People use SMS for banking communication, 2FA verification and to verify with online services to increase credibility. (And for P2P communication)
But SMS is inherently insecure1
We could have lived with it, if it was not private, but insecure? That’s just too much.
Hence I propose this post.
2FA
You shouldn’t be using your mobile number as 2FA mechanism that’s just counter-productive, I recommend Ente for IOS and Authenticator Pro for Android (Privacy community likes aegis). Just make sure to switch on autobackup and save the file somewhere safe.
Verification
For throwaway accounts, smspool.net is nice.
For others, can use jmp.chat (5$ per month) and ironvest (5$ gives you 1 phone number, 50 emails & 35 masked cards)
or some shady Russian site/Forum (Tread carefully)
Security
The apex of secure P2P communication is Burner + Signal. Nothing comes close.
Vendor Lock-in
You probably have heard about vendor lock-in if you are on this corner of the web, fortunately the major gov’s all around the world, have mandated that you are free to port your number to any carrier of your liking (without change in country code ofcourse).
But it will still go through traditional towers.
VOIP basically bridges the Telecom Infra to the Internet.
This helps in 2 ways:
Attackers can’t snoop in your messages and calls as these services are E2EE (from the point of Telecom-Bridge stitch)
You can use any country’s number anywhere if you have internet (and if you have Satellite Internet like StarLink, that’s potentially anywhere on the planet)
Flagged as VOIP
But the problem is, a lot of voip numbers are sold at pennies to untrusting parties and hence aren’t really good for verification. That’s why companies have Databases (or API from some service) that prevent you from using a “bad” voip.
The best course of action is to buy a physical SIM and port it into a VOIP service. Google Voice takes 20$ to port it. Jmp Chat offers porting as well.
Area Codes
y’s → Country code.
Approximately,
z’s → are used for specific function, eg. corporate, toll-free etc.
a’s → are used for area code
As an example, you can checkout UK’s.
A corporation builds Infrastructure from the ground up and sign up a contract with the government. Different Corps and gov decide which areas would get how many numbers and area codes are assigned on the basis of geography, population and spectrum.
Services use this as a filtration mechanism to discard the numbers that are not allowed for verification.
eSIM
eSim helps to load mutliple carrier data remotely and you can switch between them without doing anything physical.
Price Comparison - esimdb
For Devices that don’t support eSim -
I prefer https://jmp.chat/esim-adapter, but other alternatives:
DIY - https://xdaforums.com/t/a-tricky-way-to-use-esim-on-cn-in-variant.4609543/
Open Source Implementation - https://gitea.angry.im/PeterCxy/OpenEUICC
Anonymous eSIM - silent.link
eSim Kinda tries to solve these 2 problems (as you can switch between profiles easily):
Coverage: If you travel a lot, you know some areas have different signals for different carrier networks. Satellite Internet solves this. Or you could just get each of every network.
International Roaming - If you travel a lot internationally, you know it costs a lot to get coverage for your number in another country. Google Fi is a pretty cool option that tackles this problem for US Residents.
JMP Chat
This is the king of VOIP, but onboarding is somewhat not user friendly so here I will try to explain it.
It works with XMPP Clients. What is XMPP? It’s just like eMail but for Instant Messaging. It’s a protocol that can have multiple clients (Apps) that can communicate with each other (just like eMail). (Technically its jabber not XMPP, but it doesn’t matter)
I will take an Android Client “Cheogram” as an example here. Because you get snikket instance (server for your clients) and phone number attached to it upon sign up automatically. You can use any client or platform for login after you got the account.
Open up, just click “sign up”.
It should turn to this:
Choose the phone provider, jmp is okay for US/CA. For UK I recommend AA, if you are technically inclined. Twillio is a no-no.
After some time, it should ask to choose number. Use an area code you like.
Now you will need to add 15$ minimum deposit. It’s 5$/month, Credit card will be charged to deposit 15$ whenever the account reaches 0. Use my affiliate Code - “BKTK57SA” for a free month after initial deposit.
I recommend adding cheogram.com bot and jmp support’s contact. Support is top notch but sometimes the replies may take some time.
“cheogram.com” bot will be your account dashboard.
If you are more curious about jmp chat, you can check out their FAQ and blog. If you are curious about how they developed this stuff, check out their team’s wiki here.
These questions are probably worth your time:
Twitter Verification
I am taking twitter as an example coz they have been notoriously the most difficult to get “VOIP” verified. They probably has a detailed Database of trusted carriers as people are getting this:
But I have found one provider that was able to give a “trusted” carrier number. There are probably others, so let me know in the comments if you found one too.
It’s Andrew’s and Arnold, you set this up in XMPP clients by following this guide.
Just test the number before adding any deposit. You can copy paste each number during sign-up in twitter’s “account information” to see if it goes through.
Whatsapp
Messages are E2EE, that’s pretty fortunate considering more than 2 billion people2 use it.
Metadata isn’t, so the data brokers know who you are talking with and some other stuff.
It is owned by THE big brother, Facebook. That’s something.
Seirdy wrote a pretty cool article “WhatsApp and the domestication of users”.
iMessage
Blue Bubbles vs Green Bubbles: Explained! | Marques Brownlee
iMessage between iPhone and iPhone is E2EE but icloud backups aren’t, so enable ADP please.
Appendix A - Feature set of a Number
SMS - Sending + Receiving + addons
MMS
Voice Calling
Video Calling
Appendix B - Data
When a corp builds up an Infra it invests a lot of money and then some, for the marketing and other usual business stuff. They cover their costs from end users for some years and then reap profits.
But what happens is, they never decrease their prices and only increase them even when they have cooped a lot of cash. So the overall market culture decides the prices in the end.
Price of data over the world has this infographic.
Appendix C - SIP
https://www.tomsguide.com/reference/mvnos-what-are-they-and-what-are-the-best-options
Been wracking my brain about the best anon phone solution.
Buying a cash mint SIM and Pixel, activating VPN on cafe wifi, you still have SIM linked to IMEI the first time you add it to the network. Even porting it out after it's not quite anonymous unless you change the IMEI.
That said the best solution seems like porting a Mint SIM into JMP.chat for account verifications only. Unless there's a way to have more than one so they can't correlate them between services and market to you etc. How many ported SIMS is enough - same one for banking biz twitter etc or as crazy as one different number each?
Searched all over and it's a hard nut to crack howto overcome the VOIP hurdle and keep from being pinned down to a number that can be cross-indexed between platforms.