Petzl knows their users are going to buy SPELEGYCA lanyards and accidentally climb above their anchors, *and* they know that a dynamic rope solution would weigh about the same, work better, and not kill people. So in a lawsuit I'd be happy to see them shoulder some liability.
-
I suspect AT&T (and others) don't do that because it'd be bad marketing to say "Hey! You're phone #'s aren't secure!" Petzl seems to have gotten over that problem, and is quite happy to warn you how you can kill yourself with their products.
It would go way over the heads of the vast majority of their customers, and even of most security professionals, and even of themselves, to try to describe in any reasonably complete fashion what phone numbers are and are not secure for.
![Bruno [Crypto Beret TM] Larvol](https://pbs.twimg.com/profile_images/1053671578238562310/6Dcewfo2_normal.jpg)
-
-
You're making this ridiculously complex. Lots of people are hurt by phones getting hijacking, with lots of well known cases. AT&T is aware of this. It's *very* easy to say "Hey! This is obviously bad, stop doing it" If this were a rarely encountered hazard I'd think otherwise.
-
How can ATT legally stop someone from porting their number to another carrier? They legally cannot block the port because of a forgotten password and it’s not very hard for somone to physically show up with forged ID.
-
Even if carriers could make it *more* secure I still cannot see security professionals recommending relying on carrier level security for banking level requirements.
-
Then take some basic measures to discourage 2FA like customer education and talking to major 2FA users! It's ok if they don't want to provide this service, but given the level of harm they have to put some effort into discouraging that.
-
They may've found phone numbers useful & benign (though it is very much not their expertise or business) in the reversible banking txs they are familiar with, but haven't studied consequences of use w/irreversible crypto. Ridiculous to expect them rather than Coinbase to do that.
-
They don't have to study this issue. They simply have to observe the obvious fact that lots of people are getting hurt in this way. That requires no special knowledge. And after all, this is an issue that extends to more than just cryptocurrency: e.g. stolen gmail accounts.
-
It's not at all obvious to them. They are in a completely different business and they don't keep track of vast majority of stats in the dizzying variety of other businesses including ours. Even experts in our own industry don't keep good track of these novel risks and losses.
-
Lol, that's just silly. A company the size of AT&T can figure that out by just reading the popular technical press, and listening to their customer's complaints. You're just making excuses at this point; that's not even remotely a valid argument.
- 6 more replies
New conversation -
-
-
And if it wasn't complete, which it couldn't be, the outraged tweeters and lawyers would discover what turned out to be a gap or error and use it as yet another supposed reason to, guess what, sue them.
-
I think the standard of reasonable care doesn't mean they need such warnings to be complete at all, far from it: it's perfectly reasonable to focus only on common hazards. 2FA hacking is very common.
-
Not a fan of AT&T, however, they are not a bank and therefore cannot expected to provide fin-tech level security on accounts. Delegation of security to a less secure system or company is failure by design.
End of conversation
New conversation -
-
-
To be fair phone companies thrive on making things super confusing for their customers. But you probably wouldn’t want to put worry in their heads regarding security.
-
If you think it's confusing now, just make them liable for the dizzying variety of things strangers do with their phone numbers. New and renewing customers would have to fill out a tediously long form asking you whether you plan to abuse their phone number if various ways.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.