Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Receiving phone verification and 2-Step Verification codes through a 'number inside Iran'

Collin Anderson collin at averysmallbird.com
Fri Jan 16 10:20:21 PST 2015


I think that's reasonable, not only due to the potential for interception
or blocking of the messages, but also because these usually have a shorter
lifespan, which should provide some added protection against the phishing
of 2FA codes.

On Fri, Jan 16, 2015 at 12:54 PM, S.Aliakbar Mousavi <mousavi.sa48 at gmail.com
> wrote:

> I think regardless of its sender, since the authority can read the SMS it
> would be better to ask users inside the country to use the app rather than
> a mobile phone number.
>
> On 16 January 2015 at 12:44, Amin Sabeti <aminsabeti at gmail.com> wrote:
>
>> Google has sent its codes via SMS with Iranian number since 6 months ago.
>>
>> On 16 January 2015 at 17:39, Collin Anderson <collin at averysmallbird.com>
>> wrote:
>>
>>>
>>> On Fri, Jan 16, 2015 at 12:10 PM, elham gheytanchi <
>>> elhamucla at hotmail.com> wrote:
>>>
>>>> I think it means the codes are generated by the state agencies.
>>>>
>>>
>>> They are not, the international companies would contract with an SMS
>>> gateway to send codes. That SMS gateway should be a more or less a dumb
>>> pipe that transmits whatever it is sent by the provider. It so happens that
>>> now the pipe is closer to the user but the source stays the same. The SMS
>>> gateway and telecommunications companies can certainly surveil or modify
>>> the content (the latter wouldn't be useful for 2FA), but it should not
>>> generate the codes.
>>>
>>>
>>> --
>>> *Collin David Anderson*
>>> averysmallbird.com | @cda | Washington, D.C.
>>>
>>> --
>>> Liberationtech is public & archives are searchable on Google. Violations
>>> of list guidelines will get you moderated:
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>>> Unsubscribe, change to digest, or change password by emailing moderator at
>>> companys at stanford.edu.
>>>
>>
>>
>> --
>> Liberationtech is public & archives are searchable on Google. Violations
>> of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> companys at stanford.edu.
>>
>
>
>
> --
>             S.Aliakbar Mousavi
>
>
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>



-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20150116/52b6adac/attachment.html>


More information about the liberationtech mailing list