I don’t agree in the slightest. It is and should be their job. Their service provides people with a phone number - SIM swapping is the unrightful transference of that phone number. Plus, phone companies market has shifted dramatically as tech evolves. They market data now too
Not their job. A phone number is not a general ID or a security token. It is just a short number made up by a phone company for the purpose of using that company to call or text. If other companies or people try to use it for something different that is their stupid problem.https://twitter.com/mat/status/1167605500919173120 …
-
-
-
SIM card security is designed for the minor loss scenario of somebody having to tell the people they want to text or call them a new number. All other expectations are hallucinations about free security that have nothing to do with the phone company's actual business or job.
-
An MNO sells, delivers, and bills services to customers. If they offer data (they all do), that means that they provide a service of not only call/text, but also data. If they offer such a service, that means the liability is not just for call/text. Terpin proved this in court.
-
In this case the contract, which is an idiosyncratic deal between the phone company & the recipient of their data, applies. Not some idiotically false generalizations about SIM card security by third parties who haven't paid the phone company to agree to any such added security.
-
I feel very strongly in the other direction. If SIM cards are not meant to be protected, then data shouldn’t be offered in the first place. Setting people up for failure. Agree to disagree (Terpin sued ATT for this exact problem and won)
-
From the FCC - they are not protecting customer data, which they are by law/regulation required to do. You are supposed to show government issued ID when presented personal information of a customer - SIM Swaps either get around that, or are coercing employees (mostly kiosks).pic.twitter.com/biak8dfQPR
-
Laws and regulation don't trump the reality of how security works. If a law requires a food company to send their bread to the moon to be blessed by moon beams for a week before can they sell it in stores, either the food company will break the law or you won't get any bread.
-
Either way, no law however badly you want it or how strongly it is enforced it is going to help you get a loaf of bread blessed by moon beams that costs less than its multi-million dollar ride to and from the moon.
- 1 more reply
New conversation -
-
-
For real. SMS 2fa should be shunned and services still offering it as only option should speak to the incompetence of the company.
-
It depends what & how much you are trying to protect. If potential losses from a particular socially engineered SIM are no greater than the phone company's, it may be a reasonable thing to do. It's certainly not reasonable for protecting crypto, high-profile accounts, etc. etc.
-
Agree. It really isn't too difficult for a multi billion dollar company to incorporate multiple 2FA schemes. Hope people realize how socially hackable SMS can be. However without proper tech opsec hygiene alt methods are susceptible as well. Awareness and learning is constant.
End of conversation
New conversation -
-
-
I agree. After I got SIM swapped instead of wondering how I can change the phone company to protect my phone, I thought what I could change myself to better protect myself. People need to accept personal responsibility.
-
They not only "need" to, they MUST take responsibility for their own security (in all things) because no one else is going to do it for them. Decentralization demands that.
-
Personal responsibility is the new counter culture, as
@TechBalt says every day. Along with other gems like: Unconfiscatable Deferral of gratification Bitcoin is the next Bitcoin Offended by selling Be a unique beast Strong hands Value your wealth in Bitcoin 5 digit realm
End of conversation
New conversation -
-
-
Anyway kudo to Jack's hacker who might teach him this obvious fact.
- 1 more reply
New conversation -
-
-
Imagine using an IP address as an ID.
- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.