zlacker

[parent] [thread] 6 comments
1. supriy+(OP)[view] [source] 2023-11-16 16:51:02
Phone number verification is used to verify the user's registration intent, so not really.
replies(2): >>explai+L8 >>Aachen+oj
2. explai+L8[view] [source] 2023-11-16 17:23:09
>>supriy+(OP)
A Flow:

> Service A => User: Please Enter Your Phone Number and Email

> Service A => Clearinghouse: Please verify phone number XXX wants to sign up for an account with us

> Clearinghouse => User (SMS): Please respond with the Email you used at signup to confirm you want an account with Service A

Later...

> Service B => User: Please Enter Your phone number and Email

> Service B => Clearinghouse: Please verify phone number XXX wants to sign up for an account with us

> Clearinghouse => User (Email): Please verify you want an account with Service B

Not saying it's great (providing email twice is annoying), but it's something.

replies(1): >>rezona+gc
◧◩
3. rezona+gc[view] [source] [discussion] 2023-11-16 17:36:20
>>explai+L8
This does not reduce the overall cost, it just shifts it to the clearinghouse. Who pays the clearinghouse so that they can cover their own exorbitant SMS costs?
replies(1): >>explai+si
◧◩◪
4. explai+si[view] [source] [discussion] 2023-11-16 18:03:10
>>rezona+gc
You miss the crux of it: the second time onward the clearing houses uses email to authenticate the previously-SMS-verified account.
replies(1): >>supriy+yj
5. Aachen+oj[view] [source] 2023-11-16 18:06:12
>>supriy+(OP)
"Sign in with $Clearinghouse" could bring you to a page that prompts whether you want to share a user ID or the phone number, as required, with that service.

The clearing house verifies you only once, or once a year, instead of every time. If the clearing house were to be a nonprofit, perhaps even set up by Signal themselves to spread costs with similar services, that has to be cheaper.

It also gives users confidence that only a randomized user ID was shared, so it won't be used for cross-service correlation and tracking, if the service didn't actually need your phone number but only some identifier.

◧◩◪◨
6. supriy+yj[view] [source] [discussion] 2023-11-16 18:07:10
>>explai+si
The clearinghouse may not have the user’s most recent email address, which is common amongst non-tech people. My mom and aunts have lost many email addresses this way and forcing them to use an older email would cause many issues.
replies(1): >>explai+wk
◧◩◪◨⬒
7. explai+wk[view] [source] [discussion] 2023-11-16 18:11:17
>>supriy+yj
The app has to ask for email/phone to begin with (see step 1), if the email doesn't match then phone would be used as fallback, or potentially as a "Didn't Receive Code?" gesture.
[go to top]