zlacker

$6 million per year on outgoing SMS? Do not send SMS to users, make users send SMS to you instead to confirm their numbers! I have this solution for years and it works >90% of the time. The rest 10% is calling a verification number which drops calls with busy signal (no fees for the caller) but sees who is calling and is able to verify their number.

>>vizzah+(OP)
Significantly less secure. Faking the sending number is much easier than hacking SS7 and getting SMS routed to you which are not destined to you (which is also doable but require an order of magnitude more skills and ressources in my view).

>>illiac+A2
This is correct; anyone with relatively basic knowledge of VOIP can spoof any number (and CID name) they want.

>>vizzah+(OP)
It would be great if Signal wouldn't require a phone number for account setup at all

>>johndo+k8
this is in testing and coming to you early next year.

>>vizzah+(OP)
Or just kill SMS entirely. SMS is old tech from the 1990s. We have better things now, like e-mail over LTE/5G, that work across countries, across devices (whoa!), across providers, across SIM cards (wow!) allow more than 140 characters (wow wow!), and allows easy-to-remember alphanumeric identifiers for user ids (wow wow wow is this the future!). I hate SMS confirmations, I don't want to use my phone number as a username, and I will most certainly never donate to an organization that is using my donations to pay for stupid SMS texts after e-mail was invented.

>>dheera+ba
> We have better things now, like e-mail.

Funny how email, being from the 70s, is actually better.

>>illiac+59
Would invites be a solution? Anyone can sign up if they provide a number, otherwise you need an invite from someone with a number linked. It would clump the identity/legitimacy for all invitees into origin number, but still allow disparate accounts.

>>travis+Ta
It’s not about legitimacy but having a bootstrapped contact list to talk to along with other user friction reasons

>>novok+3c
In that case it doesn't make sense to make it required.

Sure, I don't mind if they ask for my phone number if they think that's a better default onboarding flow, but allow users to bypass it.

With all that said, I don't think it's really only about user friction.

>>nickff+j5
I don't think ANI is spoofable in practice. But that requires a toll-free number which costs money per minute.

>>pmlnr+Ba
I think we're all on the same page here, but the point is specifically "e-mail over LTE/5G..." (or really HTTPS over TCP/IP/LTE). I see SMS as this weird, independent, kluge of a data channel on the side, which was only cool when phones weren't yet fully interoperable with the Internet.

I feel the same way about the entire telephone system at this point.

>>serial+4g
they did not "make it required", Signal was just never developed to support anything else for username/registration. Which is what they have now almost corrected.

>>illiac+Lf1
sounds required to me.

>>serial+WN1
It's wording then. Making something required sounds like an artificial limitation whereas implementing support for usernames requires a lot of work, it's not like they commented out a couple of lines on purpose.

What is required at the moment is any phone number, not your phone number. You can use a phone booth even.