[liberationtech] Receiving phone verification and 2-Step Verification codes through a 'number inside Iran'
Collin Anderson
collin at averysmallbird.com
Fri Jan 16 10:20:21 PST 2015
I think that's reasonable, not only due to the potential for interception
or blocking of the messages, but also because these usually have a shorter
lifespan, which should provide some added protection against the phishing
of 2FA codes.
On Fri, Jan 16, 2015 at 12:54 PM, S.Aliakbar Mousavi <mousavi.sa48 at gmail.com
> wrote:
> I think regardless of its sender, since the authority can read the SMS it
> would be better to ask users inside the country to use the app rather than
> a mobile phone number.
>
> On 16 January 2015 at 12:44, Amin Sabeti <aminsabeti at gmail.com> wrote:
>
>> Google has sent its codes via SMS with Iranian number since 6 months ago.
>>
>> On 16 January 2015 at 17:39, Collin Anderson <collin at averysmallbird.com>
>> wrote:
>>
>>>
>>> On Fri, Jan 16, 2015 at 12:10 PM, elham gheytanchi <
>>> elhamucla at hotmail.com> wrote:
>>>
>>>> I think it means the codes are generated by the state agencies.
>>>>
>>>
>>> They are not, the international companies would contract with an SMS
>>> gateway to send codes. That SMS gateway should be a more or less a dumb
>>> pipe that transmits whatever it is sent by the provider. It so happens that
>>> now the pipe is closer to the user but the source stays the same. The SMS
>>> gateway and telecommunications companies can certainly surveil or modify
>>> the content (the latter wouldn't be useful for 2FA), but it should not
>>> generate the codes.
>>>
>>>
>>> --
>>> *Collin David Anderson*
>>> averysmallbird.com | @cda | Washington, D.C.
>>>
>>> --
>>> Liberationtech is public & archives are searchable on Google. Violations
>>> of list guidelines will get you moderated:
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>>> Unsubscribe, change to digest, or change password by emailing moderator at
>>> companys at stanford.edu.
>>>
>>
>>
>> --
>> Liberationtech is public & archives are searchable on Google. Violations
>> of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> companys at stanford.edu.
>>
>
>
>
> --
> S.Aliakbar Mousavi
>
>
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
--
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20150116/52b6adac/attachment.html>
More information about the liberationtech
mailing list