Upmasked has come up with an innovative SMS verification tool that provides you the privacy you deserve. Get access to free disposable SMS numbers online.
Is there any way around this? As this would seem to defeat the purpose. Using it as 2FA means all your 2FA codes get sent publicly. Using it is a temporary messenger means anybody can read those messages, etc.
It’s a race condition. They send a verification code, you use it to verify your account immediately, and then the one-time-use code is no longer usable. The others who see the codes coming in have no simple way of knowing which account the code is for, so the code is useless to them. Even if someone knows the number you used and how to reach the service, they would also have to know when you’re going to receive the code and they would have to know your userid (and possibly pw).
In short, a highly skilled adversary would have to be in your threat model. And if the adversary is so skilled that they’ve penetrated your system and rooted it, then you’re pawned anyway.
People who use the kinds of services that need your phone number aren’t really committed to privacy as an activist, but they care about their own privacy from a selfish standpoint. E.g. they’re willing to create a Google account and help a privacy abuser profit as long as their getting enough privacy for themselves (like not sharing their phone number).
I used to use pinger numbers to create accounts but evolved past that realizing that I was still feeding the privacy abuser by dancing for them and using their service. So I simply walk when asked for a phone number. It’s really the best solution.
Exceptionally, there are some situations where you already have an account (e.g. for your bank, school, or even Twitter), and out of the pure blue Twitter says “we think you’re a bot – for ‘your protection’ you must verify your phone number.” Then you’re trapped. Access to the profile you’ve built over the years is suddenly threatened, and your data is being held hostage until you surrender a phone number. In that case, the pinger number is quite useful… use it, download your data, and gtfo and don’t come back.
It’s a race condition. They send a verification code, you use it to verify your account immediately, and then the one-time-use code is no longer usable. The others who see the codes coming in have no simple way of knowing which account the code is for, so the code is useless to them. Even if someone knows the number you used and how to reach the service, they would also have to know when you’re going to receive the code and they would have to know your userid (and possibly pw).
In short, a highly skilled adversary would have to be in your threat model. And if the adversary is so skilled that they’ve penetrated your system and rooted it, then you’re pawned anyway.
People who use the kinds of services that need your phone number aren’t really committed to privacy as an activist, but they care about their own privacy from a selfish standpoint. E.g. they’re willing to create a Google account and help a privacy abuser profit as long as their getting enough privacy for themselves (like not sharing their phone number).
I used to use pinger numbers to create accounts but evolved past that realizing that I was still feeding the privacy abuser by dancing for them and using their service. So I simply walk when asked for a phone number. It’s really the best solution.
Exceptionally, there are some situations where you already have an account (e.g. for your bank, school, or even Twitter), and out of the pure blue Twitter says “we think you’re a bot – for ‘your protection’ you must verify your phone number.” Then you’re trapped. Access to the profile you’ve built over the years is suddenly threatened, and your data is being held hostage until you surrender a phone number. In that case, the pinger number is quite useful… use it, download your data, and gtfo and don’t come back.