Linking pseudonyms from two different networks (in this case, Twitter and the phone system) together is a classic and serious privacy leak.
It's far from clear exactly what information Twitter, in its longtime effort to combat spam, has already collected on its users. Throwing a phone number into the mix expands to range of activities that can be unambiguously tied to the same individual. Given that Twitter certainly knows IP addresses of its users, it's trivial to do things like link site visits directly to an individual answering the phone number.
Unfortunately, most people simply don't understand the implications of any of this. They don't understand what an entity, "authorized" or not can do with this kind of data. They are far too trusting of governments and other powerful entities to do the right thing. They have not been paying attention to the steady erosion of civil liberties around the world and can't conceive of, for example, ever ending up in prison for some lame post they made 10 years ago.
I agree. The first thing I thought was that someone will build a script that creates a Twitter account then simply uses Twilio's API to create a valid phone number to receive verifications.
"I agree. The first thing I thought was that someone will build a script that creates a Twitter account then simply uses Twilio's API to create a valid phone number to receive verifications."
Unfortunately, this will not work.
Twilio numbers are not "mobile" numbers and cannot receive SMS from shortcodes.
So while your twilio number can send/receive SMS just fine, it can't receive SMS from a shortcode.
As of my recent conversations with multiple Twilio engineers at Signal 2018, there are no exceptions to this rule - once a number is owned by Twilio it ceases to be a "mobile" number and networks providing shortcodes cannot send SMS to it.
In my experience, all banks/twitters/facebooks/etc. use shortcodes to send their auths/2FA/etc.
So it won't work, I'm afraid. I have heard, however, that there are some smaller twilio competitors that provide true mobile numbers but I forget the name(s) of those providers and honestly, I would be worried that those numbers would get blacklisted or filtered in some other way.
There's a reason other carriers refuse to send shortcode SMS to "non mobile" numbers ...
It won’t do. Twilio (and basically majority of other virtual number providers, except of very tiny few located in Europe) do not provide regular cell-type text messaging capabilities, but rather something PBX pros call “short codes”.
No self-respecting provider out there, be it Twitter Facebook, Gmail, Yahoo, Instagram, etc. will deliver your confirmation info via a short code. so you need regular ported cell number like Verizon or Tmobile.
Twitter allows up to 5 accounts created on one cellphone number, given you give each other few days of rest and use popular VPN.
> Twilio (and basically majority of other virtual number providers, except of very tiny few located in Europe) do not provide regular cell-type text messaging capabilities, but rather something PBX pros call “short codes”.
Twilio provides both regular phone numbers with SMS and MMS capability and short codes, the latter primarily for high-volume outbound messaging.
"Twilio provides both regular phone numbers with SMS and MMS capability and short codes, the latter primarily for high-volume outbound messaging."
Your parent is correct - you've missed each others' points.
Twilio sourced numbers cannot receive SMS from other shortcodes. No exceptions. They are not "mobile" numbers.
So yes, your twilio sourced number can send and receive SMS and you can even rent a shortcode from twilio and send/receive with that. What you cannot do is get a "normal" twilio number and receive shortcode messages.
For that reason, providing a twilio number to a provider like twitter or facebook will not work - they all typically send their auth messages via shortcode.
Those won’t work either with most big services asking for verification. There’s subreddits dedicated to getting non VOIP phone numbers (which Twilio isn’t) for verification.
And they've been trying to collect phone numbers for years. Any time an account is suspended, they try to require a phone number for it to log back in, for example.
At the risk of going off topic (and without responding to the issue of Twitter requiring real phone numbers), I want to make a point regarding your last sentence. If a post is somehow sufficient to (potentially) warrant a prison sentence (eg for leaking state secrets or inciting terrorist acts), then I would suggest the amount of time that has passed is irrelevant (within jurisdictional bounds). If a crime has been committed, responding to that within the statue of limitations is not an issue of civil liberties. Getting away with a crime (something worthy of s prison sentence) is not a civil liberty anyone enjoys.
You're thinking too big. Think smaller and more common.
Said something unpleasant about someone ten years ago? Guess what, he's the sheriff now, and has money in the budget to buy social media data on his enemies, or the freedom to tap into any shared federal database he likes. Next thing you know, there's a speed trap at the end of your block and each member of your family gets pulled over each day for a vehicle inspection.
These sorts of things weren't unheard of before the internet. The abuse of big data just makes it easier now.
I think you forget that not every government is so nice. A comment against a young politician today could be a comment against the sitting dictator in 10 years that won’t care so much about the statute of limitations.
This is the reason I bailed while trying to create a twitter account recently. How often do you change your phone number? Once these ad companies get hold of your phone number they can track you across multiple services and build a complete profile of everything you do and track your every move.
From an accounting perspective in this hypothetical scenario I believe that you would not be legally allowed to dip into the deposit money save for that recovered through bans. Which creates very perverse incentives.
Hasn't that battle been lost for a while now though? How many different services have linked phone numbers with email or some other handle? (Particularly for 2FA)
On the few accounts I've been required to use that require a phone number, I've given them one. It just happens to be one from a modem phone pool.
I'll worry about what problem that may cause when it becomes one. Usually, these are for stupid things required for some project or another and the need for them is time-limited. I will not use FB, and have a pile of Twitter accounts with no phone numbers attached if I ever have reason to care about that.
And at the rate we're destroying trust in the phone system with spam, I don't think anyone will expect pickups in a few more years.
Quite many services require phone numbers. But services like reddit, GitHub, lobste.rs, or hacker news don't. Twitter has been in that list itself, but now is outside.
Twitter knows what IP you connect from, which might easily be through a VPN. The flip side of low-friction authentication is epidemic abuse by trolls, which arguably damages Twitter's brand.
Unfortunately, most people simply don't understand the implications of any of this.
I am soo tried of hearing this excuse for mass censorship
First of it MASSIVELY over used to the point where people call anyone that disagrees with them "a troll" or a bot.
Twitter is hurting their own brand by their obvious political bias and selective enforcement of rules largely dependent on outrage mobs to "report" rule violations.
Like real names policies before it, these types of "verification" scheme do little to curb actual abuse, and in many cases shuts out moderate voices
Twitter is already quickly heading off a cliff where 2 political extremes are left yelling past each other (not actually communicating or discussing anything), and this policy will do nothing to change that
//disclosure, I have never, and will never have a twitter account
* Random meaningless names like "lucy2342", "23markbeard"
* No profile picture or a very obviosly random picture
* Generic descriptions that dictate obvious political alignment like "Mother. Southwest USA, Republican, MAGA!"
* No original content in their timeline except for retweets of political articles from garbage content farms
* Really bad English grammar for whenever the bot requires human intervention.
They generally brigade tweets and have a complete lack of interests outside of this narrow activity.
1. It’s very strange for someone to both claim that they never use Twitter and also claim “abuse” is an overblown excuse. Twitter is currently the model platform for large scale mob justice and harassment.
2. The “real name” policy is effective on Facebook for the type of abuse Twitter is trying to curtail. It would help if you explain why you feel the real name policy is ineffective. In any case, only Facebook (the product) actively enforces a real name policy.
Having to provide a phone number isn't mass censorship.
Twitter is hurting their own brand by their obvious political bias and selective enforcement of rules largely dependent on outrage mobs to "report" rule violations.
Like real names policies before it, these types of "verification" scheme do little to curb actual abuse, and in many cases shuts out moderate voices
Guess what, I just reported a guy with 106k followers that is inciting thousands of them to get ready for mass hangings of their political enemies "at a scale which will rock this world for 100 years" with gruesomely detailed threats against specific individuals. A self-professed adherent of the same conspiracy theory/cult committed a murder in New York just a week or two ago.
But I'm the bad guy in this scenario for saying that organizing murder might violate the Terms of Service.
Oh, but you were being totally sincere when you took my comment about 'epidemic abuse by trolls' and complained that such terms were 'MASSIVELY over used to the point where people call anyone that disagrees with them "a troll" or a bot.'
I don't care what you were talking about. I was clarifying what I had been talking about before you came along and attempted to change the subject.
What's "MASSIVELY overused" is the trope where getting banned from a website equates to mass censorship. You're not entitled to a platform on twitter. If you get banned from twitter go do something else on the internet or beg for forgiveness and use their platform under their terms.
I always fine is amusing when Authoritarians that support censorship all of a sudden love liberty when they can use it to support censorship
The fact that I do not have a "right" to use twitter has no bearing on if Twitter engages in mass censorship of their platform, I did not claim that I have a right to use twitter, or that twitter did not have a right to censor it
Twitter can come out tomorrow and say only left identitarians are welcome on twitter, and everyone else would be banned. That would be be mass censorship AND with in their rights as a private company
It's far from clear exactly what information Twitter, in its longtime effort to combat spam, has already collected on its users. Throwing a phone number into the mix expands to range of activities that can be unambiguously tied to the same individual. Given that Twitter certainly knows IP addresses of its users, it's trivial to do things like link site visits directly to an individual answering the phone number.
Unfortunately, most people simply don't understand the implications of any of this. They don't understand what an entity, "authorized" or not can do with this kind of data. They are far too trusting of governments and other powerful entities to do the right thing. They have not been paying attention to the steady erosion of civil liberties around the world and can't conceive of, for example, ever ending up in prison for some lame post they made 10 years ago.