1): >>rezona+vc

>>jawns+(OP)
A service that requires a telephone number simply shouldn't be called an Internet service. It can't be used purely over the Internet.

Telephone numbers are fundamentally incompatible with privacy. Signal's leadership knows this, but they don't appear to care.

>>explai+09
This does not reduce the overall cost, it just shifts it to the clearinghouse. Who pays the clearinghouse so that they can cover their own exorbitant SMS costs?

replies(1): >>explai+Hi

>>rezona+vc
You miss the crux of it: the second time onward the clearing houses uses email to authenticate the previously-SMS-verified account.

replies(1): >>supriy+Nj

>>supriy+f
"Sign in with $Clearinghouse" could bring you to a page that prompts whether you want to share a user ID or the phone number, as required, with that service.

The clearing house verifies you only once, or once a year, instead of every time. If the clearing house were to be a nonprofit, perhaps even set up by Signal themselves to spread costs with similar services, that has to be cheaper.

It also gives users confidence that only a randomized user ID was shared, so it won't be used for cross-service correlation and tracking, if the service didn't actually need your phone number but only some identifier.

>>explai+Hi
The clearinghouse may not have the user’s most recent email address, which is common amongst non-tech people. My mom and aunts have lost many email addresses this way and forcing them to use an older email would cause many issues.

replies(1): >>explai+Lk

>>supriy+Nj
The app has to ask for email/phone to begin with (see step 1), if the email doesn't match then phone would be used as fallback, or potentially as a "Didn't Receive Code?" gesture.

>>jawns+(OP)
> but hard to accumulate without significant cost

Varies heavily by region. The shop opposite my house has ~50 SIM cards on the shelf, for £0.99/ea.