I wanted a Twitter account but wanted to sign up anonymous and went to do a signup with Tor only to be confronted with the phone verification page. I notice this a lot lately with many of the mainstream services wanting phone verification. The phone verification for Twitter sort of defeats the whole purpose of what they are offering because many human rights activists, etc use the service and forcing peoiple to do a phone verification leaves tracks. Im just wondering if anyone knows a way around this problem? thankyou.
See https://www.wilderssecurity.com/threads/sending-and-receiving-free-sms.367107/#post-2400945 Sordid recommends https://www.raymond.cc/blog/top-10-sites-receive-sms-online-without-phone/
i'd avoid phone verifiction... if you ever change your number or get a different number while traveling then you are screwed or at least in for a lot of inconvenience.
lucygrl's point is good enough that I wonder if it would be worth raising directly with companies like Twitter, via snail mail petitions or open letters. When you have human rights activists, etc. using your services, you have an ethical obligation not to betray them to governments that might want them dead. I know, I know. Businesses and ethics... Good luck. But it might be worth a try (in the long run).
I see this as a privacy concern, since anything that links my online account life to my person is certainly not desirable. I don't use two factor authentication and with few exceptions treat my accounts as disposable: I don't have any personal information to steal Unique disposable e-mail for each account. Unique complex passwords (63 characters at most) for each account. Treat security questions as additional password fields (63 characters at most) Don't receive or send private or confidential data by electronic services. My biggest caveat with companies is limiting base character limits to less then 20 characters for passwords, relying on password strength meters which are utterly useless (e.g., weak passwords like P@SSW0RD are sufficiently complex but easy to bruteforce), reluctance to implement end-to-end encryption properly site wide, incompetence in account storage and protection. Honestly what is a code sent to your phone going to do if the source of the breach isn't you, but the company holding your data? Not to mention that there are plenty of other security features commonly ignored, such as restricting signing into accounts from non-specified devices (usually mac based). Another privacy risk factor and there is nothing stopping someone from spoofing I suppose.
I also don't like it when they block copy and pasting as that encourages the user to use a weak password as its easier to type and as you said low max password lengths.
Eh, just don't use those services. So far there isn't anything on the internet that is necessary for daily living.
SMS sites generally do indeed work until abused and then patched. So just look for a newer service. Some services ban voip. And weird. I just tested and successfully opened yet another gmail account and did not have to enter in mobile info. It did say that if I skipped the captcha it may ask for SMS verification. In regard to Twitter, I am not seeing phone input on the account creation page. Perhaps, you guys/gals are logging in from outside the US and security is being tougher.
Right. Just purely as I'm curious, Ive been watching my unused and ever so slowly dying hotmail account take it's last breath. The trouble is it keeps gasping for it's last breath. I have been and still am getting this notice coming up about putting in a phone number as a measure of extra security (yeah right ). I refuse to do it. The strange thing is it would just log me in sometimes and sometimes try the phone # thing on me. I even noticed a pattern for a while. I could get in every 7 days. Now it seems it's not budging at all. Oh well.
Yeah Gmail goes through phases where they demand them and then allow account without one for a while. But they have even limitied my real number to about 5 accounts. Before.....saying that it had been used too much. So maybe it just goes in phases.