Would you be comfortable joining an instance that required you to provide your mobile phone number to send a code you enter during registration, knowing your # wouldn't be stored and only used to verify you are not a spammer? #askFedi #fediverse
- That's fine (20%, 348 votes)
- I'd cautiously consider (40%, 699 votes)
- Not at all (33%, 577 votes)
- Just show the results (6%, 108 votes)
reshared this
infinite love ⴳ
in reply to dansup • • •dansup
in reply to infinite love ⴳ • • •infinite love ⴳ
in reply to dansup • • •Lee 🌏
in reply to dansup • • •Ankit Pati
in reply to dansup • • •eons Luna
in reply to dansup • • •sorry, but most likely no. If it’s for 2-factor authentication, phone/SMS-based ones have also been shown to be less secure as well as they are susceptible to SIM-jacking attempts.
Mastodon already has built-in app-based 2FA support, and I’m already using it for my account. There’s no need to use mobile phones for this.
dansup
in reply to eons Luna • • •eons Luna
in reply to dansup • • •Thomas Dorr
in reply to dansup • • •tofuwabohu
in reply to dansup • • •Fernando
in reply to dansup • • •dansup
in reply to Fernando • • •Fernando
in reply to dansup • • •dr 🛠️🛰️📡🎧:blobfoxcomputer:
in reply to dansup • • •How would I "know" this?
I see these claims on websites all the time "we'll never XYZ your ABC". How are they verified?
dansup
in reply to dr 🛠️🛰️📡🎧:blobfoxcomputer: • • •@davidr Great point, that's why I made this poll.
If I do implement this in @pixelfed, the source code will be auditable, but I get that it's possible to edit it in production.
I'm considering this as a possible solution, but only if there is a general consensus that supports it.
Light/386 2.1
in reply to dansup • • •Григорий Клюшников
in reply to dansup • • •dansup
in reply to Григорий Клюшников • • •Григорий Клюшников
in reply to dansup • • •Steve Dinn
in reply to dansup • • •Andy Carolan :prami:
in reply to dansup • • •anti42 Ⓥ
in reply to dansup • • •I'd have to be convinced it's useful or does something. On the surface,, it sounds like security theater.
I'm not sure how it's actually useful or prevents misbehavior. It seems like it only works by being a hindrance. Doing that intentionally is a bit ableist, to a greater extent than it's effective.
Dave
in reply to dansup • • •schwöns
in reply to dansup • • •MyonlinePi
in reply to dansup • • •Eric the Cerise
in reply to dansup • • •... because you **cannot know** your # won't be saved and sold and spammed.
@profcarroll
Geoff
in reply to dansup • • •I have a disposable SIM I use when I have to give it a phone number, so I'm already in a weird category. That said, I can be persuaded to use that number for registration if I have to.
But I'd honestly be reluctant to trust any site that said this, because:
+ if it's genuinely not stored, a spammer can use the same number for 10,000 registrations and then just get another number, or
+ some process will complain about the number being reused, showing it really is being stored somewhere.
gdt
in reply to dansup • • •@pixelfed
Besides the privacy issue, there is standing in solidarity with those who do not have mobile phones.
Mindful Student
in reply to dansup • • •LPS
in reply to dansup • •Don Whiteside
in reply to dansup • • •Lunatech
in reply to dansup • • •What makes you think that everyone on the planet even HAS a mobile phone? In many parts of the world those cost money and not everyone has them. And even people who do have them to often don't want to give out their number to random services on the Internet, for fear of getting increased junk/spam calls or other misuse. There is really know way of "knowing" your number wouldn't be stored and misused, as your question presupposes.
Personally I think this is a terrible idea, both because of the discrimination against people who do not have mobile phones, but also because you are asking users to trust random instance owners not to do anything bad with their phone numbers. The "bad apples" among instance owners (can you absolutely guarantee there aren't any?) are probably hoping something like this will be enabled real soon now!
j.r / Julian
in reply to dansup • • •Musta dawned on me thusly
in reply to dansup • • •Beto ⛰️🏃🏽
in reply to dansup • • •Kevin Davidson
in reply to dansup • • •If you’re not storing the number, what prevents a spammer using just one number to set up 10,000 accounts?
Bèr Kessels 🐝 🚐 🏄 🌱
in reply to dansup • • •this only fights spam accounts on large centralized instances.
And we don't want large, centralized instances.
We want to encourage many, small, federated instances. So IMO any effort to improve spam fighting, should go to tools and tech for fighting spam in a world with many, small, federated instances.
Steve Atkins
in reply to dansup • • •ottO
in reply to dansup • • •