There's a much harder problem, granted, but the world needs a throwaway SMS service. Even Imgur needs a phone to sign up now :(
There are already some services like this, however it seems they have a smallish pool of phone numbers. Eventually everyone uses those to sign up, one time, somewhere (like Imgur) and that number is then useless for that site.
I’m the founder of Unlisted (https://www.unlistedapp.com) and this is exactly the problem I was aiming at when building our private number service.
Unfortunately today, however, many sites will detect VoIP numbers and refuse to send messages to them. There are two reasons: 1) The app detects that it is not a “real” number and blocks its entry, or 2) the number is accepted but no message is ever received. In the second case, the “call with a code” option does usually work though. The reason is that short code providers negotiate delivery outside of the normal framework that long code (“normal”) numbers use. Most apps like Unlisted are using Twilio as a provider and these agreements just aren’t in place.
I’ve been running Unlisted for over 6 years so have a bit of experience around this space. Am happy to answer any questions!
Hi, I have some questions regarding your privacy policy. It appears that Unlisted maintains records of IP addresses, calls, texts, contacts, voicemails and lots of other metadata.
I admire the goal of trying to provide a convenient way to increase privacy when using SMS, but this feels a bit invasive. That's a lot of collected data. Unlisted has access to the entire history of all my conversations and calls. Why not encrypt most of the at-rest data with the user's password and decrypt it client-side? This is common practice for the more privacy-leaning email providers, such as ProtonMail. Similar SMS services have taken this approach as well, like crypton.sh.
You are leaving a lot of the privacy enthusiasts on the table (myself included). It may seem like a small market, but communities like /r/privacytoolsio are very active and constantly on the lookout for privacy preserving products.
The worst offenders are the ones that block Google Voice; As I understand it, Google Fiber/Google Fi users can't use these apps since the number system goes through G Voice.
I run a site [1] which is doing this, only more permanent. I am not nearly brave or rich enough to run a 10minutemail but for phone numbers.
The only issue is a lot of sites treat all VoIP numbers as second-class citizens and disallow them silently. You will be allowed to add the numbers, but the services will silently refuse to call or text them, locking you out of your account.
Let me know if anyone is interested in trying it out. I am relaunching PhonePrivacy after this weekend so lots of upgrades to come. :)
Not exactly throwaway per say, but I have a Google Voice VOIP number that I usually use when I'm signing up for services that require a phone number. Some services seem to be able to actually detect that it is a Google Voice number and will reject it, but it works the majority of the time, and I believe it has helped in keeping my main phone number from receiving as much spam. One plus about using Google Voice is that I can access it later if I need to use it to regain control of an account if I lose a password or whatever. That number predictably gets a fair amount of spam now, but another nice thing about Google Voice is that I can quickly use full text search on the entire call history, voicemail, and sent/received SMS messages.
Actually are there a lot of services like this in Russia [0][1] and their pools of numbers is nearly unlimited. It's also super cheap for local numbers, but obviously much more expensive for non-CIS countries. Obviously it's all shady stuff and used mostly for spam or all kind of social media automation.
Because disposable emails are trivially used by casual users and companies see phone number as harder to falsify (correctly, IMO). It's not impossible, obviously. We know SMS can be hijacked and spoofed, but the casual user won't be doing this, today.
If the point of requiring an ID is to prevent abuse, why do I care about what casual users are doing? What I care about is preventing signups from people who want to abuse the service, but presumably making things harder on casual users doesn't work toward that goal.
So many companies are under the impression that a phone number is a unique, secure identifier for their users when in fact it's fairly easy for a knowledgeable attacker to hijack a phone number for calls and SMS.
Things are always fairly easy to the knowledgeable or experienced. It’s definitely a better practice then not asking. Lots of medium sized businesses can’t implement a cyborg biometric MFA solution. So they easily ask for a phone number. Most don’t make it mandatory, but I think generally it is the best current realistic solution.
If you successfully manage to establish this, then you'll ruin the point of asking for SMS as an antispam measure, and eventually providers will move to something more intrusive.
There are already some services like this, however it seems they have a smallish pool of phone numbers. Eventually everyone uses those to sign up, one time, somewhere (like Imgur) and that number is then useless for that site.
Is there a better way?