Using disposable phone numbers for better security(shkspr.mobi)
shkspr.mobi
Using disposable phone numbers for better security
https://shkspr.mobi/blog/2023/09/using-disposable-phone-numbers-for-better-security/
50 comments
Depends on the country though. It’s not easy to get a no questions asked w/o having to prove who you are SIM as PAYG in all places.
What I feel we need is from the mobile operators a service like “hide my email” option from iCloud you keep your mobile number but give out per use generated or pre generated throwaway disposable numbers that can be used similar to the use case described in the article w/o having to go and buy a new sim.
Shouldn’t be that hard to setup from a mobile operator perspective surely ?
Also btw if you think your number which you shared with your family and banks are safe and not outed it’s a myth . Even on apps like LinkedIn I have found if you provide access to your contact list they get to harvest your contacts and the numbers.
Sure, but I'm not trying to protect my privacy from the phone network or the government.
I just want my delivery driver to stop sending me creepy texts.
And if my pizza place leaks my number, I can throw it away without having to tell friends to update their address books.
I just want my delivery driver to stop sending me creepy texts.
And if my pizza place leaks my number, I can throw it away without having to tell friends to update their address books.
I think we're fortunate in the UK that you can just pick up a PAYG SIM at almost any cornershop. Perfect for these "verification" code SMSs. One of the main reasons I got dualsim phone as well.
I've not bought them in a while, but don't most networks still require you to "activate" them, setting up an account with your personal details? It's possible that they don't rigorously check them though
I very much like if Apple adds "Hide my number" option to iCloud+.
> no questions asked w/o having to prove who you are SIM
The blogger said nothing about all this. That's totally over the top just to obtain a disposable number. He's talking about a prepaid SIM; but when I signed up to AT&T they didn't ask and I didn't tell, but who cares? That's not the point here.
The blogger said nothing about all this. That's totally over the top just to obtain a disposable number. He's talking about a prepaid SIM; but when I signed up to AT&T they didn't ask and I didn't tell, but who cares? That's not the point here.
Given that many services do not accept VoIP numbers now and some even reject prepaid mobile numbers I'm not sure how long a service like this would work. Although maybe if Apple made it a default perhaps it couldn't be blocked like with their private relay or iCloud hidden emails.
Seriously? Who rejects prepaid numbers? I haven't had a contract phone number in 20 years.
I can't complete opening an account with Capital One because I have prepaid wireless. When talking to customer service, they said this happens and there's no fix. Ubisoft Connect (their Steam competitor) also rejects it.
From personal experience, if you can in your area, ditch em. There's a bunch of banks and brokers who will not require a permanent phone if you have a physical address or similar. As long as you can prove habitation and/or that you're a real person, there's almost no justification. Mine's fine with me rarely even having a functional phone (I top up pre-pays only when I need them. Most months nobody I care about directly calls me.)
It was a F2P first person shooter that uses phone numbers for verification. CoD I believe, but it looks like blizzard does it as well for battle.net.
I remember it because before that I assumed they had no way to determine how the phone number is purchased, but I think they can just blacklist prepaid providers.
I remember it because before that I assumed they had no way to determine how the phone number is purchased, but I think they can just blacklist prepaid providers.
Is there a SaaS version of this, sort of a Mailinator for phone numbers? Is it possible to hook something like that up with Twilio or another VOIP provider?
There's Burner (https://burnerapp.com) and I'm sure there are at least a handful others around.
I use TextNow for those times that I have to give a number. https://www.textnow.com
You can't use it for certain 2FA situations, but it works for Craigslist transactions or when some business requires it.
You can't use it for certain 2FA situations, but it works for Craigslist transactions or when some business requires it.
Awesome, thanks! Looks like it's only one alternate number at a time, but that's probably enough for spam.
I did look at trying to launch one (as described in the article) but there were some regulatory hurdles.
Places like Twillio and SIPgate will happily let you rotate numbers - but there is a cost and they're often not tied to a specific SIM.
Places like Twillio and SIPgate will happily let you rotate numbers - but there is a cost and they're often not tied to a specific SIM.
Ah sorry, I skimmed the article but missed that paragraph! Why do you think the demo went nowhere?
Whatever the opposite of NIH Syndrome is. Because no one was selling it, they couldn't value it.
There was also some concern that apps wouldn't go for it because it made their users look untrustworthy.
There was also some concern that apps wouldn't go for it because it made their users look untrustworthy.
This can already be done with credit cards in Brazil.
Nubank [https://nubank.com.br/en/] lets you create as many virtual credit cards as you want, and you can delete them right away after using them. I now create one for each online transaction.
I imagine phone numbers will eventually be treated the same, specially once eSIM gets more and more common and the number is not tied to a piece of plastic anymore.
In Canada, as I assume is the same as US, even a new phone number will get bombarded with spam calls as soon as you turn it on.
I really like the idea of the post and would love to have phone numbers work like Nubank's credit card, and I would be able to create a new number (already tied to my information), use it on less reliable things, then delete it once it was over.
Nubank [https://nubank.com.br/en/] lets you create as many virtual credit cards as you want, and you can delete them right away after using them. I now create one for each online transaction.
I imagine phone numbers will eventually be treated the same, specially once eSIM gets more and more common and the number is not tied to a piece of plastic anymore.
In Canada, as I assume is the same as US, even a new phone number will get bombarded with spam calls as soon as you turn it on.
I really like the idea of the post and would love to have phone numbers work like Nubank's credit card, and I would be able to create a new number (already tied to my information), use it on less reliable things, then delete it once it was over.
Thanks. I had never heard of this and I'm surprised its not widely available in America. How does the actual process of creating a new virtual credit card every time work?
Ex: I go to Ebay / Amazon / Alibaba / Walmart / Etsy / Newegg / NoNameSpecialtySite on my phone/desktop/both and make an order. Lets say I make two in a day. One from phone while at work and one from desktop at home. How does that actually occur, and does, Amazon for example, then show me as using a long list of defunct cards? If I make 30 purchases a month, do I have 30 defunct cards on file? Do they freak out about the "we see you're using a new card" all the time, or "you look like a card thief to our algorithm"?
Ex: I go to Ebay / Amazon / Alibaba / Walmart / Etsy / Newegg / NoNameSpecialtySite on my phone/desktop/both and make an order. Lets say I make two in a day. One from phone while at work and one from desktop at home. How does that actually occur, and does, Amazon for example, then show me as using a long list of defunct cards? If I make 30 purchases a month, do I have 30 defunct cards on file? Do they freak out about the "we see you're using a new card" all the time, or "you look like a card thief to our algorithm"?
You just go into the app and click "Create card". Within seconds it will show you the number, expiration date and security code. And you can name it.
Then you use it like a normal card, so on the retailers it will be just like you use a physical card.
For example, I wouldn't have one card per purchase for Amazon, but one virtual card for Amazon that I would switch every few purchaces or something like that.
I haven't had any issues with this and have been doing it for a few years now.
Then you use it like a normal card, so on the retailers it will be just like you use a physical card.
For example, I wouldn't have one card per purchase for Amazon, but one virtual card for Amazon that I would switch every few purchaces or something like that.
I haven't had any issues with this and have been doing it for a few years now.
In the UK, this is already possible - Lebara Mobile lets you get a new number entirely for free with immediate esim delivery.
Side effect is that lots of companies now ban Lebara Mobile because the fraud rate from their whole range of numbers is really high.
Side effect is that lots of companies now ban Lebara Mobile because the fraud rate from their whole range of numbers is really high.
Privacy.com does it too, like Blur.
And Capital One has it too, less configurable though.
BofA used to have it. I remembers that it was a Flash popup window. But it's gone now, guess it was cheaper to sunset than to rewrite in Javascript.
And Capital One has it too, less configurable though.
BofA used to have it. I remembers that it was a Flash popup window. But it's gone now, guess it was cheaper to sunset than to rewrite in Javascript.
[deleted]
Until someone has you in your contact list, they use WhatsApp, and oops now Facebook has your real name and phone number. Should Facebook get compromised this combination of PII is in the wild. 2FA requirement is another example.
Instead, I assume my phone number is compromised, and my address is leaked. I'm wary on receiving anonymous phone calls. I only pick up my phone saying 'yeah?' or my first name. If it is a hostile caller then I simply hang up. Don't argue, don't comment. Hang up.
However if I were to receive a lot of BS calls I'd implement the mentioned system. I believe this is also why 2FA over mobile was rolled out by data gathering companies: to get your phone number.
Instead, I assume my phone number is compromised, and my address is leaked. I'm wary on receiving anonymous phone calls. I only pick up my phone saying 'yeah?' or my first name. If it is a hostile caller then I simply hang up. Don't argue, don't comment. Hang up.
However if I were to receive a lot of BS calls I'd implement the mentioned system. I believe this is also why 2FA over mobile was rolled out by data gathering companies: to get your phone number.
There is no reason someone would have a one time throwaway number saved in my name.
Using a dynamic phone number for friends & family is impractical, and you cannot control which apps they run or whom they give your static phone number to.
Ok I see the issue. I don't give my phone number to anyone and only use random throwaway numbers on internet services.
There is no way to link anything over that.
There is no way to link anything over that.
I hate that there isn't a privacy.com like service for phone numbers.
Ironvest (previously called Blur) has a service where they give you a virtual number...but it's only one number, and once you start using it at enough places, it becomes hard to delineate what's junk and what's not.
I want something like what OP is describing wherein I can give trusted entities my real phone number and every other business I interact with some different number that I can terminate whenever.
Ironvest (previously called Blur) has a service where they give you a virtual number...but it's only one number, and once you start using it at enough places, it becomes hard to delineate what's junk and what's not.
I want something like what OP is describing wherein I can give trusted entities my real phone number and every other business I interact with some different number that I can terminate whenever.
The trouble I've found is that there are no 'clean' numbers in the US, all numbers get spam calls. Pick any number and you'll get unexpected calls on it.
In the US, it's safest to only accept calls from numbera you've got in your contacts list.
Yep, voicemail catches the rest, transcribe means I'm only bothered for seconds reading a spam message.
That sounds like a nightmare.
But, at least with this method you'll know if your "credit card" calls you on the wrong number.
But, at least with this method you'll know if your "credit card" calls you on the wrong number.
Assuming uniform distribution of spam calls, wouldn't you just get twice as much "credit card" spam calls? (With half of the calls easily identifiable as fake but still more painful than just the normal amount of spam calls)
Some of is live in countries with semi-decent telco regulators.
The number of spam calls & texts I receive in the UK is minimal.
I suggest lobbying your politicians or moving somewhere with better enforcement.
The number of spam calls & texts I receive in the UK is minimal.
I suggest lobbying your politicians or moving somewhere with better enforcement.
After a decade or more of serious spam call issues, there is finally some enforcement, some. It has gotten better but far from how things were before VoIP.
https://en.wikipedia.org/wiki/STIR/SHAKEN
https://en.wikipedia.org/wiki/STIR/SHAKEN
Somewhat related: I'm teaching a class on Android, and generally do a lot of development stuff. Anyway, I wanted to set up an actual Google account on an emulator.
Nope, can't to it. It insists on a phone number, but my real phone number is somehow unacceptable. Probably because it is already tied to X other Google accounts.
So...what's the best solution? This must be s common problem for anyone doing Android development?
Nope, can't to it. It insists on a phone number, but my real phone number is somehow unacceptable. Probably because it is already tied to X other Google accounts.
So...what's the best solution? This must be s common problem for anyone doing Android development?
Gosh I hate when they want unique phone numbers.
I have a total of 6 LLCs(only 1 of them is profitable), and I use my same phone number for all of them.
I have a total of 6 LLCs(only 1 of them is profitable), and I use my same phone number for all of them.
Create a virtual number with google voice, it is free.
I really like your suggestion. Sadly, it didn't work for me. My email address was once associated with a small company (that my wife and I ran). So Google considers it to be a commercial address, and wants $10/month for a Google Voice number.
Chickens and eggs: I want a new Google account, for which I need a new phone number. But to get a new phone number, I need a different Google account.
Annoying...
Chickens and eggs: I want a new Google account, for which I need a new phone number. But to get a new phone number, I need a different Google account.
Annoying...
Except, oh wait! To use this service, you need to create an account, and 2FA is required.
What? You threw your number away? Tough shit, I guess.
What? You threw your number away? Tough shit, I guess.
Or you could just use apps like session that never require a phone number in the first place.
How do I get my local pizza place or international delivery network to sign up to a new app?
You don't. You order via their website and give them your e-mail address instead.
For The Netherlands, I always give out the fake number 0612345678. A lot of people do that, and some Dutch websites recognize it as invalid. But American and Chinese websites accept it fine.
For The Netherlands, I always give out the fake number 0612345678. A lot of people do that, and some Dutch websites recognize it as invalid. But American and Chinese websites accept it fine.
That's great. Until the pizza guy needs to ring because he can't find my address.
The pizza guy knows 0612345678 is fake (every Dutch person knows). Did I mention they do get my throwaway email address?
That's nice. But how do they ask for directions to your house if they're lost?
Sometimes - and I know this makes me unusual - I want to receive a phone call. A delivery driver letting me know they'll be early / late. A Freecycler letting me know where their house is. Someone calling me about my lost cat.
If I give a fake number, I cannot speak to people.
Sometimes - and I know this makes me unusual - I want to receive a phone call. A delivery driver letting me know they'll be early / late. A Freecycler letting me know where their house is. Someone calling me about my lost cat.
If I give a fake number, I cannot speak to people.
A pizza deliverer getting lost is from the time before they were using these bikes with GPS and Google Maps. I've been living on this address for almost 10 years now, and only once had a package (never food) been delivered wrong (at an adjacent street, same number). Unfortunately it contained about 500-800 EUR worth of material, but I received it from that neighbor 1 week later.
Now, that is my situation. If you have some kind of complex address which isn't clear on Google Maps then perhaps having decent contact details is more clever. But I still have two concerns on your argument: 1) in my example, they have my e-mail address already so they can contact me 2) even if you get your pizza delivered wrong, that is the problem of the deliverer. Not yours.
Once I had my neighbors who got a cold pizza delivered. They called up and got a new one, and gave the old one to us (I think also some to other neighbors). We put it in parts in the mini oven we had back then and enjoyed our free pizza. Which ended up as our favorite from that specific pizzeria.
Now, that is my situation. If you have some kind of complex address which isn't clear on Google Maps then perhaps having decent contact details is more clever. But I still have two concerns on your argument: 1) in my example, they have my e-mail address already so they can contact me 2) even if you get your pizza delivered wrong, that is the problem of the deliverer. Not yours.
Once I had my neighbors who got a cold pizza delivered. They called up and got a new one, and gave the old one to us (I think also some to other neighbors). We put it in parts in the mini oven we had back then and enjoyed our free pizza. Which ended up as our favorite from that specific pizzeria.